The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
The Craftiest Virus
MayGodHaveMercy
Registered User regular
Registered User regular
So... my work computer appears to have a Virus of some sort. Windows Alert keeps telling me Win32.Netsky.Q is running, so I ran a Netsky removal tool from Symantec, but I still get the errors. On top of that, I think I might have another virus, and this one is devious. Anytime I try to go to an anti-virus website, I get automatically redirected to either a "FREE VIRUS SCAN" website, or AT&T's website, or some other random place. Can't go to AVG.com, can't go to Grisoft.com, can't go to McAfee or anywhere. It's weird, and unlike anything I've ever seen before. I'm ready to reformat this computer, it needs it anyway, but I wanted to know if you guys had any other ideas before I go that way. Apparently Spybot isn't free anymore, and Ad-Aware is either no longer in existence, or I'm being blocked from that, as well.
XBL: Mercy XXVI - Steam: Mercy_XXVI - PSN: Mercy XXVI
MayGodHaveMercy on
0
Posts
Also try rebooting into Safe Mode with Networking to see if you can get to a scan site that way.
My Backloggery
Never trust any spybot site but http://www.safer-networking.org/en/download/
Sounds like a nice case of malware you have there. The redirects are Browser Hijack Objects.
Here is what I would start with, run what you can in safe mode.
Spybot(Don't run teatimer):
http://www.safer-networking.org/en/download/
Spyware Blaster (Good at blocking BHO's)
http://www.javacoolsoftware.com/spywareblaster.html
HJT:
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
HJT is more for gathering logs, but it can delete entries. Run that after spybot and spyware blaster and post the results here if you are unsure what to do with them. It will allow you to remove suspect entries in the registry as well as the dangerous files associated with them. It does scan processes running and that kind of thing, so just be aware of that before you post, since it is a work PC.
If you get redirected from some of those URL's to fake ones, download chrome or firefox which should prevent the redirects. Most of that BHO crap comes from IE.
DrFryLock's advice to me when I had a similar problem:
"Because every one of these infections is a little different, it helps to have a human in the loop. You probably want to:
1. Download and install HijackThis
2. Run it and generate a log
3. Post that log on a place like MajorGeeks malware removal forum or BleepingComputer malware removal forum. Somebody there will tell you a sequence of steps, and if you keep responding in a timely manner, you'll eventually get it scraped off.
The procedure that you'll probably do is this:
1. Run HijackThis and generate a log.
2. Download and run a tool called ComboFix that will scrape off most of the infection. This will also generate a log.
3. Use that log to create a special text file called CFScript.txt that tells ComboFix what else to scrape off that it missed the first time.
4. Run ComboFix with CFScript.txt and scrape off the rest.
5. Run HijackThis again and generate a log to make sure it's clean.
6. Run TrendMicro antivirus and Malwarebytes Anti-Malware just to make sure you got it all.
ComboFix is very powerful but also very aggressive and can nuke your computer, but it has saved my ass more than once. Some of the above steps are manual - particularly reading the ComboFix log and then figuring out what to put in CFScript.txt. Basically you need someone that can look at the log and say "that's normal...that's not." and put all the "not normal" stuff in the CFScript for removal. This is why you want to do it with the help of a MajorGeeks or BleepingComputer helper."
This worked for me, but obviously no guarantees and no warranty if you end up nuking the crap out of yourself. Reformatting is good but I found HijackThis and ComboFix to be really powerful, and HT is not hard to learn to use.
Just to add to what's been suggested, I tried safe mode with networking, and still couldn't get through to any kind of anti-virus sites. Can't use system restore either, that doesn't work
Heh, I can't get to Blaster or Spybot. And yeah, when I was trying to download spybot yesterday, it took me to a very good knockoff, and I thought maybe they had just moved up in the world and were not releasing it for free anymore. Going to try to get SpyBot and Adaware via another computer and move it onto this one.
Honestly I would just go ahead and reformat.
This has always worked for me on things that get past Spybot, Ad-Aware and McAfee. Good luck!
Safemode FTW.
Boot safemode, install spybot and friends, run them. That should get you in at least. Don't run HJT in safemode though, will defeat the purpose.
Can't get to that website either.
What browser are you using?
Firefox, but I can't get to any of these sites on IE, either.
Someone tell me how to boot to safe mode without using msconfig. "MSconfig caused a system failure." I can't look it up online because... I can't get to any of the sites.
EDIT: Good God, 89 problems found. Fixing now...
Go to C:\Windows\system32\drivers\etc\
Double click the hosts file and open it in notepad. The average user shouldn't have any entries in this file. If you do, the simple fix is to close the file and rename it to something else.
Keep us updated!
EDIT: It cleared 88/89 infections, but I'm still having all of the same problems, so it's either that one that's left, or it's missing something. I'll know more soon, I'm sure.