I have a redirecting "virus" and cant get rid of it?

Question:

Jacob S

2010-11-28 09:03:32 UTC

I recently got rid of the Microsoft Security Essentials Virus, and did it successfully. But know any search engine I use, about 90% of the time when I click on a link, it will redirect to a different site. So, thinking it was the Google Redirect Virus, I went through the steps of getting rid of it. I looked for the files to delete them, and I could not find them. Then I used Kaspersky's TDSS Killer, and it found a few things and got rid of them. but I still am redirected with almost every link.

Can Someone tell what it could be?

Ten answers:

William K

2010-11-28 09:06:06 UTC

Hi,

you have a mailware infection this will kill it dead.

please do this :-

you have a really bad virus and the only thing to kill it is "Malwarebytes", some times this virus blocks anti-virus sites so download it using another system on to a Flash drive then use the flash drive to install it onto the infected system, then reboot and then run a FULL scan of your system, if this fails try this, reboot and press F8 as it boots up, this will take you into safe mode, then run a Full scan again.

If it is still blocked & won’t install try this:-

When it asks you where you would like to save it, change the "mbam_setup.exe" file to xxxxx.exe.

Then install it, update it, and run a full scan in Safe mode.

This will clear your system of this virus.

http://malwarebytes.org/

This is also one of the best free anti-spyware programs; again always run your anti-virus software in “Safe Mode” on full scan.

http://www.superantispyware.com/

This will all help you and are completely FREE downloads.

Trust me this does work.

******

Simple version of what to do:-

Download “Malwarebytes” onto a UBS Memory stick using a friends system

Use the Filehippo links as these are completely FREE

http://filehippo.com/

Reboot your system

As it boots up press (tap) F8

When in SAFE MODE install “Malwarebytes” using your USB Stick copy

When installed, run a full scan of your HDD

Reboot back into main windows again

Update “Malwarebytes” using the update tab page

Run another full scan of your HDD

Trust me this will not harm your system at all, only kill any bad stuff that's on it.

This is completely FREE and easy to do and WORKS, so why not try this first??

Ronny

2016-08-22 12:43:57 UTC

2010-11-28 09:10:16 UTC

Reset your router to default.

then follow this generic solution and just skip any parts of it you

think that you do not need to do.

First

click on Start > Run.

Type in the following into the open box.

devmgmt.msc

then Click on OK.

This will run Device Manager.

In Device Manager,

click on View > Show Hidden Devices.

expand all the devices by clicking on the "Plus" sign. Now try to find

TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,

right click on whatever one you found and select Disable.

make sure that you do not select the Un-Install option

otherwise infection will be back once you reboot your computer.

if none of them are there do not worry,

it could be something simpler but follow what comes next.

you will have to enable view hidden folders in folder options > view.

Delete everything in the windows temp folder,

C > Windows > Temp

Delete all cookies,Delete all temporary internet files

(not to be confused with windows temp files)

these are best deleted via your internet browsers.

it will save you messing about in the the hidden system files

reset internet explorer,

tools > internet options > Advanced tab > reset .

Delete everything in the prefetch folder.

C > Windows > Prefetch

Delete the hosts file,

C > Windows > System32 > drivers > etc > HOSTS

A clean hosts file will be written by windows when you reboot later.

Note: if you were using a custom Hosts file

you will need to replace any of those entries yourself.

Delete the flash cookies found in the macromedia, #Shared Objects folder.

c > users > "your name" > App Data > Roaming > macromedia > Flash player > #Shared Objects

delete everything you find in the #Shared Objects folder

Run a full scan with this

Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

and remove everything suspicious it finds.

Do not have any open windows and shut down all programs when you run it.

Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_sfx.exe

Then run a full scan with this and remove what it finds.

Super anti spyware Pro : http://www.superantispyware.com/

Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

this has a tool built in that can reset the URL prefix's, USE IT.

reset your router to default.

your redirect virus should now be gone.

download then run,

Hitman pro : http://www.surfright.nl/en to double check.

.

Techno

2010-11-28 09:08:09 UTC

You're still infected!

Download a new version of your browser (IE8, Firefox, Chrome etc.) but don't install it yet.

The key words here are SAFE MODE!!!

Download, (if you can't get on-line, have a friend download and copy to disc/flash for transfer) install, update and then, in SAFE MODE* run full scans, with these programs...

** http://www.malwarebytes.org

http://www.superantispyware.com

http://download.cnet.com/1770-20_4-0.html?query=Ad+Aware+Free+Anti+Malware&tag=404&searchtype=downloads Ad-Aware free

*** Important, when downloaded/installed/updated disconnect from the internet ***

Then re-start.

If you can't run a scan, go into the scanner's folder and re-name the .exe file to something like 'MyFile.exe' and try in safe mode again. Some malware prevent the execution of anti spy/mal/virus scans by blocking them by name.

Reinstall your browser.

You should consider getting a good Anti-Virus program.

Try one of these free ones...

http://www.avast.com/eng/download-avast-home.html

http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (Avria)

***Never use more than one, active, anti-virus program at any one time***

*Note: On start up (before Windows loads) keep tapping either F5 or F8 (be aware that some manufacturers use F8 for system recovery!) then use arrow keys to highlight 'Safe Mode with networking' and hit Enter/Return, click on a user account, enter the Administrator password (if you don't know it, there probably isn't one so leave it blank) and hit Enter/Return.

** It has been noted that Malwarebytes should be run in 'Normal Mode' unless that isn't possible!

© arou42

wesley

2010-11-28 22:57:15 UTC

hey yes it is a virus and it is hard to get rid of- i would recommend downloading a software called SuperAntiSpyware FREE edition it has saved my computer multiple times. that s not required tho this goes to the soul of the virus. now this virus usually occurs if u use Mozzila Firefox or Safari or Google Chrome etc anything but IEXPLORER

now to get rid of click on the computer button under ur start bar, click on your c drive, then click on users, and then your account that you use, now above there should be a search/url bar that says C:\users\ur profile now i want you to put C:\Users\Ur profile\AppData\Roaming

now this will bring you to a screen now DELETE the INTERNET programs that you use and reinstall them, i hope you understand what i am saying tho but for example i will show you my URL:

C:\Users\Wes\AppData\Roaming

if none of this works download something called ATF cleaner, it cleans out viruses and cookies, only small ones tho, if it is redirecting completely u must do it like i said by deleting the Files if you need more help email me : wesleydahl@verizon.net

2010-11-28 09:06:07 UTC

Some anti virus programs allow you to do a "Boot scan" where it loads the very bare minimum of files and runs a scan and cleans the infected files.

Avast will do this providing you are using a 32bit OS.

Try that.

Try running some anti-malware software in safe mode also.

2016-05-31 14:17:18 UTC

The infection may have changed your router settings. Perhaps using a "rogue" DNS server. Reset your router, then set it up again for your network. If this works, to prevent future issues, set a unique username and password to enter your router's configuration page. Everyone in the world, including malware coders, know what the default credentials for all the popular routers are.

2010-11-29 08:17:39 UTC

Download, install, update and run full scans, in safe mode*, with this software:

http://www.pcthreat.com/parasitebyid-8034en.html

Then re-start.

*Note: On start up (before Windows loads) keep tapping either F5 or F8 then use arrow keys to highlight 'Safe Mode with networking' click on a user account, enter the password (if you don't know it, there probably isn't one so leave it blank) and hit enter/return.

Lex Valentine

2010-11-28 09:21:34 UTC

Your antivirus isn't catching it because the cookie or temp file isn't technically a virus. You need to Bleach your temp files/cookies/history with a program like Registry Mechanic from PC Tools (pay but cheap) or Advanced System Care (free, but less effective).

Giedrius M

2010-11-28 13:08:49 UTC

Check proxy settings for proxy (disable it), run Hitman Pro, Spyware Doctor too, Check your DNS server settings and check if your router haven't been hijacked.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese