Annoying Redirect Virus

Discussion in 'Computer Games and General Discussion' started by Hakoda, Dec 24, 2010.

Dec 24, 2010

Annoying Redirect Virus by Hakoda at 4:44 PM (1,010 Views / 0 Likes) 12 replies

  1. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    I have a friend's Win XP, Latitude D600. It had a rogue antivirus and I removed it using it various tools but now the only things that seems threatening to this computer is a redirect virus.

    Malwarebyes, SUPERAntiSpyware, AVG, Spybot S&D, & Ad-Aware can't seem to get it. The HOSTS file is clean. Anyone have any suggestions? Here's my HiJackThis Log:

    Warning: Spoilers inside!

    Thanks in advance.
     
  2. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Check the infection sticky here and follow the steps to see where the actual HOSTS file that's being used is (the system can be set to use one other than the default), and if it's still using the default there's three other things to check.

    1 - The proxy server set in internet explorer because that is the system proxy. I don't give a damn if they only use firefox, firefox will use the system proxy, which is set in IE.

    2 - The DNS servers set on the active connection. They should be on auto, not manual.

    3 - The DNS servers set in the router itself. If you don't know to log into the router and check say so.
     
  3. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    Registry reports that the default location for the HOSTS file is active. They actually don't use anything but IE; I'm going to try to change that XD

    1 - No proxy is enabled according to IE's settings.

    2 - DNS Servers set to Google's; didn't make a difference

    3 - DNS Servers on router are good as all other computers on the network are not having this problem.

    Redirects are to random sites each time so I wouldn't believe it would be into any HOSTS-like file.
     
  4. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    In IE's settings, go to the programs tab, and manage addons. The redirecting one should be in there once you change the category to show all addons (not just currently-loaded ones).
     
  5. Thoob

    Member Thoob LOLmonade.

    Joined:
    May 28, 2009
    Messages:
    1,126
    Location:
    Scotland
    Country:
    United Kingdom
    If it's the one that redirects your Google search results then use Hitman Pro. I've had to recommend this on many occasions to people who've had this problem. You only need the trial, run it once and the virus is gone. This tool should really be added to the Virus Removal sticky.
     
  6. Crass

    Member Crass Rock me Dr. Zaius

    Joined:
    Nov 3, 2006
    Messages:
    984
    Location:
    Oregon
    Country:
    United States
    I think he needs more processes running the background.
     
  7. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    @Rydian - No suspicious add-on found. All of them are digitally signed or actually have to do with Windows. Plus if it was an add-on then it wouldn't be affecting my Firefox Portable browser but I believe I was reluctant to mention that so my fault on that one.

    @Thoob - Will do. [​IMG]

    @Crass - More? Or is that a joke? XD
     
  8. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Ah, restart.
     
  9. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    Restarted and no diff. Hitman found rootkit but won't remove unless I buy lol.
     
  10. Wombo Combo

    Member Wombo Combo That Ain't Falco

    Joined:
    Mar 17, 2010
    Messages:
    722
    Country:
    United States
  11. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    ComboFix said MBR is infected, said click OK to continue. After a while I thought it was frozen so i started to move mouse around and it was, hard reset computer. MBR was corrupted upon reboot. Rewrote a new on using Win 7 repair disk, XP booted. Same thing again, still says MBR is infected. Left it alone this time.

    EDIT: Apparently ComboFix goes through 50 stages? Its not displaying that here.
     
  12. Rydian

    Member Rydian Resident Furvert™

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    What does the free rootkit scanner (linked in the sticky) say?
     
  13. Hakoda
    OP

    Member Hakoda GBAtemp Addict

    Joined:
    Feb 2, 2008
    Messages:
    2,133
    Location:
    San Jose, CA
    Country:
    United States
    Found nothing. Gave up on ComboFix since it kept freezing and now scanning with BD Rescue CD, found a couple of infections already.

    EDIT: BD Rescue CD got the little bugger. Thanks for your help guys.
     

Share This Page