Curry Recipes Online
Curry Chat => Talk About Anything Other Than Curry => Topic started by: Malc. on May 24, 2010, 02:11 PM
-
My PC has become infected with a browser redirect trojan/virus, that I can not find or remove. I have tried Malwarebytes and my McAfee Anti-Virus and Spybot-SD but am still unable to get rid of this nasty little buggar.
The trojan/virus is randomly opening pages to sites I haven't asked for following a search on Yahoo or Google. Occasionally, I also get a new page open on its own that seems to transfer to a series of about 3 or 4 adserv/malware sites.
This is all following an attack I had last week that installed Anti-Malware Doctor, which I have managed to remove along with various changes to sytem32\drivers\etc\
Any help at all in removing the this will be gratefully received.
-
Hi
Sorry to hear about that, had a similar problem a week ago. Just bit the bullet in the end and bought AVG internet security.
Regards
-
Axe try Microsoft's free AV canner: http://www.microsoft.com/security_essentials/ (http://www.microsoft.com/security_essentials/)
It's getting some good reviews and, well, it's free!
-
Hi Axe
you could try a free trial of an internet security program.
the top one is norton 360 free for 90 days and the second one is nod32. hope it helps
http://www.symantecstore.com/dr/sat1/ec_main.entry25?page=1582AIndexPage&client=Symantec&sid=37771&cid=273172&CUR=840&DSP=&PGRP=0&ABCODE=&CACHE_ID=273172 (http://www.symantecstore.com/dr/sat1/ec_main.entry25?page=1582AIndexPage&client=Symantec&sid=37771&cid=273172&CUR=840&DSP=&PGRP=0&ABCODE=&CACHE_ID=273172)
or
http://www.eset.com/download/free-trial/international (http://www.eset.com/download/free-trial/international)
or
http://www.bitdefender.co.uk/site/Downloads/ (http://www.bitdefender.co.uk/site/Downloads/)
or
http://www.avg.com/gb-en/download-trial (http://www.avg.com/gb-en/download-trial)
good luck
-
Commis, AVG is good but I have McAfee as part of my Internet subscription.
Thanks SS, i'll take a look at it. I am a little concerned though, as both Malwarebytes and McAfee forums are struggling to remove this new version of the TDL3 Rootkit.
-
Hi
It was one of the free copys that the virus went for so please be carefull.
Regards
-
Will, I am running a scan with ESET as we speak, it hasn't found anything as yet.
-
Commis, thanks, I am treading very carefully.
-
I've given up on trying to remove the occasional virus, trojan or any other serious PC problem. I don't trust any of the anti-virus or security programs to stop the PC getting infected in the first place, or to remove anything which does get through.
So all I do, is revert to a backup copy of Windows and all my other main programmes. I do this once or twice a year and am back in business within a few minutes.
Moreover, I deleted AVG and other 'security' products. The PC runs faster without them, and the incidence of problems (suspected virus or trojan) has gone DOWN. I think all those security programmes are a bit of a con.
-
Oddly enough, I think there is a small amount of sense to your comments George. Alot of modern virus/trojan's are designed to attack or avoid specific files. I've been reading about my virus and it seems that it often manifests in Java updates and Adobe Reader!
ESET is about to finish the scan and has found 2 trojan's where the rest have failed. I have removed all traces of Java and Adobe and following a cleaning process that I have found on the Malwarebytes forum.
I would suggest that you use a form of virus detection as some can be very agressive indeed. A friend of mine lost his hard drive due to a virus. I have also read today, that it is possible to permanently loose your OS, without any hope of recovery.
Scary stuff!
-
I use AVG (Its free) and Superantispyware - also free and will get everything! They keep everything running smootly enough.
If you still have problems you can use Windows Restore to roll back your PC to the state it was in before the Virus was infected. It has saves my ass a lot of times. Just google it and you will get an easy to follow guide.
-
Hi
Sadly chriswig the one that I picked up came through the free products and also disabled my restore option and my add/remove software.
Regards
-
Chris, i've heard the superantispyware is quite good and seems to be well thought of. The general consensus on this new trojan is that Superantispyware as well as all the others mentioned so far, are unable to remove it.
I don't know how it got past McAfee but it it has. ESET has fixed 1 of the two reports but userinit.exe still remains affected and un-repaired.
I have given up for today but will be spending another day on it tomorrow. I hope there is a resolve other than restoring the OS.
-
I have given up for today but will be spending another day on it tomorrow. I hope there is a resolve other than restoring the OS.
That's what I mean - hours of effort and you may still not succeed, whereas full restoration from a backup would have taken about 15 minutes. Windows Restore is a complete waste of time, also, in my experience.
-
I use Avira Antivirus(luke filewalker).
Spybot also, plus Za using its antispyware program, plus the best thing ive used sofar is Deleting IE and installing firefox, also using all of its security features.
All the above are free-ware.
I deleted avg as i caught a virus with it running.
I bought and paid for mcaffee a few years back and similarly caught a vrus with that running.
Norton systemworks is good all round defence.
The worst virus i ever caught was called windows defender or security suite or something, made a real good job of destroying windows xp, much like Chris's comments above, got rid of add/remove and made the os unusable, i had to reformat.
Moosoft the cleaner is a very good free trojun remover.
Of course all of the above are only usable in hindsight if your browser hasn't been hijacked, which is what a good trojun will do.
-
Hi, I know exactly how you feel, spending hours trying to get the pc back to normal.
I have used Mcafee in the past and there tech guy told me to download the latest sdat file and scan in dos. Did the trick but takes hours scanning.
After that performance binned Mcafee and now use the free AVG and Spybot. No problems up to now, fingers crossed. ;)
Chilli
-
Sounds like a real stinker Axe. If you can get the PC to boot into safe mode it should come up with an option while booting up to either start in safe mode or run system restore wizard. If the virus has disabled it in full Windows you might still be able to get it working this way.
-
Simple solution, buy a mac.
Happy mac user
Mike
-
Okay, I don't want to count my chickens before they've hatched but, I think I might have cured the problem or rather my brother has.
He did a search on the TDL3 root kit and found a link to Kaspersky who have a TDSSKiller, what ever that is. I have run this and it removed 3 reported problems. I was a little worried as the instructions said I wouldn't have to reboot, but the program asked me to do so. Well I did and all seems okay so far.
Firefox is running okay, so too is Opera which I installed to see if I could get round the virus. No pages have opened up on their own and searches in Google are behaving normally now. My network is now stable and I have not experinced any further spurious Network activity.
If anyone needs the link, give me a shout and I 'll dig it out.
So far so good and with no reboot, system restore or incompatible MAC. :P
Just kidding, thanks for all the help, I hope I haven't tempted fate.
-
Hi
Axe, good news.
Regards
-
Axe,
worth having a look for future - a little programme called gmer. it allows u to get in behind windows and have a look what's going on. u can view the root too.
-
Jerry,
Thanks for that, trying to get behind the scenes these days is getting hard work. Bring back DOS. ;D
-
Bring back DOS. ;D
for defo for me too.
-
Hi
Dos, my fire programmes were so ease under dos! Happy days.
-
Okay, I don't want to count my chickens before they've hatched but, I think I might have cured the problem or rather my brother has.
Axe - I'm pleased to hear it may be sorted. Here's a screen shot from my most recent problem. Win XP wouldn't even start - not even in safe mode. I used F8 to try and deter Win XP from closing down upon finding an error but it still would not start. The hard drive is suspect. I don't think this was a virus.
(http://www.curry-recipes.co.uk/imagehost/pics/b6570f919ee336ad91bbae9f16bf82bf.jpg)
-
The Blue Screen of Death! Thanks for that Mr Gates. :-\
I lost a hard drive last year, which caused me no end of head aches. That I hope wasn't due to a virus but it was a tough call to to say. I had the drive checked by a 'super geek', I explained that the drive won't boot and that I had tried disconnecting it, reconnecting it, booting from the CD etc. But that it was also intermittent.
He went over to his machine, plugged in my drive and tried to boot it up, it wouldn't. He disconnected it and then reconnected it and tried again, it still didn't. Undeterred by this he then proceeded to boot from CD and try to access the drive, he was unable to do so.He came back to the counter and said "it won't boot, I think it's dead!" ::)
I then decided to purchase a new hard drive and asked for his advice. He politely agreed and wandered over to a shelf marked storage drives. He pointed to a box and I promptly picked it up. From the now empty shelf I could see that they would normally stock other drives of differing prices and size. I proceeded to ask whether the drive I had in my hand was a good choice, yes sir it is. What are the befits of this drive over this one? I ask pointing to a shelf edge label of a smaller drive but at the same price. He read the box description of the drive I had in my hand that was half a tb and then the label on the smaller drive which was 320gb. He replied 'that ones bigger'! 'which one would you choose?' I ask, 'the one you have in your hand' he replies. I am now curious as my 'super geek' would surely opt for the better quality drive which presume to be the smaller drive. So I ask 'why is this one better over what would seem to be a smaller but better quality drive?'. He looked at me with a blank expression on his face and simply muttered 'it's the only drive we have left in stock!"
The moral of the story is that just because someone works in the technical services and support department of PC World, wearing their clothes in such a way to suggest that any notion of style or concern for ones appearance is irrelevant in a world where its all about processors and memory, is not necessarily a super geek.
On the upside I now have a Terrabyte of space in my computer. On a cold still night, you can here feint echos from the void that is the nothingness within the new found endless chasm of storage.
-
On the upside I now have a Terrabyte of space in my computer. On a cold still night, you can here feint echos from the void that is the nothingness within the new found endless chasm of storage.
I'd only use a 1Tb HDD if I could justify buying a second one as a backup. At present, I'm running Windows XP on a HDD with just 18Gb capacity and that''s only about 60% full. I have loads of programs, too. I always use a separate drive for all my data.
The HDD which caused the blue screen at start-up will still read when fitted as an ancilliary drive. I checked all the boot-up files are still there, so I think it's some kind of advanced Windows issue. It's only of academic interest to identify the problem. As I said, I fitted another drive and was running again within 15 minutes.
-
Just realised I got my Mb's Gb's and Tb's mixed up in the post, now edited.
The Terrabyte of storage I have is split between two drives. I only use drive C: for system files everything else, ancillary programs and files, get stored on D:
Sadly my old drive is fried, I can't access it even as a second drive.
-
In the absence of any antivirus software running on my PC, I've been using a free bit of Norton software for some time, which is supposed to find anything on your PC but, unless you cough up what it costs, will not remove any virus found. It updates with the latest virus definitions every day, so I trust it's the same as the detection part of a full Norton suite.
And guess what? In about 6 months of running scans it's found NOTHING! Yesterday's scan is typical - the only thing it reports is that I'm not protected!
(http://www.curry-recipes.co.uk/imagehost/pics/bbe16698e93444ff988b76353f4bd0c9.jpg)
-
George,
I think it all is a bit of a scam myself all these anti virus products but I have had a few virus's & trojans in my time (All when I had paid for AV's installed). I have often wondered if Norton, Mcafee etc make these virus's up so we buy there products, who knows ::).
As someone said earlier, I think it was Santa, Microsoft security essentials is free and quite good by all accounts. Now as it is free Microsoft in theory have nothing to gain from making it. So again why make something for nothing? is it because there really is very little out there to worry about and the cost is minimal to make a product like this? and it shines a bit of a light on the Microsoft empire?
Anyways, as its free why not use it? nothing to lose.
I too reinstall everything every 6 months or so too.
PS, pleased to here you got rid of whatever was on your puter Axe ;D
cheers
Will
-
The only problem with going down the Microsoft route is that most hackers target the company above all others. Of course, it is in Microsoft's best interest to ensure they are ahead of the game but it must be hard when you can only react to once a new threat is detected. :-\
I'd loose Norton like a bad habbit George, your far better off with something like AVG as a free virus guard. Check out http://www.bleepingcomputer.com/forums/ (http://www.bleepingcomputer.com/forums/) everything you need to know and more. Also check out Malwarebytes and it's forums, there some really knowledgeable lads and lasses on there.
-
Definitely do not want to turn this into a platform/computer debate, but I've had a Mac for about 8 years now. Never had a virus/trojan (to my knowledge). Never had to reload data from backup.
On the other hand, I am reloading Windows / eradicating viruses / dealing with malware on my two teenage kids' pc's on a weekly basis...
-- Josh
-
George,
ideally u'd have to google the blue screen txt to find out more but my 1st would be to use scandisk from from the xp install disc or xp boot disc or additional hard disc.
-
8 years ago only proper geeks and graphic designers owned Macs. I totally agree they are much safer and a lot faster to run than windows computers, and they look amazing, but my problem has always been lack of compatibility for mainstream games and other software.
I'm sure any good Mac fanboy will have loads of statistics as to why that is no longer true (bootcamp, office mac e.t.c.) but when it comes to downloading games and lesser known applications Macs really struggle.
My sister bought a new Mac for around ?1500 recently. All she uses it for is emails and web browsing. Why?????
-
Reset your computer to another date eg a day or two before the virus infected your machine it should work.
Best of luck
ECH
-
extrahotchillie is correct that defo works !!!!
-
It would appear that I still have problems, thought it was too good to be true. Having shut the PC down for the weekend, I have returned to work today to find that the PC didn't shut down and two editor windows (Akelpad) open with Russian italics inplace of the usual file menu titles. After reboot all seemed normal but then when I came online using Firefox to view the forum, after several minutes the network was real busy. So it would appear that a backdoor has been created and accessed.
I have run the TDSSKiller and it has again found another route kit. I have rebooted an the route kit has been removed. I have now un-installed Firefox and deleted all of it's folders. I am browsing noe with Opera and and the network is stable with no activity.
At this point I do not know if I can trust that my PC is out of the clear. I am preparing back-ups with the intention of formatting my C: drive if things do not settle down. It's now become a case of practicality and it simply isn't practical to spend another week trying to hunt this problem down.
Any further help or advice gratefully appreciated.
-
Have you tried using Chrome as your browser? It might not cure your virus but it will speed up your browsing immensely.
Did you ever try a system restore? I'd do that before thinking about a complete format.
Another useful tip that might help you. There is a website called something like Experts Exchange (looks like expert sex change when you type it in lol). They usually claim to have the answers to all IT problems when you Google them, but they want you to pay to subscribe and see the answers. For some reason, if you view the page in Chrome you can scroll right to the bottom of the page and view all of the solutions without paying. To be fair they usually have very good answers to tough problems.
-
I'll check that out Chris, thanks for that.
Sadly, I do not have system restore as I switched it off some time back. It had created a file that was taking up the best part of 60 percent of my drive and had become fragmented. It's a long story but I had to switch off system restore to resolve the problem. :(
-
Axe,
try Spybot Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html (http://www.safer-networking.org/en/spybotsd/index.html)). this i use for getting rid of most things.
going fwd have a look at PC Tools threatfire and firewall - these are prevention software and what i use.
on the point of re install u need to make sure the root is clean 1st using gmer. even re partitioning and formatting is sometimes not enough if the root is infected.
-
Thanks Jerry, I have Spybot. I remember seeing gmer mentioned but not sure if I have tried it or not. I suspect not. Think i'll go hunt it down next.
-
Heres a free anti rootkit........
http://www.freesoftware4all.co.uk/antirootkits.htm (http://www.freesoftware4all.co.uk/antirootkits.htm)
Really good Free AV/Trojun detector/rootkit/spyware best ive used .
http://www.free-av.com/en/download/index.html (http://www.free-av.com/en/download/index.html)
-
Thanks Peter I will take a look.