Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Help needed removing malware(browser related)

28 Oct 2011   #1

Windows 7 professional 64 bit
 
 
Help needed removing malware(browser related)

Hello. I am trying to fix a friend's laptop computer that has Windows 7 installed.

When he gave it to me it was infected with some assorted malware(trojans, etc.). At first, I could not open any applications whatsoever. Every time I would try it would ask me if I wanted to use internet explorer to open it.

I created a few rescue CD's(dr web, avira, avg, etc) and ran those. They cleaned up most of the problems.

Also, I installed AVG free edition and malware bytes. I ran both of those. That removed several more pieces of malware.

At that point, things were mostly good. But I noticed that almost all of the files on the computer had been marked as hidden(the desktop images were all faint, etc). So I went through and manually removed the "hidden" setting from all the PC files.

It seems like I am 99% good. However, when I open firefox browser and enter a google search, and click on a link in the search results, it sometimes redirects me to some other unwanted site. So I guess that there is still some malware lingering in the background that could not be found by AVG and malware bytes.

Any recommendations to fix this?

Thanks!

TC

My System SpecsSystem Spec
.

28 Oct 2011   #2

Windows 7 Home Premium 64bit
 
 

A friend of mine had an issue with his browser redirecting search results, and it took me a few days to find a fix, but I found a program called TDSSKiller and that removed the problem. You can try it out for yourself to see if it will also be a fix for you, and hopefully it will.

Anti-rootkit utility TDSSKiller

Edit: Here's a little bit more info about the trojan if you need it. Backdoor.Tidserv | Symantec
My System SpecsSystem Spec
28 Oct 2011   #3
Microsoft MVP

 

In addition to excellent idea TDSS Killer, I'd install MSE or Avast6 but not AVG which is no longer recommended by anyone here. For a boot scan use Microsoft Standalone System Sweeper

Often a serious infection requires reinstalling. In your case you can run Dell factory recovery after backing up your files: Dell Restoring Your Computer´s Software to the Factory Settings

Or if you're one of the lucky ones who got the Dell Reinstallation DVD you have the option to do a clean reinstall without the factory bloatware for a lighter weight install. Follow these steps to get it perfect: Reinstalling Windows 7
My System SpecsSystem Spec
.


28 Oct 2011   #4

Windows 7 Home Premium x64 SP1
 
 

If you get to the point where you are contemplating a repair install or fresh install, then I would give this tool a try first, as I have read some very positive things about it, and at this point, you really have nothing to lose:

|MG| Tweaking.com - Windows Repair 1.4.3 Download
My System SpecsSystem Spec
28 Oct 2011   #5

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

You may wish to give Norton Power Eraser a try, which offers a rootkit scan in addition to virus scanning:

Norton Rescue Tools

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.
But, as gregrocker stated, your safest bet for a clean PC is a clean install.
My System SpecsSystem Spec
28 Oct 2011   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Hi,

You might also want to flush the DNS and reset the hosts file. Please try this:

1. Copy the following text into a blank Notepad file:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


2. Save this as FLUSH.BAT to your desktop.
3. Right-click on FLUSH.BAT and run as Administrator.

The PC will reboot itself. Once it has done that, open a browser and see if the redirection has been fixed.

Regards,
Golden
My System SpecsSystem Spec
28 Oct 2011   #7

Windows 7 Home Premium x64 SP1
 
 

I have to admit, that if my machine were to ever get infected, I would re-image to my once per month image. Even if I didn't have an image to fall back on, I would then re-install windows. I know it's excessive and most might find it unnecessary, but that is just me. I would never feel 100% safe using a machine that I knew had at one point in time been compromised.

But if I were cleaning a friend's machine, then all of the advice in this thread would be followed. I would like to also add Hitman Pro ( Home - SurfRight) as a great tool as well. Also, SUPERAntiSpyware has an online scanner that is pretty good too. ( SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner )
My System SpecsSystem Spec
29 Oct 2011   #8

Windows 7 professional 64 bit
 
 

Hey guys, thanks for all of the good information. I will try your recommendations and report back.

A few other things......

First, why is AVG out of favor with people here? I have had decent luck with it over the years, especially for something free. Call me cheap, but I am VERY partial to free stuff

Also, I do agree with the remarks that fresh installs are better. That is what I usually do myself with my own computers. However, in this case, this is my friend's computer, and he wants to keep his applications and settings. So if I can get his system disinfected then he will try that for a while. But it would not surprise me if we eventually do end up going with a new install at some point.

Regarding a possible reinstallation for him.......... I have gotten to the point where I usually buy dell systems for myself, in part, because the windows reinstallation disks are so easy to come by. However, this laptop is an MSI product. I do not have an MSI specific Windows installation disk.

I do have a Dell reinstallation disk. Can I use that to reinstall Windows on his laptop? He does have an authentic Windows 7 license key. And thank the lord, it is still legible.

Thanks,

TC
My System SpecsSystem Spec
29 Oct 2011   #9

Windows 7 Ultimate SP1 64-Bit
 
 

The Dell DVD is an OEM version and will throw a wobbly if you try and install it on a computer other than the one it's tied to, unfortunately.

You say the product key is still legible. Can you borrow a Windows DVD off someone? It would need to be the same version as what is on his computer.
My System SpecsSystem Spec
29 Oct 2011   #10
Microsoft MVP

 

If you're partial to free stuff, then use the AV's which are recommended for best performance with Windows 7 and it's firewall, MSE and Avast6.

All that's extra in the Dell Reinstallation DVD is Dell branding and SLP reactivation, I believe, which won't activate in another machine. You can try using it to clean reinstall, then remove the Dell logo from Computer>Properties page, activate with key on COA sticker.

But it would be best to find a clean-copy ISO for your version to burn to DVD or write to stick using Windows 7 USB-DVD Download Tool. If you need to download one, google Official Windows 7 ISO download from My Digital Life
My System SpecsSystem Spec
Reply

 Help needed removing malware(browser related)





Thread Tools



Similar help and support threads for2: Help needed removing malware(browser related)
Thread Forum
removing malware from mobile phones System Security
BSOD browser related/vssc.exe related BSOD Help and Support
Couldn’t hibernate? Malware related? Avg search? System Security
BSOD While watching videos or Malware scans related to ntoskrnl? BSOD Help and Support
BSOD Every Boot After Removing Malware BSOD Help and Support
Halloween-Related Web Searches Can Lead to Malware System Security
Which antivirus is best at removing malware? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:20 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33