Please help with a computer virus.

**Paradox** · 02-01-2012, 08:42 PM

OK, I have gotten a bad virus that is redirecting my bing or google web pages to a malicious site. This virus has hijacked my computer where it has shut off my virus protection and has even reconfigured the restore points. WTF!! These people who write this code should be XZQ%$#!!! I googled the info and I cant find a definitive answer on how to fix this. I ran AVG, SPY BOT, MALWAREBITES, and Norton. It does not pick it up. I think it must be in the root system. I think it is employing a Java script as a way to get in. Any help ? Thanks..

**Schuetzenman** · 02-01-2012, 08:54 PM

Get a good protection program, Kaspersky Internet package or Pure. I've been using Kaspersky products for 4 years now and haven't gotten anything since using them. Norton, got me toasted which is why I went with Kaspersky.

**Warthogg** · 02-01-2012, 10:42 PM

Originally Posted by Schuetzenman

Norton, got me toasted.........

And me as well.

Wart

**cormac42** · 02-01-2012, 10:44 PM

Ok here we go:

to fix your isue gonna need to download a few things on another pc.
Malwarebytes
AVG free

on the other pc download malwarebytes anti-malware. install it to a jumpdrive, usb drive, external hdd. just something potible from one to the other. it is self contained so you can have it on outside medium and it will still run on your jacked machine.

after installing the malwarebytes download a copy avg free antivirus to the external drive. don't run the installer just download the installer.

ok now boot up the jacked up machine. hold down the DEL key to get the boot option screen. you want safemode. if it fails to give you the screen keep trying you will get it eventually. once in safemode plug in the drive and run malwarebytes. do a complete scan. don't be suprised when it comes back with hundreds if not thousands of viruses and malware items that is normal. depending on how big you drive is and how many programs you have installed this can take hours to run. my suggestion run it while you sleep.

after malware is done install AVG free and reboot. avg will autostart and want to update it definitions. do this and leave it running.

you should be good then.

if you have a problem just post I will watch the forum and try to respond.

cormac

**Warthogg** · 02-01-2012, 10:46 PM

Avast has something called a BOOT-TIME SCAN. Runs before Windows is loaded. Bypasses the OS file system and uses direct hard drive access.

Allegedly able to handle the most stubborn root-kits.

Might work but I'm no expert in the field.

Wart

**Goodman** · 02-02-2012, 12:45 AM

Go to bleepingcomputer.com for step by step instructions on how to regain access to your malware protection. They link to a of rootkit killer that may get you back in control (TDSSKiller). Look on the right side of the homepage under "Latest Malware Removal Guide".

**LAGC** · 02-02-2012, 02:27 AM

Originally Posted by Paradox

OK, I have gotten a bad virus that is redirecting my bing or google web pages to a malicious site. This virus has hijacked my computer where it has shut off my virus protection and has even reconfigured the restore points. WTF!! These people who write this code should be XZQ%$#!!! I googled the info and I cant find a definitive answer on how to fix this. I ran AVG, SPY BOT, MALWAREBITES, and Norton. It does not pick it up. I think it must be in the root system. I think it is employing a Java script as a way to get in. Any help ? Thanks..

That almost sounds like something fucked with your HOSTS file. A similar attack happened to my uncle several months ago. What it did was redirect all the popular search engines to fake servers which imitated Google, Bing, etc., but in reality was a man-in-the-middle attack that caused a bunch of pop-up ads and commercial web-sites (whose advertisers obviously got paid for each hit) to be loaded each time you clicked on a search result.

Try this -- click on the Start button, and in the search bar type:

Code:

notepad c:\windows\system32\drivers\etc\hosts

The only entries there should be:

Code:

127.0.0.1       localhost
::1             localhost

If you see any other entries, delete them. Save the file and exit, then try your browser again.

**Paradox** · 02-02-2012, 12:04 PM

Originally Posted by cormac42

Ok here we go:

to fix your isue gonna need to download a few things on another pc.
Malwarebytes
AVG free

on the other pc download malwarebytes anti-malware. install it to a jumpdrive, usb drive, external hdd. just something potible from one to the other. it is self contained so you can have it on outside medium and it will still run on your jacked machine.

after installing the malwarebytes download a copy avg free antivirus to the external drive. don't run the installer just download the installer.

ok now boot up the jacked up machine. hold down the DEL key to get the boot option screen. you want safemode. if it fails to give you the screen keep trying you will get it eventually. once in safemode plug in the drive and run malwarebytes. do a complete scan. don't be suprised when it comes back with hundreds if not thousands of viruses and malware items that is normal. depending on how big you drive is and how many programs you have installed this can take hours to run. my suggestion run it while you sleep.

after malware is done install AVG free and reboot. avg will autostart and want to update it definitions. do this and leave it running.

you should be good then.

if you have a problem just post I will watch the forum and try to respond.

cormac

Thanks, I will try this first and let you guys know the outcome.