1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Major PC problem, help needed

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Lord Vader, Oct 7, 2011.

  1. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    The files I can get off, but the programs I'm unable to transfer.
     
  2. Drucifer

    Drucifer Well-Known Member

    9,397
    242
    Feb 12, 2009
    NY Hudson...
    True. And coping all Windows files never works.
     
  3. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    I know. :(
     
  4. Cholly

    Cholly Old Guys Rule! DBSTalk Club

    4,835
    45
    Mar 22, 2004
    Indian...
    Once you get the system back up, I'd recommend installation of Microsoft Security Essentials as his antivirus program. It's free and robust. Two other programs I'd recommend are Malwarebytes free version (www.malwarebytes.com) and SuperAntiSpyware free edition. Automatic updates of these programs are available, and should be run.
     
  5. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    Thanks. Malwarebytes I already installed; the others I'll do so shortly.
     
  6. dpeters11

    dpeters11 Hall Of Fame

    16,247
    490
    May 30, 2007
    Cincinnati
    Only thing I hate about SuperAntispyware is the name. I know it's legit, but sounds like Betrayware or a fake AV.
     
  7. TBoneit

    TBoneit Hall Of Fame

    2,294
    7
    Jul 27, 2006
  8. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    Everything is back up and running, as the restore worked. I reloaded the programs and all. I should have seen this coming, because I think I saw the signs that something was wrong but dismissed it at the time.

    I was on his PC late night on the 6th when I wanted to go to a sports forum to check something. I didn't recall the exact URL, and because I was away from home and didn't have the bookmark, I simply typed the name of the forum into Google. Imagine my surprise when everything that popped up was something called "Scour" with various links. Moreover, everytime I did a search in Google, even for legit sites, Scour came up. It was as if everything was being rerouted to Scour with weird results appearing. I had never seen anything like that before.

    This was around 1:00 a.m., and I was tempted to run Malwarebytes and/or some other things, but I figured it was too late at night, and I didn't want to run the program and leave the PC on while I slept, so I just shut down the machine and went to bed. The next morning, some 7 or 8 hours later, my old man couldn't reboot it.
     
  9. P Smith

    P Smith Mr. FixAnything

    21,596
    143
    Jul 25, 2002
    W.Mdtrn Sea
    Known trick - they inject own extension for web browser, mostly for IE, but FF suffer too. Then intercepting anything what you try to do inside of the browser.
     
  10. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    The problem was rampant on all three browsers on his PC--FF, IE, and Chrome. Weird.

    Of course, there must have been something additional attached to or contained in that problem, because the entire root or boot-up process of Windows was corrupt. BTW, it also nailed his attached 300GB external drive with all his files on it. THAT he got fixed by running some Microsoft program fix.
     
  11. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    Uh oh. The problem now seems to have appeared on my home PC. Everytime I do a search, I get redirected to some weird search engine called "StarFeedsMixer." (Not the same one as that which plagued my brother's).

    I ran Malwarebytes and it eliminated two things, but the problem remains. I'm running AdAware as I speak, and it so far has found three infected objects. Malware did say that one thing found was in the root and couldn't be deleted. Any recommendations?
     
  12. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    Edited to add: I've got the dreaded Google redirect virus.

    Man! This thing is insidious! After running a couple programs to detect this bug, my system restarted but had major problems. Windows repaired them and rebooted successfully after some time spend repairing the issue. However, the search redirect is STILL present!

    When I go to Google to do a search, the results page shows. So far, so good; but when I click on any of the links on this page, instead of going to that specific link/site, everything gets redirected to some spam search page.

    I'm running out of options to try and figure out how to eliminate this problem.
     
  13. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,435
    77
    Mar 23, 2002
    Sacramento, CA
    One place that I would check is the hosts file (and possibly lmhosts) located at C:\windows\system32\drivers\etc\ . If you try to edit it, you will need to run Notepad as an administrator rather than a normal user. Another good editor for the hosts file is HostMan, which will detect if you need to switch to admin mode.

    The reason I think of the hosts file is that something can go in there and point google.com to another IP address like 127.0.48.8 (Yes, this is totally fake IP), overriding the DNS lookup on your computer for that site.
     
  14. dpeters11

    dpeters11 Hall Of Fame

    16,247
    490
    May 30, 2007
    Cincinnati
    It is a good idea to check the hosts file, but I'm not convinced it will be there. If Google itself works, but goes elsewhere when you click on a link going to one of the result sites, sounds like something else is going on.

    if it were the hosts file, it'd be specific sites that redirect.
     
  15. P Smith

    P Smith Mr. FixAnything

    21,596
    143
    Jul 25, 2002
    W.Mdtrn Sea
    this sort of things usually hiding inside registry at browser(s) extension ... and in a few more places
    I can do clean manually (after many many years experience in IT it still dog chasing process), but I wouldn't teach someone by phone or forums ... the redirectors has many tricks and you must play with the PC in real time, not guide an inexperienced user, sorry.
    I'm pretty sure you can do that by yourself, but prepare to spend your time for reading Internet (much more then before) and get better knowledge how the Windows as a system works at pretty low level.
     
  16. dpeters11

    dpeters11 Hall Of Fame

    16,247
    490
    May 30, 2007
    Cincinnati
    Yeah, the registry can be a dangerous place. It's like on those old maps "Here be dragons". Very useful, but can really mess things up.
     
  17. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    Google only partially works. What the redirect virus does is after a Google search brings up the results, clicking on any of them redirects one to some other site, usually ones with malware-infested crap.

    My PC will boot up and do other things fine now, but the redirect virus is still present. I've effectively lost any search engine capabilities. Moreover, system restore doesn't seem to be working, either. At around 3:00 a.m. CDT I attempted that, and by 10:00 a.m. the screen still showed "System Restore initializing." I know it doesn't take 7+ hours to do a system restore.

    So far I've tried Malwarebytes, Ad Aware, a specific TDSS killer from Symantec that's supposed to remove this bug, and Spy Doctor, the latter two being recommended after I read up on this virus. None of them have been successful. This thing is really nasty and definitely the worst one I have ever experienced.

    I just can't seem to get rid of it! :mad:
     
  18. David Ortiz

    David Ortiz Save the Clock Tower!! DBSTalk Club

    2,427
    75
    Aug 21, 2006
    Fresno, CA
    I've seen this before and the hosts file was changed. Did you check the hosts file?
     
  19. Lord Vader

    Lord Vader Supreme Member

    8,687
    38
    Sep 20, 2004
    Galactic Empire
    I don't think I did. Considering I don't have much (if any) experience in that, what's the proper way to do that? I just want to make sure I get it right and not mess it up.
     
  20. David Ortiz

    David Ortiz Save the Clock Tower!! DBSTalk Club

    2,427
    75
    Aug 21, 2006
    Fresno, CA
    Also, check this out: http://support.microsoft.com/kb/972034
     

Share This Page