As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Spyware? Something is Redirecting my Search Results

useruser Registered User regular
edited August 2009 in Help / Advice Forum
So somehow everytime I search and click on a result, no matter the provider, I end up with a redirect to a series of shady websites. Window's Malicious Spyware Removal can identify the trojan(s), but it's not seeming to do much in the way of getting rid of them. So I need a direct link to something which will fix this problem.

user on

Posts

  • Options
    Reservoir AngelReservoir Angel __BANNED USERS regular
    edited August 2009
    I had this problem, but not quite the same. I'd click a link and be taken so a "shady website", then click back, click the link again and go to the website I actually wanted.

    The only way I was able to get rid of it was a full system restore of my PC. Just wiped it back to factory settings. There might be another way that I didn't think of or know about though.

    Reservoir Angel on
  • Options
    useruser Registered User regular
    edited August 2009
    I guess I'll have to do that, it's quite amazing how this thing has progressed in such a short amount of time.

    In the span of about 2 hours this is what it has accomplished:

    Mysteriously done away with my Program Files folder in the C: partition.

    Disabled my Folder Options making me unable to check to see if it is hidden.

    Locked me out of my registry making me unable to correct the above.

    Anyway, does anyone know if there's any harm in my burning about 1 gig of files onto a DVD and then writing them over to my reformated laptop at this point? While I wasn't particularly attached to anything on this current install, there are a few word documents and photos I don't have backups of...

    user on
  • Options
    The CatThe Cat Registered User, ClubPA regular
    edited August 2009
    given that your current setup can't detect the problem, I wouldn't risk it. Wipe it, and once you're done, change all your passwords. especially if you do online banking. Don't fuck around.

    The Cat on
    tmsig.jpg
  • Options
    useruser Registered User regular
    edited August 2009
    I suppose that'd be for the best, thanks. I'll still make that discs though, just to have around, to be loaded in case it turns out that there's no problem with doing that. I'll ask again when there's a bit more traffic on here, from my hopefully trouble free reformated laptop.

    user on
  • Options
    Reservoir AngelReservoir Angel __BANNED USERS regular
    edited August 2009
    My version of it was less crippling and more confusing. It left all my personal files alone, instead going after my iTunes library!

    The after it had wiped that for the 25th time then it started to work fucking with most other functions to the point I had to wipe my PC to get rid of the thing.

    Damn viruses.

    Reservoir Angel on
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited August 2009
    user wrote: »
    I guess I'll have to do that, it's quite amazing how this thing has progressed in such a short amount of time.

    In the span of about 2 hours this is what it has accomplished:

    Mysteriously done away with my Program Files folder in the C: partition.

    Disabled my Folder Options making me unable to check to see if it is hidden.

    Locked me out of my registry making me unable to correct the above.

    Anyway, does anyone know if there's any harm in my burning about 1 gig of files onto a DVD and then writing them over to my reformated laptop at this point? While I wasn't particularly attached to anything on this current install, there are a few word documents and photos I don't have backups of...

    XP, right? Yeah I can see how all this might work, I've dealt with viruses like that before. Hours of repair.

    re: harm. Yeah you just have to careful about the trojan hitching a ride onto the DVD. Just burn it now, but remember to completely disable autorun after you format+reinstall Windows. Fastest way is to run
    %systemroot%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\autorun.inf" /ve /d "@SYS:DoesNotExist" /f
    

    as described here.

    Then go to Folder Options and
    enable Show Hidden files, folders, and drives,
    disable Hide extensions for known file types, and
    disable Hide protected operating system files (don't worry about the warning, you can reverse these at the end).

    Then, and only then, pop in the DVD and copy back safe files.

    Note that Word documents may have been rewritten to include hostile macros. Also, a common trick is to disguise executables with the icon of a Windows XP folder, or a Word document, or a picture, and so on, and then put them next to the victim's own documents, often with a filename picked from your existing files. Look at extensions carefully before double-clicking anything. Going to View > Group By and setting "Type" will help here.

    Pictures, music, and videos are probably safe (as long you're sure they're pictures and not "somevirus.jpg.exe").

    ronya on
    aRkpc.gif
  • Options
    useruser Registered User regular
    edited August 2009
    Wow, ronya that was just the kind of information I was hoping to get. Thanks a lot.

    Also the OS I'm currently/was running is Vista. So far I've reformated, gotten rid of the standard dell bloatware and am running window's update. I guess I've been pretty careless not running any sort of AV, but it hasn't really affected me until this incident.

    user on
  • Options
    Count FunkulaCount Funkula Registered User regular
    edited August 2009
    In the future, running malwarebytes to clean your pc of spyware and trojans can save you a lot of time and hassle. It really works pretty well.

    http://www.malwarebytes.org/

    Count Funkula on
  • Options
    useruser Registered User regular
    edited August 2009
    I tried that program along with a few others. At that point the virus/trojan was capable of freezing these programs midscan. In any event, I believe the appropriate time to give up is when your locked out of your own registry.

    user on
  • Options
    mspencermspencer PAX [ENFORCER] Council Bluffs, IARegistered User regular
    edited August 2009
    Sorry for adding a question to this existing thread, but: is that something spyware can do? Are spyware authors savvy enough they can attach to the process of a DVD burning application and alter the filesystem creation process to add their own malicious stuff to the disk?

    That would be a huge development effort -- but then again, I suppose spyware is this huge criminal enterprise now. It wouldn't surprise me.

    mspencer on
    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • Options
    PirateJonPirateJon Registered User regular
    edited August 2009
    Are spyware authors savvy enough they can attach to the process of a DVD burning application and alter the filesystem creation process to add their own malicious stuff to the disk?

    Yes. Google "Russian Business Network" sometime.

    PirateJon on
    all perfectionists are mediocre in their own eyes
  • Options
    mspencermspencer PAX [ENFORCER] Council Bluffs, IARegistered User regular
    edited August 2009
    That's *frightening*.

    Next thing you know they'll be abusing DVD burners and making them re-burn on top of any recordable disk you insert, to try to keep you from installing cleaning software. About the only thing that'll still work would be booting with BartPE with McAfee and cleaning that way.

    (I'm at work, at a bank -- I won't be Googling that from here. I'll do that from home -- using a virtual machine.)

    mspencer on
    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited August 2009
    If a malicious attacker has root on your computer they can theoretically hijack a livecd boot as well - an elaborate BIOS hack? - but this is well into the realm of theory.

    Along the same tack, hijacking an arbitrary DVD burning app is unlikely, but surreptitiously inserting their own files into, say, the default Windows disk burner is fairly trivial. It's not really a huge development effort to just copy files to "%userprofile%\Local Settings\Application Data\Microsoft\CD Burning".

    Also trivial is quietly corrupting Word documents already on the disk (macro viruses - old hat), or editing other media files to exploit assorted vulnerabilities (e.g., the old GDI+ security flaw in JPEG processing that caused so much trouble way back in 2004).

    Due to the complexity of newer viruses and adware it's generally easier and faster to just keep storing copies of documents and media, then format when trouble starts. I wouldn't trust McAfee to be able to remove everything.

    ronya on
    aRkpc.gif
Sign In or Register to comment.