Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help needed removing malware(browser related)

28 Oct 2011   #1
True Colors

Windows 7 professional 64 bit
 
 
Help needed removing malware(browser related)

Hello. I am trying to fix a friend's laptop computer that has Windows 7 installed.

When he gave it to me it was infected with some assorted malware(trojans, etc.). At first, I could not open any applications whatsoever. Every time I would try it would ask me if I wanted to use internet explorer to open it.

I created a few rescue CD's(dr web, avira, avg, etc) and ran those. They cleaned up most of the problems.

Also, I installed AVG free edition and malware bytes. I ran both of those. That removed several more pieces of malware.

At that point, things were mostly good. But I noticed that almost all of the files on the computer had been marked as hidden(the desktop images were all faint, etc). So I went through and manually removed the "hidden" setting from all the PC files.

It seems like I am 99% good. However, when I open firefox browser and enter a google search, and click on a link in the search results, it sometimes redirects me to some other unwanted site. So I guess that there is still some malware lingering in the background that could not be found by AVG and malware bytes.

Any recommendations to fix this?

Thanks!

TC


My System SpecsSystem Spec
.
28 Oct 2011   #2
Shiva64

Windows 7 Home Premium 64bit
 
 

A friend of mine had an issue with his browser redirecting search results, and it took me a few days to find a fix, but I found a program called TDSSKiller and that removed the problem. You can try it out for yourself to see if it will also be a fix for you, and hopefully it will.

Anti-rootkit utility TDSSKiller

Edit: Here's a little bit more info about the trojan if you need it. Backdoor.Tidserv | Symantec
My System SpecsSystem Spec
28 Oct 2011   #3
gregrocker

 

In addition to excellent idea TDSS Killer, I'd install MSE or Avast6 but not AVG which is no longer recommended by anyone here. For a boot scan use Microsoft Standalone System Sweeper

Often a serious infection requires reinstalling. In your case you can run Dell factory recovery after backing up your files: Dell Restoring Your Computer´s Software to the Factory Settings

Or if you're one of the lucky ones who got the Dell Reinstallation DVD you have the option to do a clean reinstall without the factory bloatware for a lighter weight install. Follow these steps to get it perfect: Reinstalling Windows 7
My System SpecsSystem Spec
.

28 Oct 2011   #4
DBone

Windows 7 Home Premium x64 SP1
 
 

If you get to the point where you are contemplating a repair install or fresh install, then I would give this tool a try first, as I have read some very positive things about it, and at this point, you really have nothing to lose:

|MG| Tweaking.com - Windows Repair 1.4.3 Download
My System SpecsSystem Spec
28 Oct 2011   #5
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

You may wish to give Norton Power Eraser a try, which offers a rootkit scan in addition to virus scanning:

Norton Rescue Tools

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.
But, as gregrocker stated, your safest bet for a clean PC is a clean install.
My System SpecsSystem Spec
28 Oct 2011   #6
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

You might also want to flush the DNS and reset the hosts file. Please try this:

1. Copy the following text into a blank Notepad file:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


2. Save this as FLUSH.BAT to your desktop.
3. Right-click on FLUSH.BAT and run as Administrator.

The PC will reboot itself. Once it has done that, open a browser and see if the redirection has been fixed.

Regards,
Golden
My System SpecsSystem Spec
28 Oct 2011   #7
DBone

Windows 7 Home Premium x64 SP1
 
 

I have to admit, that if my machine were to ever get infected, I would re-image to my once per month image. Even if I didn't have an image to fall back on, I would then re-install windows. I know it's excessive and most might find it unnecessary, but that is just me. I would never feel 100% safe using a machine that I knew had at one point in time been compromised.

But if I were cleaning a friend's machine, then all of the advice in this thread would be followed. I would like to also add Hitman Pro ( Home - SurfRight) as a great tool as well. Also, SUPERAntiSpyware has an online scanner that is pretty good too. ( SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner )
My System SpecsSystem Spec
29 Oct 2011   #8
True Colors

Windows 7 professional 64 bit
 
 

Hey guys, thanks for all of the good information. I will try your recommendations and report back.

A few other things......

First, why is AVG out of favor with people here? I have had decent luck with it over the years, especially for something free. Call me cheap, but I am VERY partial to free stuff

Also, I do agree with the remarks that fresh installs are better. That is what I usually do myself with my own computers. However, in this case, this is my friend's computer, and he wants to keep his applications and settings. So if I can get his system disinfected then he will try that for a while. But it would not surprise me if we eventually do end up going with a new install at some point.

Regarding a possible reinstallation for him.......... I have gotten to the point where I usually buy dell systems for myself, in part, because the windows reinstallation disks are so easy to come by. However, this laptop is an MSI product. I do not have an MSI specific Windows installation disk.

I do have a Dell reinstallation disk. Can I use that to reinstall Windows on his laptop? He does have an authentic Windows 7 license key. And thank the lord, it is still legible.

Thanks,

TC
My System SpecsSystem Spec
29 Oct 2011   #9
seavixen32

Windows 7 Ultimate SP1 64-Bit
 
 

The Dell DVD is an OEM version and will throw a wobbly if you try and install it on a computer other than the one it's tied to, unfortunately.

You say the product key is still legible. Can you borrow a Windows DVD off someone? It would need to be the same version as what is on his computer.
My System SpecsSystem Spec
29 Oct 2011   #10
gregrocker

 

If you're partial to free stuff, then use the AV's which are recommended for best performance with Win7 and it's firewall, MSE and Avast6.

All that's extra in the Dell Reinstallation DVD is Dell branding and SLP reactivation, I believe, which won't activate in another machine. You can try using it to clean reinstall, then remove the Dell logo from Computer>Properties page, activate with key on COA sticker.

But it would be best to find a clean-copy ISO for your version to burn to DVD or write to stick using Windows 7 USB-DVD Download Tool. If you need to download one, google Official Win7 ISO download from My Digital Life
My System SpecsSystem Spec
Reply

 Help needed removing malware(browser related)




Thread Tools




Similar help and support threads
Thread Forum
Trouble Removing These Malware Registry Errors
Hey there, I've been getting the same message from Malware Bytes for quite some time now. I've gone into the registry and tried removing the entries but they keep showing up. I've searched a bunch of different places with advice on how to remove the errors but have had no luck. MB says...
System Security
Need help removing Wsearch - Windows Search, Malware
So I have noticed in the last while my PC has been running extra hard. the fan seems to be doin over time all the time when it shouldn't. there is RAM being used up even when idle. I have checked the services to see what is running and I have this service called "Wsearch" a google says...
System Security
removing malware from mobile phones
Hi all, I have a Windows 7 32-bit machine with an always updated Kaspersky Internet security 2013 AV installed on it. Can I scan my mobile phone (while it's attached to the PC), whether its OS be symbian, android, or ios, and be hopeful that my AV can find and remove the malware on it just like...
System Security
BSOD browser related/vssc.exe related
Been getting fairly regular BSOD's that only seem to happen when using a web browser. Chrome BSOD fairly regularly. Firefox less so (Only once). I've also had a vssc.exe BSOD when the pc was idle. Windows fully up to date. All drivers up to date. No conflicts. I've run a sfc scan with no errors or...
BSOD Help and Support
BSOD Every Boot After Removing Malware
My wife had some malware on her pc today and after removing it with Malwarebytes all the system wants to do now is BSOD typically with a 0x00000007e but has also done a 0x00000007a and a 0x00000096. She can load up into safe mode w/ networking just fine. It wont allow her to do a system restore. ...
BSOD Help and Support
Which antivirus is best at removing malware?
More at: Which antivirus is best at removing malware? | Zero Day | ZDNet.com
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App