I have a virus. Please help

[ikilledkenny]

Hey guys,

I think I have a virus, but I can't search for how to get to it because that's where the virus gets me. Every time I search something, it shows me the results as normal, but it when I click on the results, it forwards me to what I was looking for on a site like eBay, or some other place that requires me to buy something. Because of this, I can't get help. I cannot click on any links because they forward me somewhere else. I'm running a virus and malware scan right now. In the meantime, can someone please help me figure out what's going on?

Thanks!

 

[ikilledkenny]

AVG Found 2 so far, Win32/Heur, found in E:/WINDOWS/Tem/tempo-13763062.tmp

Can anyone make something out of this? I'm not familiar with my temporary files. Jacee?

 

[jfar]

Can you install Malwarebytes,and if so run it, and let it do its thing.

 

[ikilledkenny]

I can go get it. It doesn't block you from searching MSN (because nobody uses it).

 

[ikilledkenny]

I downloaded it and will run it after the virus scan.

Oh great, I found 4 BackDoor.Generic11.HXC

 

[jfar]

I use Avira and Malwarebytes on my systems ,and I never seem to have any problems.Touch wood.

 

[ikilledkenny]

I cleaned up everything. It found 10 viruses. Malwarebytes won't open, neither will Spybot S&D. All of the things I search are forwarded to any website that needs my Social Security, Credit Card, anything that will give the hacker my money. Does anyone know how to get rid of these viruses?

 

[SqdnGuns]

Search Google for BleepingComputer......................can't post the link here.

 

[ikilledkenny]

Search Google for BleepingComputer......................can't post the link here.

Ok, but I need to search live, as the main problem is that I can't search Google without being forwarded somewhere else.

 

[DocBrown]

MalwareBytes worked for me after my StePson infected one of our computers in a similar style to what you have. But it took 3 days of doing it over & over again. Worst thing I have ever had happen in years.

 

[12eason]

Malicious software removal tool.

 

[DocBrown]

I think I had to downLoad MalwareBytes onto another computer & then move it to the infected one to install it by way of USB flash drive.

 

[SqdnGuns]

Try bleeping computer dot com

Remove the space..................between the first 2 words.

I know the rules say we cannot post links to other forums but this one is a must have for all M$ OS users.

 

[Jacee]

I'm going to add my 2 cents here ... you are running Win7 Beta and it doesn't matter what the version is, it's still Beta.
There is no antimalware forum that is going to help you with this. They will all tell you to wipe and do a clean install of the the Beta version you're using.

Now, this isn't because we don't want to help ... it's because many of our "specialty tools" have not been updated to deal with Win7. Heck! Some of our tools don't even work with Vista yet :shock:

Developers are working where and when they can, but XP is still their main focus right now.

PS.... The person between the computer and in the chair is in charge of what they do, click on, and download ... Be aware of your surroundings on the Net and have adequate protection on your computer.

 

[Jacee]

The only thing I can suggest right now is to flush your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe (Right click and run as Administrator)
enter ipconfig /flushdns press 'enter'


Then download HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

 

[ikilledkenny]

The only thing I can suggest right now is to flush your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe (Right click and run as Administrator)
enter ipconfig /flushdns press 'enter'



Then download HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

This didn't work for me. I searched Tom's Hardware in Google and it forwarded me to Zappos.

I think we were making progress, are there any other tips anyone knows?

 

[wguimb]

Jacee is right. Backup non-executable critical data and do a clean install (delete partition, create partition, format, install OS). After install, download a rootkit checker and install antivirus first. Then scan everything you restore back to your new OS.

I mean you could play around with it first, waste a lot of time. The malware, trojan or virus or whatever has probably stored hidden registry entries to various files all over and corrupted some dll and other loadable system files.

 

[Dinesh]

Give a try to remove those nasty viruses with these 2 tools:
http://www.bleepingcomputer.com/resources/link243.html
ComboFix | freeware

 

[Orbital Shark]

Hi ikilledkenny,

You stated earlier that your not familiar with temporary files? Ok, you could try this;
1, Disconnect from the net.
2, Open explorer and click 'Organize' and 'Folder and search options', under the view tab, click to 'Show hidden, files, filders and drives'. Click ok to exit back to explorer.
3, Navigate to [root drive]\Users\[user name]\AppData\Local\Temp & delete everything there.
4, Navigate to [root drive]\Windows\Temp & delete everything there.

You will need to do this for each drive you have that would contain this specific information. Then restart your computer.

Also, if all your links are forwarding you could try, right-click 'Restore previous version' for each link (located in Start->[Username] folder->Favourites). If any changes have been made this will search your shadow cache and try to restore your link (if it finds it).

Hope this helps

 

[12eason]

Malicious software removal tool.

Did you try this? Seriously, I've come across this exact virus before, twice. It redirects google results and sabotages antivirus programs, but Msrt removes it completely.