Jump to content
Hamer Fan Club Message Center
  • 0

Virus Removal?

savethematches

Asked by savethematches,

Question

savethematches Veteran HFCer

savethematches

Posted
Posted

When I click on any yahoo search result, I'm getting redirected to a different website every time. Damn thing nearly crashed my computer earlier. McAfee and AVG aren't finding anything. What else can I try?

22 answers to this question

Recommended Posts

Hackubus Veteran HFCer

Hackubus

Posted
Posted

Got the same problem with google search result redirects on my office PC. Same deal, nothing unusual found.

edgar_allan_poe Veteran HFCer

edgar_allan_poe

Posted
Posted

Not a virus. It is malware. Download an anti-malware program on another computer and put it on a usb drive. You will probably have to do this from another machine because the Browser hijack will more than likely block any site that can help you.

Take the usb drive and install the program on the infected machine. These programs are very good and it *should* solve the problem.

zenmindbeginner Veteran HFCer

zenmindbeginner

Posted
Posted

Get SpyBot Search and Destroy. It's free and has a nifty little browser prevention feature. You can use EAP's advice and mount it on a thumb drive (updates are available as separate downloads. Yay!) and fix that nasty issue.

Just be glad you don't have a rootkit, the computer I am typing on right now has been infected and nobody can fix it that I know of. My computer is basically worthless except for some light surfing.

savethematches Veteran HFCer

savethematches

Posted
  • Author
Posted

I forgot about Spybot. I've used it before and will give it a try. Ad-Aware was finding the problem but couldn't fix it as it seems to become immune to programs trying to stop it.

tomteriffic Veteran HFCer

tomteriffic

Posted
Posted

My wife's machine had a very similar problem recently. Hers was a bogus security/antivirus program that holds your computer hostage until you pay up. To my dismay, she wasn't even running an antivirus! :angry: When I downloaded a couple of things (Avast, Spybot, stc.) they wouldn't even install. The rogue program prevented that. I got them downloaded on another machine and then installed them and ran them in the Safe Mode, ran complete scans, etc. and that cleared it up.

savethematches Veteran HFCer

savethematches

Posted
  • Author
Posted

I've run Ad-Aware, Spybot, Avast, AVG, and McAfee. Nothing works, and the problem is getting worse. Any other suggestions? I just emailed my local computer fix-it guru for his help.

tommy p Veteran HFCer

tommy p

Posted
Posted

Get SpyBot Search and Destroy. It's free and has a nifty little browser prevention feature. You can use EAP's advice and mount it on a thumb drive (updates are available as separate downloads. Yay!) and fix that nasty issue.

Just be glad you don't have a rootkit, the computer I am typing on right now has been infected and nobody can fix it that I know of. My computer is basically worthless except for some light surfing.

There are a lot of rootkit repair tools out there now. I had a rootkit problem maybe a year and a half ago and used (I think) Rootkit Buster to fix it. Don't give up! You may just not have talked to the right person yet.

fruhike Inner Circle

fruhike

Posted
Posted

Good rootkit programs are Combofix and ThreatFire. Combofix is nice because it does not take a lot of memory, updates itself, and does almost everything automatically. It can be too aggressive at times though, especially if you are badly infected. Run it in safe mode with network access. ThreatFire is free and can run in memory after the boot.

veatch Veteran HFCer

veatch

Posted
Posted

What OS?

Try going to your \windows\system32 directory, sort by "last modified", and see what .dll files were added/changed around the time you started having the issue. The Vundo virus has been out for quite a while, and it does exactly what you describe. It creates a slew of random malicious .dll files that are loaded at boot up. The .dll files will have random names, but always be 8 characters with every other character being a vowel. (ex: watikomo.dll) The system will need to be brought up in safe mode, the registry searched for these dll's, and the dll references removed. I had a couple of instances where the registry entries were hidden, so you'll need a utility a little more eligant than RegEdit to find and remove these. After the registry is clean, remove the .dll files themselves and clear all browser history and offline content. The process is a little more complicated than that, but the Norton/Symantec web site has a decent write up on how to remove it. It is a very manual process. If you're not comfortable modifying the registry, take the system to someone who is. Mucking up the registry can prevent the system from booting.

I had to clean a number of systems up that had this - none of them were fun to do. Every time i got to the point of saying, "f it, i'm scrubbing the drive", i took one more pass and got it.

BTW - do *not* get the Vundo fixer software that's floating around out there. Doesn't work, and i sort of suspect the people that wrote the virus wrote the "fix" app to get quick money. The utilities listed above will be better at this anyway.

If it ain't Vundo, it sounds like it is something similar. Checking the .dlls is a place to start. Then check the registry to see what is being loaded at boot (under My Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current_Version/Run) and see what is in there. That may get you started in finding the culprit.

Hope that helps. Good luck.

ET_KenW Veteran HFCer

ET_KenW

Posted
Posted

This is what a computer tech used when it happened to me... Malwarebytes Anti-Malware

I bought the full version, no more worries. You'll have to update and scan manually if you use the free version.

+1000 on Malwarebytes. I have personally used it to clean plenty of these suckers out of my and friends machines. What you have to watch for is the malware reinstalling itself. Turn off system restore before you clean it. This clears out all of you recovery files so the thing cannot reinstall itself. Run Malwarebytes until it comes up completely clean. Reboot the machine and restart the system restore.

If you notice after all of this you have trouble bringing up a web page, there is a possiblilty this sucker changed the Internet Explorere settings to look for a proxy server.

savethematches Veteran HFCer

savethematches

Posted
  • Author
Posted

I'll try the Malwarebytes . . . I'm not comfortable messing with the registry.

The people who design these nasty little programs will surely have a special place reserved for them in Hell where they will be stripped naked, covered in molasses and then set directly on a fire ant hill the size of Mt. McKinley.

zenmindbeginner Veteran HFCer

zenmindbeginner

Posted
Posted

What OS?

Try going to your \windows\system32 directory, sort by "last modified", and see what .dll files were added/changed around the time you started having the issue. The Vundo virus has been out for quite a while, and it does exactly what you describe. It creates a slew of random malicious .dll files that are loaded at boot up. The .dll files will have random names, but always be 8 characters with every other character being a vowel. (ex: watikomo.dll) The system will need to be brought up in safe mode, the registry searched for these dll's, and the dll references removed. I had a couple of instances where the registry entries were hidden, so you'll need a utility a little more eligant than RegEdit to find and remove these. After the registry is clean, remove the .dll files themselves and clear all browser history and offline content. The process is a little more complicated than that, but the Norton/Symantec web site has a decent write up on how to remove it. It is a very manual process. If you're not comfortable modifying the registry, take the system to someone who is. Mucking up the registry can prevent the system from booting.

I had to clean a number of systems up that had this - none of them were fun to do. Every time i got to the point of saying, "f it, i'm scrubbing the drive", i took one more pass and got it.

BTW - do *not* get the Vundo fixer software that's floating around out there. Doesn't work, and i sort of suspect the people that wrote the virus wrote the "fix" app to get quick money. The utilities listed above will be better at this anyway.

If it ain't Vundo, it sounds like it is something similar. Checking the .dlls is a place to start. Then check the registry to see what is being loaded at boot (under My Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current_Version/Run) and see what is in there. That may get you started in finding the culprit.

Hope that helps. Good luck.

That;s funny because AVG found the rootkit and it is in my system32/drivers folder. The offending files are all little .dlls that AVG couldn't remove. Norton couldn't come close to even finding them, so I bagged it and tried AVG which got me one step closer but not far enough.

Some great damn advice J!

veatch Veteran HFCer

veatch

Posted
Posted

That;s funny because AVG found the rootkit and it is in my system32/drivers folder. The offending files are all little .dlls that AVG couldn't remove. Norton couldn't come close to even finding them, so I bagged it and tried AVG which got me one step closer but not far enough.

Some great damn advice J!

What are the file names? Knowing which virus yer dealing with is half the battle...

Turdus Veteran HFCer

Turdus

Posted
Posted

if you use a linksys router, and your password is the default, login to the router and check that your DNS settings are not changed. Few months back I got some kind of virus that jumped from PC to router, and replaced DNS with some Russian servers.

Took me awhile to find this one, and unfortunately I had just reset my router, for another issue, which defaulted the password.

One of my symptoms was that every browser window said it was going to google-analytics

Carl.B Veteran HFCer

Carl.B

Posted
Posted

If you have set your system to auto backup you can go back to a time prior to the attack.

go to control panel > performance and maintenance > system restore.

If not my suggestion is to reinstall the operating system. I know it is kind of scary to do that but I do it once year on all my computers.

good luck

savethematches Veteran HFCer

savethematches

Posted
  • Author
Posted

Well, I've run more anti-virus/spyware/malware programs than I can count and nothing is working. After trading emails with the local computer fixit guy, he's pretty sure that I've got one of those rootkits causing the trouble. I've backed up all my files and will just strip the whole thing clean and start over. I wish I knew who was responsible for doing this to my computer so I could exact some sort of revenge/justice.

Carl.B Veteran HFCer

Carl.B

Posted
Posted

Matches did you try to restore from a previous backup?

What operating system are you using?

Remember after you get your system backup and running set restore points at least once a week.

savethematches Veteran HFCer

savethematches

Posted
  • Author
Posted

:angry:-->

QUOTE(Carl.B @ Dec 6 2010, 05:15 PM)

Matches did you try to restore from a previous backup?

What operating system are you using?

Remember after you get your system backup and running set restore points at least once a week.

Yeah, I tried that and it didn't work. I'm running Vista Home Premium.

Carl.B Veteran HFCer

Carl.B

Posted
Posted

I know it sucks but you got to do it. It's possible it came from a email or some bogus site that asked for information. The thing is sometimes you really don't know if you are being directed to a trusted site if you don't check and make sure you have that little paddel lock down in the corner of your browser.

Archived

This topic is now archived and is closed to further replies.

Go to question listing
×
×
  • Create New...