PC Help - Infected with some type of Browser Redirect Malware

[Boss-Hog]

Hi all,

My browser (the latest version of Firefox) started automatically redirecting me to random pages yesterday, so I'm 99% sure it's due to some type of malware I've been infected with. I have run (updated) scans of Windows Defender, AVG Free and Ad-Aware with no problems found. One other problem this malware has caused is I'm unable to connect to http://www.safer-networking.org to download the latest version of Search & Destroy (I receive a "Cannot find Server" error even though I know the site is up). I'm running Windows XP with all the latest updates. If anyone can offer some help, I'd definitely appreciate it.

[pahster]

There might be a less invasive way of taking care of this, but if all else fails you could do a system restore to a point a few days ago.

[RBA]

Try Windows Vista One Care Scan:

http://onecare.live.com/site/en-us/center/whatsnew.htm

Assuming you have Vista.

[Joseph]

http://download.cnet.com/Trend-Micro...-10227353.html

Hijack this is pretty effective for me usually.

Could also try cc cleaner.

[acredsfan]

A lot of times, malware like that will block your Ad-Aware and other programs from detecting updates, so they will say they are up to date when they aren't. What I usually do in this case is use a flash drive or cd to copy whatever program and updates that I need to get rid of the infection from another computer. It may be possible to get someone to email you a program or update you can't get to through your own internet connection. Also, I highly reccommend that you change your passwords of whatever sites you have logged into since the infection appeared. Most malware are trackers that can retrieve any information you input while you are infected.

[RBA]

I have a virus on my computer too. Whenever I open up MLB Gameday, the score for the team the Reds are playing keeps on going up like a national debt tote board.

[flyer85]

Quote:

Originally Posted by RBA

I have a virus on my computer too. Whenever I open up MLB Gameday, the score for the team the Reds are playing keeps on going up like a national debt tote board.

I must have the same virus

[Johnny Footstool]

I use Avast anti-virus. It's free and very effective.

I had a similar virus, and my friend gave me the following advice.

If you can, boot in safe mode and download the following programs:
Avast
Search and Destroy
ComboFix

Install those programs, and then reboot in safe mode and run them in that order.

[Boss-Hog]

Quote:

Originally Posted by Johnny Footstool

I use Avast anti-virus. It's free and very effective.

I had a similar virus, and my friend gave me the following advice.

If you can, boot in safe mode and download the following programs:
Avast
Search and Destroy
ComboFix

Install those programs, and then reboot in safe mode and run them in that order.

Thanks for the advice - this malware is preventing me from even being able to open Search and Destroy and Hijack This. I can install them fine, but I open the shortcut and nothing happens (even in Safe Mode). I'll give Avast a try, but I'd be surprised if it finds anything that AVG did not. I'm reluctant to try ComboFix, as the helpers at bleepingcomputer.com strongly recommend not running it unless you really know what you're doing with it because it's apparently extremely powerful.

In the meantime, I'm downloading the Ad-Aware updates on another computer and will burn them to a CD. Thanks for that bit of advice (and all others), too.

[IslandRed]

It sounds like the redirect thing is but one of the bad things it does, but if it'll let you, check your HOSTS file (in XP, it's in C:\Windows\System\Drivers\Etc) and see if it's been hacked and, if so, if you're able to remove the garbage entries manually.

[Boss-Hog]

Quote:

Originally Posted by IslandRed

It sounds like the redirect thing is but one of the bad things it does, but if it'll let you, check your HOSTS file (in XP, it's in C:\Windows\System\Drivers\Etc) and see if it's been hacked and, if so, if you're able to remove the garbage entries manually.

I did check that - I don't see anything that looks unusual other than entries Search and Destroy previously added. www.safer-networking.org, which I can not access as I mentioned above, is not listed in my HOSTS file.

[dougdirt]

Sounds like you have the same issue that my friend has. I could install programs that would take care of the problem.... but they wouldn't open when clicked. His computer would redirect any links he would click on to something else. I spent about 3 hours trying to work on it to no avail. Good luck, it seemed like a real good one. He didn't have any restore points, or at least it wouldn't acknowledge any. Hopefully you can get it figured out.

[Boss-Hog]

I was able to update the Ad-Aware definitions by writing them to a CD on another computer, but a full scan still turned up zero problems. That doesn't mean, of course, that there aren't any there.

[acredsfan]

One thing that I have used in the past is Advanced System Care by IObit. HERE

Now this didn't completely remove my problem, but it made it possible to run the other programs to finish it off. It will remove hijacked settings, which could help you. It's a pretty good program, and if nothing else, you should be able to find the name of the malware.

[KronoRed]

I had this problem and the only program that fixed it was this one.

http://www.malwarebytes.org/mbam.php