I'm having a helluva time getting rid of a very annoying "Google redirect" virus on one of my computers. (For those who don't know what this virus does is hijack your Google search function and send you to unrelated pages...usually Adsense sites that the hacker has set up)
I had this happen a while back and I was able to get rid of it simply by going into safe mode and resetting my computer to an earlier date. (this works well for most viruses; like that really annoying one that pretends to actually be a spyware detector) but this one must be more sophisticated.
I tried the reset, I removed and reinstalled my Firefox browser. (It's the browser that this virus infects) neither worked. I ran both Avast and Spyware Blaster, and neither of those picked it up.
I went out on the net and did some research. I discovered that this virus is something called a "TDSS Rootkit" and I found a software called "TDSS Killer" (put out by an outfit called Kaspersky Lab) that removes it temporarily, but within a few minutes the motherfucker has hijacked the search results again.
Apparently this is a virus that "knows" how to defend and re-establish itself unless you can eradicate it completely.
Any recommendations for a spyware/malware remover that is effective against this specific problem?
Question For The Tech types
Re: Question For The Tech types
I recall you having a similar problem once before and I suggested this, which, IIRC, did do the job (pls follow through to subsequent posts where I added some additional steps). Might be worth trying again, but PLEASE PLEASE remember to set a system restore point first, in case anything gets messed up.
-
oldr_n_wsr
- Posts: 10838
- Joined: Sun Apr 18, 2010 1:59 am
-
Simpson5215
- Posts: 16
- Joined: Mon Apr 19, 2010 4:08 pm
Re: Question For The Tech types
Many viruses like to take advantage of your registry settings to launch themselves. These often use ghost names (AKA point to a non-existent executable) making them hard to kill. One thing you can do is check your registry for applications that automatically startup at boot.
Click Start --> Run
Type regedit
Navigate to My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
This lists all of the programs that are trying to startup at boot time. The best way to find out if one is a virus is to search the net for each executable listed. If one is a virus you should get a hit on it in the search note the location of the executable so you can delete it from your computer.
If it is found to be launched from the registry delete the entry for it. I personally do not like any application running at startup so I tend to keep my run folder empty.
Edited to Add that Scooters link is much more in depth than what I wrote here. Very nicely put.
Good LucK
Click Start --> Run
Type regedit
Navigate to My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
This lists all of the programs that are trying to startup at boot time. The best way to find out if one is a virus is to search the net for each executable listed. If one is a virus you should get a hit on it in the search note the location of the executable so you can delete it from your computer.
If it is found to be launched from the registry delete the entry for it. I personally do not like any application running at startup so I tend to keep my run folder empty.
Edited to Add that Scooters link is much more in depth than what I wrote here. Very nicely put.
Good LucK
Re: Question For The Tech types
Scooter, that worked well for the earlier problem, but the file for this isn't showing up in the registry.
I've been told that a spyware remover put out by Parento Logic is good for this, (it's only 20 bucks; I've run the free scan and it appears to have found it...their web site says it's good for this problem, and if it doesn't work they refund your money) I think I'll give that a try.
I've been told that a spyware remover put out by Parento Logic is good for this, (it's only 20 bucks; I've run the free scan and it appears to have found it...their web site says it's good for this problem, and if it doesn't work they refund your money) I think I'll give that a try.
Re: Question For The Tech types
Did you try searching the registry for a string associated with the virus? Open the registry editor, click on My Computer so you're starting from the very top, click on Edit, then Find, enter a string to search for (make sure all the boxes below are checked, then click find (or find next if it comes up more than once).
Could also run msconfig and check under all the tabs to see if you find something there (particularly boot.ini if it's something that runs right from boot up???)
Could also run msconfig and check under all the tabs to see if you find something there (particularly boot.ini if it's something that runs right from boot up???)
Re: Question For The Tech types
Hi Simpson, been lurkin? Welcome.
“If you trust in yourself, and believe in your dreams, and follow your star. . . you'll still get beaten by people who spent their time working hard and learning things and weren't so lazy.”
-
Simpson5215
- Posts: 16
- Joined: Mon Apr 19, 2010 4:08 pm
Re: Question For The Tech types
I usually dont have much to add to most topics so I mainly lurk. On some of the tech topics I at least know what I am talking aboutGob wrote:Hi Simpson, been lurkin? Welcome.
Re: Question For The Tech types
Well good to see you in any case Simpson, hope you enjoy the site..
Jim, in firefox, disable the XULrunner (tools/add ons/xulrunner.)
Then run a malware sweep, then reboot.
Worked for me.
Jim, in firefox, disable the XULrunner (tools/add ons/xulrunner.)
Then run a malware sweep, then reboot.
Worked for me.
“If you trust in yourself, and believe in your dreams, and follow your star. . . you'll still get beaten by people who spent their time working hard and learning things and weren't so lazy.”
-
oldr_n_wsr
- Posts: 10838
- Joined: Sun Apr 18, 2010 1:59 am
Re: Question For The Tech types
Buy a gun, shoot the computer, gather some wood, light a fire, send smoke signals.