Annoying Redirect Virus

Discussion in 'Computer Games and General Discussion' started by Hakoda, Dec 24, 2010.

  1. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    I have a friend's Win XP, Latitude D600. It had a rogue antivirus and I removed it using it various tools but now the only things that seems threatening to this computer is a redirect virus.

    Malwarebyes, SUPERAntiSpyware, AVG, Spybot S&D, & Ad-Aware can't seem to get it. The HOSTS file is clean. Anyone have any suggestions? Here's my HiJackThis Log:

    Warning: Spoilers inside!

    Thanks in advance.
     
  2. Rydian

    Rydian Resident Furvert™

    Member
    27,883
    8,103
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    Check the infection sticky here and follow the steps to see where the actual HOSTS file that's being used is (the system can be set to use one other than the default), and if it's still using the default there's three other things to check.

    1 - The proxy server set in internet explorer because that is the system proxy. I don't give a damn if they only use firefox, firefox will use the system proxy, which is set in IE.

    2 - The DNS servers set on the active connection. They should be on auto, not manual.

    3 - The DNS servers set in the router itself. If you don't know to log into the router and check say so.
     
  3. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    Registry reports that the default location for the HOSTS file is active. They actually don't use anything but IE; I'm going to try to change that XD

    1 - No proxy is enabled according to IE's settings.

    2 - DNS Servers set to Google's; didn't make a difference

    3 - DNS Servers on router are good as all other computers on the network are not having this problem.

    Redirects are to random sites each time so I wouldn't believe it would be into any HOSTS-like file.
     
  4. Rydian

    Rydian Resident Furvert™

    Member
    27,883
    8,103
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    In IE's settings, go to the programs tab, and manage addons. The redirecting one should be in there once you change the category to show all addons (not just currently-loaded ones).
     
  5. Thoob

    Thoob LOLmonade.

    Member
    1,126
    0
    May 28, 2009
    Scotland
    If it's the one that redirects your Google search results then use Hitman Pro. I've had to recommend this on many occasions to people who've had this problem. You only need the trial, run it once and the virus is gone. This tool should really be added to the Virus Removal sticky.
     
  6. Crass

    Crass Rock me Dr. Zaius

    Member
    999
    124
    Nov 3, 2006
    United States
    Oregon
    I think he needs more processes running the background.
     
  7. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    @Rydian - No suspicious add-on found. All of them are digitally signed or actually have to do with Windows. Plus if it was an add-on then it wouldn't be affecting my Firefox Portable browser but I believe I was reluctant to mention that so my fault on that one.

    @Thoob - Will do. [​IMG]

    @Crass - More? Or is that a joke? XD
     
  8. Rydian

    Rydian Resident Furvert™

    Member
    27,883
    8,103
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    Ah, restart.
     
  9. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    Restarted and no diff. Hitman found rootkit but won't remove unless I buy lol.
     
  10. Wombo Combo

    Wombo Combo That Ain't Falco

    Member
    722
    128
    Mar 17, 2010
    United States
  11. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    ComboFix said MBR is infected, said click OK to continue. After a while I thought it was frozen so i started to move mouse around and it was, hard reset computer. MBR was corrupted upon reboot. Rewrote a new on using Win 7 repair disk, XP booted. Same thing again, still says MBR is infected. Left it alone this time.

    EDIT: Apparently ComboFix goes through 50 stages? Its not displaying that here.
     
  12. Rydian

    Rydian Resident Furvert™

    Member
    27,883
    8,103
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    What does the free rootkit scanner (linked in the sticky) say?
     
  13. Hakoda
    OP

    Hakoda GBAtemp Addict

    Member
    2,133
    2
    Feb 2, 2008
    United States
    San Jose, CA
    Found nothing. Gave up on ComboFix since it kept freezing and now scanning with BD Rescue CD, found a couple of infections already.

    EDIT: BD Rescue CD got the little bugger. Thanks for your help guys.