PDA

View Full Version : computer problem



curtis rosche
04-26-2012, 10:38 AM
somewhere in the past month or so it seems i picked up a virus or something on my computer. i have run SuperAntispyware, and Ad-Aware numerous times on my computer and run then both atleast once a week. but one seems to have slipped through.

everytime i try to google search using firefox it gives me the desired search, but when i click on the link it takes me to some shopping site or other add site, or it takes me to a site that says it is a search engine and has already run my search.

when i use google on internet explorer, i can put in the search term "millersville university" and it will come up with a search for the number "7" and it doesnt always open the link when i do get it to search correctly.

im thinking its some type of redirect thing but i have no idea.

any help?

Bryan Slimp
04-26-2012, 11:05 AM
Copy off any important files (quarantine them on a thumb drive) and reload. Scan the files before you put them back on your PC.

I try and stay away from backwater websites (anything with file sharing.)

John Coloccia
04-26-2012, 11:11 AM
Try Hitman Pro.

David Weaver
04-26-2012, 11:12 AM
google redirect, hopefully didn't come with a rootkit virus.

Try tdsskiller and any other anti-rootkit you can find. I don't know if hitman will catch that kind of thing, but it's worth a shot.

I had a rootkit on a computer that never goes anywhere unsafe (and has antivirus protection). AV software doesn't do well with that type of virus, and even while it was running, my virus scanning software said the system was clean. As far as I could tell, my system files themselves must've been corrupted and the only fix was restoring an entire prior version to get rid of the redirects. If you can get rid of everything else, the redirects might be harmless (they're just there to generate ad money for whoever wrote the virus), but they are extremely annoying.

John Coloccia
04-26-2012, 11:13 AM
If you're savvy, this could be a hosts file hijack. If it is, it's easily fixable by removing everything from the hosts file other than the loopback. It can be a million other things too, including a rootkit.

John Coloccia
04-26-2012, 11:15 AM
Dave, I recommended Hitman Pro because it does particularly well with rootkits. It seems to catch everything that the other ones let through. They tout it as a "second opinion" scanner meant to run in conjunction with a full blown AVS.

David Weaver
04-26-2012, 11:23 AM
I couldn't remember whether I shot mine with TDSSKiller or hitman, hitman costs money if you use it more than 30 days though, but you can do a lot in 30 days. Even after my system came up clean, I was left with redirects. I'm still baffled where the PC got the issue, because other than searching for regulatory stuff and web based email, it doesn't do much else.

Jerome Stanek
04-26-2012, 11:35 AM
Microsoft essentials works really good. I think I used the free viper anti software to remove a redirect virus

Chuck Wintle
04-26-2012, 11:39 AM
somewhere in the past month or so it seems i picked up a virus or something on my computer. i have run SuperAntispyware, and Ad-Aware numerous times on my computer and run then both atleast once a week. but one seems to have slipped through.

everytime i try to google search using firefox it gives me the desired search, but when i click on the link it takes me to some shopping site or other add site, or it takes me to a site that says it is a search engine and has already run my search.

when i use google on internet explorer, i can put in the search term "millersville university" and it will come up with a search for the number "7" and it doesnt always open the link when i do get it to search correctly.

im thinking its some type of redirect thing but i have no idea.

any help?

i would suspect the hosts file also. Some scanners will run by themselves rather than inside windows which is how rootkits hide...

paul cottingham
04-26-2012, 2:18 PM
Spybot. Try it you'll like it.
Check your hosts file as well. Spybot will test it for you as well.

Graham Wintersgill
04-26-2012, 2:26 PM
Malawarebytes has always worked for me. Download it to a thumb drive on another computer with the lastest definitions.

Mike Circo
04-26-2012, 3:09 PM
Malawarebytes has always worked for me. Download it to a thumb drive on another computer with the lastest definitions.

+1 I've use it to save my sister and brother in law a couple of times.

There's a big difference between a virus and malware in the way the get in. AV programs don't always stop or find malware. This will.

David Weaver
04-26-2012, 3:39 PM
Malwarebytes doesn't always work with rootkits. Some of them disable or modify it so that they don't get found. Mine did (either disable or modify it).

Phil Thien
04-26-2012, 10:08 PM
If SAS didn't find anything, you need TDSSKiller.

Myk Rian
04-26-2012, 10:53 PM
Spybot. Try it you'll like it.
Check your hosts file as well. Spybot will test it for you as well.
+1 Make sure you get "Spybot- Search and Destroy" There are other scanners using the Spybot name.
http://www.safer-networking.org/en/index.html

paul cottingham
04-27-2012, 1:33 AM
+1 Make sure you get "Spybot- Search and Destroy" There are other scanners using the Spybot name.
http://www.safer-networking.org/en/index.html
thank you, i should have mentioned that. if you are asked to pay for it, its not the right one.

Steven Hsieh
04-27-2012, 2:53 AM
Backup important files. Reformat your hard drive and start over again.

Chuck Wintle
04-27-2012, 5:58 AM
Backup important files. Reformat your hard drive and start over again.
this is a last resort IMO as spybot or malwarebytes should be able to do the job.

Rich Engelhardt
04-27-2012, 7:00 AM
It sounds very simplistic but - have you checked in the add/remove programs?
I had a redirect "hide in plain sight" there once.
Drove me nuts because nothing could find it.

Chuck Wintle
04-27-2012, 7:42 AM
try this...from another forum...

(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.

paul cottingham
04-27-2012, 11:07 AM
try this...from another forum...

(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.
Be aware that a lot of spyware will just rewrite the hosts file.

ray hampton
04-27-2012, 5:01 PM
I try the host file but my computer refuse to open the file, even refuse to find the file,
how do you charge this forward slash / to be a backward slash ?

paul cottingham
04-27-2012, 9:54 PM
That is never a good sign.

Eric DeSilva
04-28-2012, 8:17 PM
Copy any data files to something like a USB key then nuke the system and reinstall everything. It is the *only* way to be sure.

curtis rosche
04-29-2012, 2:08 AM
Hitman pro got it within 30 seconds of running. It was the only thing it found and now I don't have any problems with it


Thanks for the help