Curse

RedDog91 · Jan 25, 2011, 03:39 AM // 03:39

My parents got a redirect virus on their computer yesterday and I have no idea what is going on with it. Any search (google, yahoo, bing, etc.) get redirected to a different site when you click on a search result. Instead of just one redirect, Ive observed some redirecting as much as 6 times before going to a random site. Half the times I enter an address into the bar it also redirects.

I've had 2 redirect viruses on my computer before, so I assumed I could get rid of the one on their's the same way I got rid of those 2.
For one of them I just went into my internet tools and deleted the proxy it had set and then sweeped it with a specialty software. This isn't possible because the new virus does not use a proxy that can be disabled in options.
For the second, I forced my computer into Safe Mode with Networking to system restore. This also can't be used on the new virus as it prevents the option for Safe Mode. I've even ripped the cord out the wall to try and force it. No good. It also has removed System Restore from being used.

The operating system is Windows XP.
Any advice?

Snograt · Jan 25, 2011, 06:57 AM // 06:57

Ouch - that sounds nasty.

Unless anyone else has experience of this, wait until our resident security expert Tarun turns up, or maybe visit his dedicated forum and ask there - http://www.lunarsoft.net/

Nalia · Feb 24, 2011, 12:18 AM // 00:18

check for reg keys not as they should be... specifically HKLM and HKCU under Microsoft\Windows\CurrentVersion and Run, RunOne

also check your BHO registry keys for the browser you use

check your HOSTS file in windows directory

remove proxy entries from browser (chrome uses ie proxy settings as well, so dont forget that)

check services running

check task manager for anything you see running that should not be, find and remove it

check startup folder for programs menu

check HKCR\exefile\shell\open\command for anything other than "%1" %*

Allienne · Mar 07, 2011, 03:19 AM // 03:19

Try downloading a program called Malware Bytes. It's freeware and will get rid of most viruses. Also think about getting Avast Antivirus Free Home Edition. It works greats and it's free!

If you can't get to the website, perhaps download the programs onto another virus free computer and then put the install files on a flash drive or a CD/DVD. It may help.

drkn · Mar 07, 2011, 08:22 PM // 20:22

I had the same thing after my bro browsed some nasty porn site. If the above solutions don't work, provide screenshots - they will help identify the problem. Or at least provide possibly the most details you can.
Don't remember how i fixed it now, but i've never used any system restore and my DNS was fine all the time.

Snograt · Mar 08, 2011, 01:17 AM // 01:17

Been 6 weeks now - I'd hope he got it fixed by now

(Drat that Tarun - never around when I need him...)

Chocolate_Prayers · Mar 08, 2011, 03:32 AM // 03:32

Just to add to this discussion in case anyone encounters this problem in the future, something to check is your hosts file in WINDOWS\system32\drivers\etc
open it in notepad, and ensure there are no items other than 127.0.0.1 localhost

If all else fails, follow Allienne's method. This has always worked for me in the past when cleaning horribly infected computers.

Tarun · Mar 08, 2011, 04:03 AM // 04:03

If this problem is persisting, I'd recommend using my Anti-Malware Toolkit (link in my sig) and picking up a few extras from it. First, set it to get the Windows XP pack.

Here's the extras I'd recommend downloading from the toolkit in addition to the default XP pack.

Microsoft Security Essentials
UPHClean
Process Explorer
StartUpLite
Dial-a-fix - however check and make sure they don't have a "C:\Documents" folder or else Dial-a-fix will delete it.

Put them onto a flash drive or similar portable media and get to work. It should be a piece of cake*.

* The cake is not a lie.

Quote:

Originally Posted by Snograt

Been 6 weeks now - I'd hope he got it fixed by now

(Drat that Tarun - never around when I need him...)

I'm always on an IM or Steam for you to reach me.

Snograt · Mar 08, 2011, 12:21 PM // 12:21

Heh - was only kidding, Tarun

For those who've never tried it, I can heartily recommend the Anti-Malware Toolkit. It's a suite of anti-malware programs that can kill 99% of all known internet germs - dead!

TocoLoco · Mar 15, 2011, 06:54 PM // 18:54

Hey all, I had this same problem and it lasted for a long time. I did some research and got rid of it, but then later found out that it's very extreme and a few months later I had some personal financial information stolen. Not to freak you all out, but it's actually a major threat that a lot of people are dealing with, or at least it has the potential to open up a doorway to let worse things in. This page explained it pretty well http://www.squidoo.com/google-redirect-virus-removalz

Snograt · Mar 16, 2011, 06:58 AM // 06:58

Hmm, a scaremongering ad that wants to charge you $30 for a one-shot fix? No thanks.

Swingline · Mar 16, 2011, 07:55 AM // 07:55

I had a similar problem. I got a very nasty virus from a WoW guild site that I joined for less than a week. Many other people that joined the guild got it to. All it seemed to do at first was redirect me on google and yahoo. I eventually shelled out $50 for norton and it got it right away. All seemed fine till my bank called me and said they were having unusual requests from paypal. Seems someone got many of my user names and passwords for many sites as most of the ones I frequently visited had some info changed. I believe this is why my guild wars account is linked to some other ncsoft account. I thank my lucky stars my guild wars account is untouched in game.