Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Help with Computer (Redirects in Search Engine)
7-9-2011 | raybbr

Posted on 07/09/2011 9:03:47 PM PDT by raybbr

My wife's laptop is infected with some sort of redirect virus. I have tried Malwarebytes, ComboFix, F-Secure, Microsoft Security Essentials and nothing has worked.

It happens when I do a search in FF or IE using any search engine. The site returns results but if you click on any of the direct result links you get re-directed to a site that is mostly spam with further links.

There are plenty of thread on bleepingcomputer.com. I have tried everything I can think of. Any help will be appreciated.

raybbr


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-58 last
To: raybbr

pfl


41 posted on 07/10/2011 4:52:21 AM PDT by outofsalt ("If History teaches us anything it's that history rarely teaches us anything")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kellis91789
You opened the file with Notepad, right ? It is not the filename itself that has a # in front of it. It is the lines in the text file.

Yep. It only has one line "127.0.0.1" in it. No number symbols or anything else.

Ran SuperAntiSpyware and it came up with a couple of things - cleaned - still the same.

Am now running Microsoft Security Scanner. We'll see what that finds.

42 posted on 07/10/2011 5:29:01 AM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: raybbr; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

43 posted on 07/10/2011 6:46:00 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: raybbr

Open Internet Explorer
Tools
Internet Options
Connections
Lan Settings
Make sure NOTHING is in there (particularly PROXY SERVER)
Check the automatic configuration box
save settings restart IE


44 posted on 07/10/2011 6:53:29 AM PDT by corbe (mystified)
[ Post Reply | Private Reply | To 1 | View Replies]

To: max americana
...ask the Freeper who used to consult for Norton and Avast’s rootkit-hunting system.

Who's that?

45 posted on 07/10/2011 7:45:43 AM PDT by GOPJ (Honk if IÂ’m paying for your car, your mortgage, and your big, fat Greek bailout - mewzilla)
[ Post Reply | Private Reply | To 21 | View Replies]

To: raybbr

I had the same issue. I used Stopzilla. Problem solved.


46 posted on 07/10/2011 8:23:40 AM PDT by Puppage (You may disagree with what I have to say, but I shall defend to your death my right to say it)
[ Post Reply | Private Reply | To 1 | View Replies]

To: lastchance

Yeah, it is a root kit. I cleaned up a similar one on a Laptop at work last month.


47 posted on 07/10/2011 8:43:20 AM PDT by w1andsodidwe (Barrak has now won the contest. He is even worse than Jimmah.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: corbe

right! make sure there is no proxy server checked in lan settings. rename any desireable anti rootkit program as “.com” and not “.exe”

hijack this is great too along with TDSS and malwarebytes.

you may have to wipe the o/s though. A family member’s pc had this rootkit on it and although that part was cleaned, it would bluescreen on windows updates (Vista 32 bit)


48 posted on 07/10/2011 7:01:21 PM PDT by AbolishCSEU (Percentage of Income in CS is inversely proportionate to Mother's parenting of children)
[ Post Reply | Private Reply | To 44 | View Replies]

To: raybbr

Well, I still don’t see this file as being the problem, although it is odd that it is empty. XP Pro ships with the file’s contents as I put in my post. I’d guess whatever bug you’ve got cleared the file so you couldn’t shortstop it. Or one of the tools you’ve already tried cleared the file as a precaution.

It doesn’t NEED to have anything in it. It exists only to provide shortcuts to url’s so your PC doesn’t need to lookup the IP address for a url on a DNS server somewhere. Putting “wrong” entries in it is useful to prevent popups and other content on webpages from finding the correct address on a DNS — a bad address means that popup or whatever fails to run, which is exactly what you want sometimes.


49 posted on 07/11/2011 10:49:19 PM PDT by Kellis91789 (There's a reason the mascot of the Democratic Party is a jackass.)
[ Post Reply | Private Reply | To 42 | View Replies]

To: Kellis91789

I finally got TDSS Killer to work. It was the “Volsnap” virus. It’s apparently new and hard to find/get rid of.

Thanks for your advice.


50 posted on 07/12/2011 3:44:55 AM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 49 | View Replies]

To: raybbr

Glad you found a removal tool that worked. I haven’t hit that virus, but I’ve gotten hijacked with other redirect viruses before. It’s frustrating. It’s frustrating just to think that there are people out there that get their jollies by creating annoyances for people they’ll never meet.

At least now you know the purpose of the “hosts” file and can join the fight against annoying web content if you’re so inclined.


51 posted on 07/13/2011 2:07:08 AM PDT by Kellis91789 (There's a reason the mascot of the Democratic Party is a jackass.)
[ Post Reply | Private Reply | To 50 | View Replies]

bkmk


52 posted on 07/13/2011 2:35:32 AM PDT by csense
[ Post Reply | Private Reply | To 1 | View Replies]

To: EvilOverlord

I finally got TDSS Killer to work. It was the “Volsnap” virus. It’s apparently new and hard to find/get rid of.

Thanks for your advice.


53 posted on 07/13/2011 2:58:21 AM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: w1andsodidwe

It took me about 3 days of searching the intertoot to find the solution. I got it when I got fooled by a fake toolbar pop up giving me a program is about to blow up or some such warning. Thing is I knew about the fake security warnings for windows but this was for another program.


54 posted on 07/13/2011 5:48:58 AM PDT by lastchance ("Nisi credideritis, non intelligetis" St. Augustine)
[ Post Reply | Private Reply | To 47 | View Replies]

To: raybbr

Be sure to go to old timer tools and run Temp File Cleaner

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Also if you have AVAST do a boot time scan.


55 posted on 07/13/2011 5:54:43 AM PDT by lastchance ("Nisi credideritis, non intelligetis" St. Augustine)
[ Post Reply | Private Reply | To 50 | View Replies]

To: raybbr

How did you make it work (in case I need it in the future)?


56 posted on 07/13/2011 8:01:34 AM PDT by EvilOverlord (Socialism makes workers into slaves and couch potatoes into kings)
[ Post Reply | Private Reply | To 53 | View Replies]

To: EvilOverlord
How did you make it work (in case I need it in the future)?

I logged on in Safe Mode without networking. I had the program (TDSS Killer) on a USB drive with the name changed, put it on the desktop and then it ran.

Until I did that it would never run.

57 posted on 07/13/2011 4:49:05 PM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 56 | View Replies]

To: nutmeg

bookmark


58 posted on 08/05/2011 12:22:27 PM PDT by nutmeg
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-58 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson