Separate names with a comma.
Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Lord Vader, Oct 7, 2011.
The files I can get off, but the programs I'm unable to transfer.
True. And coping all Windows files never works.
Once you get the system back up, I'd recommend installation of Microsoft Security Essentials as his antivirus program. It's free and robust. Two other programs I'd recommend are Malwarebytes free version (www.malwarebytes.com) and SuperAntiSpyware free edition. Automatic updates of these programs are available, and should be run.
Thanks. Malwarebytes I already installed; the others I'll do so shortly.
Only thing I hate about SuperAntispyware is the name. I know it's legit, but sounds like Betrayware or a fake AV.
I've done that backup using the built-in restore backup function on HPs at work. Nice feature.
For autorun I use the Panda USB Vaccine software to turn off autorun on the PC as well as immunize the usb drives as long as they are fat32 so they can't get infected with certain autorun viruses that spread that way. http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
A couple of free online virus scans
Everything is back up and running, as the restore worked. I reloaded the programs and all. I should have seen this coming, because I think I saw the signs that something was wrong but dismissed it at the time.
I was on his PC late night on the 6th when I wanted to go to a sports forum to check something. I didn't recall the exact URL, and because I was away from home and didn't have the bookmark, I simply typed the name of the forum into Google. Imagine my surprise when everything that popped up was something called "Scour" with various links. Moreover, everytime I did a search in Google, even for legit sites, Scour came up. It was as if everything was being rerouted to Scour with weird results appearing. I had never seen anything like that before.
This was around 1:00 a.m., and I was tempted to run Malwarebytes and/or some other things, but I figured it was too late at night, and I didn't want to run the program and leave the PC on while I slept, so I just shut down the machine and went to bed. The next morning, some 7 or 8 hours later, my old man couldn't reboot it.
Known trick - they inject own extension for web browser, mostly for IE, but FF suffer too. Then intercepting anything what you try to do inside of the browser.
The problem was rampant on all three browsers on his PC--FF, IE, and Chrome. Weird.
Of course, there must have been something additional attached to or contained in that problem, because the entire root or boot-up process of Windows was corrupt. BTW, it also nailed his attached 300GB external drive with all his files on it. THAT he got fixed by running some Microsoft program fix.
Uh oh. The problem now seems to have appeared on my home PC. Everytime I do a search, I get redirected to some weird search engine called "StarFeedsMixer." (Not the same one as that which plagued my brother's).
I ran Malwarebytes and it eliminated two things, but the problem remains. I'm running AdAware as I speak, and it so far has found three infected objects. Malware did say that one thing found was in the root and couldn't be deleted. Any recommendations?
Edited to add: I've got the dreaded Google redirect virus.
Man! This thing is insidious! After running a couple programs to detect this bug, my system restarted but had major problems. Windows repaired them and rebooted successfully after some time spend repairing the issue. However, the search redirect is STILL present!
When I go to Google to do a search, the results page shows. So far, so good; but when I click on any of the links on this page, instead of going to that specific link/site, everything gets redirected to some spam search page.
I'm running out of options to try and figure out how to eliminate this problem.
One place that I would check is the hosts file (and possibly lmhosts) located at C:\windows\system32\drivers\etc\ . If you try to edit it, you will need to run Notepad as an administrator rather than a normal user. Another good editor for the hosts file is HostMan, which will detect if you need to switch to admin mode.
The reason I think of the hosts file is that something can go in there and point google.com to another IP address like 127.0.48.8 (Yes, this is totally fake IP), overriding the DNS lookup on your computer for that site.
It is a good idea to check the hosts file, but I'm not convinced it will be there. If Google itself works, but goes elsewhere when you click on a link going to one of the result sites, sounds like something else is going on.
if it were the hosts file, it'd be specific sites that redirect.
this sort of things usually hiding inside registry at browser(s) extension ... and in a few more places
I can do clean manually (after many many years experience in IT it still dog chasing process), but I wouldn't teach someone by phone or forums ... the redirectors has many tricks and you must play with the PC in real time, not guide an inexperienced user, sorry.
I'm pretty sure you can do that by yourself, but prepare to spend your time for reading Internet (much more then before) and get better knowledge how the Windows as a system works at pretty low level.
Yeah, the registry can be a dangerous place. It's like on those old maps "Here be dragons". Very useful, but can really mess things up.
Google only partially works. What the redirect virus does is after a Google search brings up the results, clicking on any of them redirects one to some other site, usually ones with malware-infested crap.
My PC will boot up and do other things fine now, but the redirect virus is still present. I've effectively lost any search engine capabilities. Moreover, system restore doesn't seem to be working, either. At around 3:00 a.m. CDT I attempted that, and by 10:00 a.m. the screen still showed "System Restore initializing." I know it doesn't take 7+ hours to do a system restore.
So far I've tried Malwarebytes, Ad Aware, a specific TDSS killer from Symantec that's supposed to remove this bug, and Spy Doctor, the latter two being recommended after I read up on this virus. None of them have been successful. This thing is really nasty and definitely the worst one I have ever experienced.
I just can't seem to get rid of it!
I've seen this before and the hosts file was changed. Did you check the hosts file?
I don't think I did. Considering I don't have much (if any) experience in that, what's the proper way to do that? I just want to make sure I get it right and not mess it up.
Also, check this out: http://support.microsoft.com/kb/972034