PC Tech Support - Anyone know how to remove a re-direct virus from a PC

What I've tried so far:

Kaspersky, TDSSkiller, various registry cleaners, RogueKiller, MalwareBytes anti-Malware, PCRegistry cleaner (which is a pain itself), a few anti-sypwares, cleaning the hosts file, eliminating temp files, killing Mozilla add-ons, etc., have all failed to work so far.

Booted into safe mode and tried Kaspersky's TDSSkiller and anti-Malware again, the host file is clean, all cache and temp files are gone.

It seems to affect all search engines too - Google, Bing, Yahoo, etc. Started about a week ago when I got home from the hospital and upgraded Adobe flash and watched some cardiac videos.

Any help would be greatly appreciated!
Original Post
OK. This is gonna sound either too simple or too stupid. But still, it worked for me a while ago ... before I got a MAC and never had any problems.

Find out where the virus is. I had both McAfee and Norton. If nothing more, they both could isolate where the virus was. Then, wipe out that file/folder. Put in your OP system disc and re-download that file/folder.

I'm not necessarily saying that is the answer for you, but it worked for me.

Good luck with whatever you do.
Pape - thanks for the link. Been there and did everything they suggest.

Mav - that's the problem. I can't find where it is. In fact, the anti- virus programs are telling me I'm clean now.

Haven't tried the MS Malicious software tool remover. That's next on the list tho.
nah
sounds like greg has a host redirect issue.

http://en.wikipedia.org/wiki/Hosts_file

look up operating system you have
go into that directory
open up the host file

see if anything is being redirected.

remove redirected line,
save reboot then follow yer antivirus steps.

and uhh... dont get a mac.

spending 1k$ on something that can be fixed with some time is a rather silly solution.
Jorge - thanks!

g-man

My hosts file is below. Do you see anything wrong?



# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Greg-

1. Run a full system scan in Safe Mode with MalwareBytes (may have already done this).

2. See if IE will run with no Add-Ins. You can either launch it from Accessories\System Tools\Internet Explorer (With No Add-Ons). You can also try launching it from the command line and then type the following: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff

3. Update to the latest version of IE, may need to download the stand-alone package from another computer that is not infected.

4. Download and install Chrome and see if you get the same results.
Redirect just goes to different pages. One is Livesearchnow, but there are a few.

Did ALL of the things recommended on this forum. Tried several virus removal applications. Booted into safe mode and did it again. Booted again and ran programs from a USB.

It affects IE, Firefox, and Opera. Did clean installs of all. No dice. It affects all search engines.

The guy from TechRepublic in the link below covered most of the bases and after reading the suggestion, I did the clean installs, but I don't think that the problem was in any browser. Still, I figured it was worth a try.

I've restored the computer several times. Searched all the hidden files, etc.. Host file looks clean. When I do system searches for livesearchnow or random.exe, no luck.

In fact, I had just purchased a new computer before I went into the hospital, so the timing was not the worst for this to happen, but I want to transfer my files and I'm worried about infecting the new computer. Not to mention that the new one runs Windows 8 which SUCKS!

I'm completely stumped. It's hard to remember but before my hiatus, I think I downloaded Google Chrome. That may not be the issue though - apparently one way this comes in is thru videos and we watched a number of YouTube vids. That's one place I get redirected to as well. And some cooking site called Relish.

Weird thing is, it never redirects to a porn site or medical site or even anything that's trying to sell me something outright. Mostly they just look like legit sites. I suppose the sender gets a small fee for the redirects. It sends me to a lot of game sites. I've never played a computer game in my life and have no interest in doing so, but Windows 7 comes with a lot of games built into the OS and I had to kill all of those because those were what it started with. All the other stuff is since then.

http://www.techrepublic.com/bl...-redirect-virus/8860
that doesn't sound right Greg.

I've never heard of a virus that you have that can be so invasive after you've cleaned out everything via a computer restore that it still does this.

Is the computer from a big box manufacturer like dell? They usually preinstall a whole bunch fo searches.

So let me get this straight

when you open up your browser

and you type in any address, it redirects you to a search engine?

so if you put in www.winespectator.com it takes you to livesearch.com?
Bill - I tried going it alone. But as they say, no man is an island!

G-man - tried ComboBox and ESET as well. Don't have time now but I'll try running thru the links on that site later.

If I type directly into the search bar, I can get to the site. That's the only way to do it actually - do a Google search and then copy and past the links. If I click the link however, from any search engine, I'm redirected.

And as you know, the links are often truncated when they appear, so I don't always get where I want to go anyway because I end up pasting partial links.

Since the various browsers redirect you anyway, this appears to be something that sits between that first redirect and whatever link you're supposed to go to.

That pretty much gets to the limits of my already limited skills. I don't know exactly how browsers work at the point when you click a link, but it would seem that there's some kind of file or script that takes over at that point. But since I don't know exactly what to look for, I'm stumped. I wonder if there's some kind of "standard" script that was simply re-programmed?

The redirects do not affect clicking on links from within sites, only from browsers. So if I'm in the WS site for example, I can click any link and it gets me where I'm supposed to go. But it seems to affect all browsers and search engines. I don't like IE so don't use it but when I tried it just to find out, it was also affected. So is Bing, Yahoo, About, Google, Dogpile, etc.

And like I said, the links are just weird, not even offensive. No porn, etc. Just gaming, cooking, sports, and random stupid stuff.

Oh, and the computer is about three years old, was from Gateway. No problems ever until just now.
Greg-

It sounds like the best option is to wipe your machine and re-install the OS. Typically, the virus will not embed itself in your personal files but rather resides somewhere deeper within the system.

If you like, I'd be happy to assist off-line. Feel free to email me at: cableguy 110 at gmail dot com.
Gig- I might take you up on that later.

First I'm going to try running a few more things.

SuperAntiSpyware seemed to be the only thing that found 2 redirect viruses - Conduit, which was in the registry, and Funmoods which wasn't. But I guess there were more or they mutated or something. When I get home tonight, I'm running a few more - rkill and a couple others that CNET recommended. Tech Republic had some decent items, as did Microsoft.

Best thing I've found is the Revo uninstall application - it's pretty good, but has nothing to do with malware detection. It does however, quickly delete all extraneous files and it does a good job of uninstalling programs.

Tonight I'll do a safe boot from the USB and run a number of clean programs. I think you're right that the data will probably be OK, and that's the main issue because as long as it's clean, I can transfer it.

An OS re-install crossed my mind. Maybe I'll try that too.
fwiw

i've got two drives on my computer

one is an apps drive
and the other is a clean operating system.

I can usually wipe my operating system whenever I want and start clean. (I wipe it clean every 3-5 months though but usually for a different reason as i'm running 3-4 different operating systems on my machine)

if you do decide to wipe, you might want to consider that in the future.

Add Reply

Likes (0)
×
×
×
×