I'm freaking out

[MaxPayne]

I'm freaking out Google search redirecting me to spam sites

I got a few trojans yesterday after scanning my computer.I scanned and removed them with bitdefender,(used to have it but uninstalled it and git Norton instead)norton internet security 2012, malwarebytes, and superantispyware, and my system looked clean, but now when i search a website on Google, and i click on a link, it takes me to some advertisement type website. For example, i looked up this forum, and when i clicked on the link it took me to yellow pages instead??? I looked up my problem up and looks like I still have malware. The only steps I have taken so far is scan my system with Norton IS2012 , malearebytes, and superantispyware, and they all gave me clean results so it seems like they can't detect the malware... So I don't know what to do now.. :'( please help!

 

[brady]

Remove all IE toolbars then check your proxy settings

IE. Tools/Internet Options/Connections (tab)/Lan Settings (make sure you're proxy server is unchecked)

Then check your hosts file: C:\windows\system32\drivers\etc\hosts (open with notepad)
*feel free to copy/paste the contents of your hosts file if you notice something strange.

 

[MaxPayne]

Remove all IE toolbars then check your proxy settings

IE. Tools/Internet Options/Connections (tab)/Lan Settings (make sure you're proxy server is unchecked)

Then check your hosts file: C:\windows\system32\drivers\etc\hosts (open with notepad)
*feel free to copy/paste the contents of your hosts file if you notice something strange.

I am using Google Chrome 13 beta...
and all i have is the norton tool bar..
and i checked and i am not using a proxy server


here is my hosts file:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

is there something wrong?

 

[brady]

hosts file is fine, your issue may me in registry

 

[MaxPayne]

hosts file is fine, your issue may me in registry

so what do i do now?
superantispware just picked up like 44 adware tracking cookies? is that bad?

 

[MaxPayne]

I am scanning my laptop in safe mode right now with NIS, Malwarebytes, and superantispyware will update when finished. Any other things I should do?

Sent from my HTC Wildfire S using Tapatalk

 

[fseal]

Tracking cookies are not "bad" per-se, that is, they are generally not a sign of anything other than normal net browsing... I.e. not related to virii.

 

[MaxPayne]

hosts file is fine, your issue may me in registry

Brady you are right it is my registry, I remember the spam sites started happening after I used ccleaner to fix registry errors, after it supposedly fixed them the spam sites started showing up.

Sent from my HTC Wildfire S using Tapatalk

 

[MaxPayne]

Ok you guys after booting into safe mode and scanning with NIS 2012, Microsoft Safety Scanner, and SuperAnti Spyware
Norton found 5 Heuristic viruses and removed them. Microsoft Security Scanner found 2 viruses and removed one, it could not remove the other which was "Adware:Win32/opencandy" Is that bad? the superantispyware only found cookies. So i rebooted tried google search and no more spam sites! I guess it was the Heuristic viruses Norton found. I am thinking of installing Comodo Internet securtiy plus 2011 with Norton Internet Security 2012. Will that cause any conflcts?

 

[MaxPayne]

looks like its back i google searched comodo forums and it took automatically to a microsoft support page? then i closed my browser, cleared everything with ccleaner, and the problem went away.. but i think there is still a virus..

 

[fseal]

At this point I'd be preparing for a "Nuke it from space" approach... :/

Though merely repartitioning and formatting your HD may not be enough as virii can hide in the MBR and even in your BIOS on some motherboards. I'd be prepared to re-flash my BIOS and hand clean the HD including the MBR (have to look up how to do that).

Also, do you have a firewalled router or firewall machine/appliance between you and the net? If not is your windows firewall on? If no to both then you could be just being reinfected every time you connect to the net...

Lastly, having two AV programs installed at once usually doesn't work well. They can end up conflicting with each other, either to the point of not being as effective as one by itself or by slowing your computer down so much it's like having a virus itself.

 

[brady]

I must agree with seal, with all the work you've put into cleaning the machine with very random results it might be time to nuke it.

 

[MaxPayne]

At this point I'd be preparing for a "Nuke it from space" approach... :/

Though merely repartitioning and formatting your HD may not be enough as virii can hide in the MBR and even in your BIOS on some motherboards. I'd be prepared to re-flash my BIOS and hand clean the HD including the MBR (have to look up how to do that).

Also, do you have a firewalled router or firewall machine/appliance between you and the net? If not is your windows firewall on? If no to both then you could be just being reinfected every time you connect to the net...

Lastly, having two AV programs installed at once usually doesn't work well. They can end up conflicting with each other, either to the point of not being as effective as one by itself or by slowing your computer down so much it's like having a virus itself.

I don't think I have a firewall setup besides nortons's should I seup another one besides windosws because I don't like windows anythingwhen it comes to security, I really don't want to nuke my hard drive as I have ubuntu on a seperate partition and I have important files in windows and don't have anything to backup with.

Sent from my Gingerbread on Dream using Tapatalk

 

[DBone]

Before you panic, try HitMan Pro http://www.surfright.nl/en/downloads/ .

 

[MaxPayne]

Thanks, oh and i checked and windows firewall is on...
Also, i am pretty sure there is still a virus because i google searched again and yea the god damn spam sites again.

 

[MaxPayne]

now my norton subscription ended and i am with out protection, however i found this at the comodo forums and i think i am gonna do it:GeekBuddy Proactive PC Protection Tech Support Computer Diagnostics
what do you guys think? Oh and hitman pro only found one tracking cookiee and thats it

 

[GEWB]

I don't think I have a firewall setup besides nortons's should I seup another one besides windosws because I don't like windows anythingwhen it comes to security, I really don't want to nuke my hard drive as I have ubuntu on a seperate partition and I have important files in windows and don't have anything to backup with.

Time to invest a little time and/or money and back up those important files and ONLY those files (not the entire Windows partition).

Suggestions:
> Purchase external hard drive
> Purchase flash drives
> Burn to DVD/CD
> Sign up for Windows Live Skydrive and upload to there (note single file size limitation) - up to 25GB but read how to do it!
> Save/back up your Ubuntu /home partition as well

Run a utility to find serial numbers and write them down on paper.

Download and burn live Linux ISO such as Puppy Linux 5.2.5 or Knoppix.

Download and run the hard drive utility from your HD manufacturer - blow out the MBR and partition table.

Use live Linux to partition your drive into two making sure the second partition is large enough for all of your Windows stuff.

Reload Ubuntu and replace the /home partition with your backup.

Reload Windows 7 - it will see Ubuntu and set up a boot loader.

Load a Windows anti-virus program and firewall; update Windows.

Reload the backed up files to the Windows installation and virus check them.

(Yes I know there are other ways to do this but this should work just fine.)

Regards,
GEWB

 

[MaxPayne]

I don't think I have a firewall setup besides nortons's should I seup another one besides windosws because I don't like windows anythingwhen it comes to security, I really don't want to nuke my hard drive as I have ubuntu on a seperate partition and I have important files in windows and don't have anything to backup with.

Time to invest a little time and/or money and back up those important files and ONLY those files (not the entire Windows partition).

Suggestions:
> Purchase external hard drive
> Purchase flash drives
> Burn to DVD/CD
> Sign up for Windows Live Skydrive and upload to there (note single file size limitation) - up to 25GB but read how to do it!
> Save/back up your Ubuntu /home partition as well

Run a utility to find serial numbers and write them down on paper.

Download and burn live Linux ISO such as Puppy Linux 5.2.5 or Knoppix.

Download and run the hard drive utility from your HD manufacturer - blow out the MBR and partition table.

Use live Linux to partition your drive into two making sure the second partition is large enough for all of your Windows stuff.

Reload Ubuntu and replace the /home partition with your backup.

Reload Windows 7 - it will see Ubuntu and set up a boot loader.

Load a Windows anti-virus program and firewall; update Windows.

Reload the backed up files to the Windows installation and virus check them.

(Yes I know there are other ways to do this but this should work just fine.)

Regards,
GEWB

Thanks for your help, but I will do this if there is no other choice.

 

[GEWB]

Statement from OpenCandy:

Learn More About OpenCandy and False Adware Detections | OpenCandy

Looks like you need to uninstall ALL of the various programs/utilities you downloaded and installed (unless you know exactly which program caused this). Be sure to do one at a time and clean the registry after each (also search for and remove left over files/directories). There are many posts in the forums with instructions.

Also read this thread and see if it helps:

Google search hijack virus. Help m

Regards,
GEWB

 

[MaxPayne]

thank you so much microsoft safety scanner found this but couldnt remove it.. so i think this is the cause..