Posted on 07/09/2011 9:03:47 PM PDT by raybbr
My wife's laptop is infected with some sort of redirect virus. I have tried Malwarebytes, ComboFix, F-Secure, Microsoft Security Essentials and nothing has worked.
It happens when I do a search in FF or IE using any search engine. The site returns results but if you click on any of the direct result links you get re-directed to a site that is mostly spam with further links.
There are plenty of thread on bleepingcomputer.com. I have tried everything I can think of. Any help will be appreciated.
raybbr
pfl
Yep. It only has one line "127.0.0.1" in it. No number symbols or anything else.
Ran SuperAntiSpyware and it came up with a couple of things - cleaned - still the same.
Am now running Microsoft Security Scanner. We'll see what that finds.
Open Internet Explorer
Tools
Internet Options
Connections
Lan Settings
Make sure NOTHING is in there (particularly PROXY SERVER)
Check the automatic configuration box
save settings restart IE
Who's that?
I had the same issue. I used Stopzilla. Problem solved.
Yeah, it is a root kit. I cleaned up a similar one on a Laptop at work last month.
right! make sure there is no proxy server checked in lan settings. rename any desireable anti rootkit program as “.com” and not “.exe”
hijack this is great too along with TDSS and malwarebytes.
you may have to wipe the o/s though. A family member’s pc had this rootkit on it and although that part was cleaned, it would bluescreen on windows updates (Vista 32 bit)
Well, I still don’t see this file as being the problem, although it is odd that it is empty. XP Pro ships with the file’s contents as I put in my post. I’d guess whatever bug you’ve got cleared the file so you couldn’t shortstop it. Or one of the tools you’ve already tried cleared the file as a precaution.
It doesn’t NEED to have anything in it. It exists only to provide shortcuts to url’s so your PC doesn’t need to lookup the IP address for a url on a DNS server somewhere. Putting “wrong” entries in it is useful to prevent popups and other content on webpages from finding the correct address on a DNS — a bad address means that popup or whatever fails to run, which is exactly what you want sometimes.
I finally got TDSS Killer to work. It was the “Volsnap” virus. It’s apparently new and hard to find/get rid of.
Thanks for your advice.
Glad you found a removal tool that worked. I haven’t hit that virus, but I’ve gotten hijacked with other redirect viruses before. It’s frustrating. It’s frustrating just to think that there are people out there that get their jollies by creating annoyances for people they’ll never meet.
At least now you know the purpose of the “hosts” file and can join the fight against annoying web content if you’re so inclined.
bkmk
I finally got TDSS Killer to work. It was the “Volsnap” virus. It’s apparently new and hard to find/get rid of.
Thanks for your advice.
It took me about 3 days of searching the intertoot to find the solution. I got it when I got fooled by a fake toolbar pop up giving me a program is about to blow up or some such warning. Thing is I knew about the fake security warnings for windows but this was for another program.
Be sure to go to old timer tools and run Temp File Cleaner
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
Also if you have AVAST do a boot time scan.
How did you make it work (in case I need it in the future)?
I logged on in Safe Mode without networking. I had the program (TDSS Killer) on a USB drive with the name changed, put it on the desktop and then it ran.
Until I did that it would never run.
bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.