Solved Malware on my Computer

[crimson]

There is malware on my computer. Sometimes when I go to a page, my browser (IE or Chrome) will redirect to some other page. Also, I couldn't even get Chrome to work since I got infected. But suddenly it started working a few days ago. I've been infected for over a week now.

I ran Avira scan, and it found no virus. There were like 230 warnings in the report, but I didn't see anything in the software to fix them.

Then I ran Hijackthis which was made for XP. It didn't work. My browser is still not working right. I don't know what to do to get rid of this. Is there a HijackThis for W7?

Should I find a better malware scanner?

 

[richc46]

You have a redirect virus. To be honest it is not good.

In the meantime, while you wait for some of our experts
Download and make a full scan with malwarebytes, update first. Be sure to reboot when asked. You may be asked for the file.

 

[moshimonsters]

not good

 

[crimson]

I don't know if there's a hijackthis, but I found a few standalone tools specifically for eradicating the redirect virus. Thanks for telling me what it is. I think I got rid of it. I'll surf around a little just to make sure.

 

[SledgeDG]

I don't know if there's a hijackthis,

HijackThis - Trend Micro USA

Operating System

• Microsoft™ Windows™ XP
• Microsoft™ Windows™ 2000
• Microsoft™ Windows™ Me
• Microsoft™ Windows™ 98
• Microsoft™ Windows™ Vista
• Microsoft™ Windows™ 7

Software

• Microsoft Internet Explorer 6.0 or newer
• Mozilla™ Firefox™ 1.5 or newer

 

[crimson]

Oh kewl they updated HijackThis for W7. Last time I checked it was only for XP. Thanks!

 

[SledgeDG]

You're very welcome.Yep it seems, Merijn had sold the whole thing to TrendMicro and they updated it 3x now IIRC.
I use HijackThis ever since I came across in W98SE times

Hope you get your stuff sorted out

*DG

 

[jimbo45]

Hi there
Unlike a lot of people here I've made my position on the whole question of Computer Security well known ever since I signed up to the Forum.

I'm fairly suspicious of most types of AV software -- my philopsophy is usually that a USER can protect a computer far better than ANY AV software if you use your machine sensibly.

However people DO get infected -- and for me the only 100% safe resolution is to RESTORE from a CLEAN IMAGE if you have one (and you should ALWAYS HAVE ONE) or else a complete W7 re-install.

I would NEVER EVER trust a computer again that had been infected and "cleansed" by AV software.

We all know that there is no such thing as 100% safe computer AV software --so why should we also assume that a computer can be 100% cleansed with AV software too.

Once you've got a CLEAN image back it up and if you get infected again use it for recovery.

MSE for protection these days is just as good as anything else out there for HOME computers --and its FREE as well.

Cheers
jimbo

 

[SledgeDG]

I see where you 're coming from, Jimbo an you sure have a point there.
Only difference here: HijackThis is not so much an AV software but more a report tool, that gives you a report about what goes on on several (usually suspicious) positions. So it relies on the user to decide if the computer is infected and what measures have to be to remedy the situation.
You could as well go through the registry "by foot", inspecting each and every key.
I usually check the outcome and decide what to do next, from there

-DG

 

[crimson]

Thanks. I agree with most of what you said except for the MSE part. I would never use MS product as a firewall. It makes no sense to trust a firewall from a company that makes software I would use especially if the software is an operating system itself. I'm not going to trust a MS product to block Windows from accessing the internet.

I keep Windows Firewall disabled, and use a third party firewall because Windows firewall doesn't block shite. It allows all my applications (especially Windows components) to use my internet connection to access the internet without my permission.

I can't format my computer right now, and reinstall everything clean because I don't know anybody that will lend me their hard drive to store about 1TB worth of docs/pics/vids/music/media etc. while I format my hard drive. There is no way I can format my hard drive because I have all this media on it that I cannot lose.

The only way I wouldn't format is if I get a virus that I know has been eradicated. But typically, I would wipe the harddrive and reinstall everything clean if I knew that there is garbage in it that I can't figure out how to fix. I know exactly what processes need to be running at all times, I know what needs to be enabled, and I know what should be running at startup. By sometimes there is alot of crap that gets installed with software or malware that has absolutely no purpose.

 

[Jacee]

Are you still being re-directed? If you are, you'll need to flush the DNS cache and restore MS's original Hosts file.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Next, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[jimbo45]

Thanks. I agree with most of what you said except for the MSE part. I would never use MS product as a firewall. It makes no sense to trust a firewall from a company that makes software I would use especially if the software is an operating system itself. I'm not going to trust a MS product to block Windows from accessing the internet.

I keep Windows Firewall disabled, and use a third party firewall because Windows firewall doesn't block shite. It allows all my applications (especially Windows components) to use my internet connection to access the internet without my permission.

I can't format my computer right now, and reinstall everything clean because I don't know anybody that will lend me their hard drive to store about 1TB worth of docs/pics/vids/music/media etc. while I format my hard drive. There is no way I can format my hard drive because I have all this media on it that I cannot lose.

The only way I wouldn't format is if I get a virus that I know has been eradicated. But typically, I would wipe the harddrive and reinstall everything clean if I knew that there is garbage in it that I can't figure out how to fix. I know exactly what processes need to be running at all times, I know what needs to be enabled, and I know what should be running at startup. By sometimes there is alot of crap that gets installed with software or malware that has absolutely no purpose.

Hi there

The best way of running Windows (or ANY OS for that matter) is to separate the OS from user data.
With W7 even a large system with loads of apps such as MS office, Photoshop etc etc won't require more than around 35 - 50 GB.

Partition the drive into 40 - 50 GB say for the OS and use whatever is left over for User Data, Media files, pictures,etc etc.

Then if you have to restore etc you only need to restore the OS partition -- takes at the MOST around 25 mins with most commercial backup / restore software.

If you don't have any W7 backup software an EASY way to backup the W7 partition is to boot any old Linux system and just TAR or GZIP the W7 partition -- it's just DATA to Linux. Partition is usually found by a name such as /dev/windowsC, or /dev/sda2 or whatever.

Otherwise use commercial software -- I use Acronis -- cheap and works a treat. There is other stuff out there -- a bit of googling will help too.

Cheers
jimbo

 

[malexous]

I have all this media on it that I cannot lose.

Wouldn't it be a good idea to back these up, then? Not just for a situation like this but for others too.

We've had files corrupted due to bad sectors; thank goodness, we had a backup or two.
My brother has had, at least, two hard drives completely fail on him.

 

[crimson]

I have all this media on it that I cannot lose.

Wouldn't it be a good idea to back these up, then? Not just for a situation like this but for others too.

We've had files corrupted due to bad sectors; thank goodness, we had a backup or two.
My brother has had, at least, two hard drives completely fail on him.

Ya it would be a great idea to keep everything backed up if I was rich. Since I'm not, I can't transfer my files somewhere safe in order to format.

Hi there

The best way of running Windows (or ANY OS for that matter) is to separate the OS from user data.
With W7 even a large system with loads of apps such as MS office, Photoshop etc etc won't require more than around 35 - 50 GB.

Partition the drive into 40 - 50 GB say for the OS and use whatever is left over for User Data, Media files, pictures,etc etc.

Then if you have to restore etc you only need to restore the OS partition -- takes at the MOST around 25 mins with most commercial backup / restore software.

If you don't have any W7 backup software an EASY way to backup the W7 partition is to boot any old Linux system and just TAR or GZIP the W7 partition -- it's just DATA to Linux. Partition is usually found by a name such as /dev/windowsC, or /dev/sda2 or whatever.

Otherwise use commercial software -- I use Acronis -- cheap and works a treat. There is other stuff out there -- a bit of googling will help too.

Cheers
jimbo

If I can find somewhere to store my files, I'll format my hard drive, and setup partitions.

 

[crimson]

Are you still being re-directed? If you are, you'll need to flush the DNS cache and restore MS's original Hosts file.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Next, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

That's a free download of the latest version of malwarebytes? I thought you have to pay for that.

I used a tool that fixed my redirct problem. But now I'm having another problem.

I installed Comodo Firewall to see if it would protect me better than PC Tools which kept giving me errors. After trying to figure out how to adjust the application settings, all of a sudden, I can't access the internet. Even with Comodo Firewall off, Windows is telling me my network connection is disabled. Hence I'm currently accessing the internet from the same computer using Ubuntu OS which runs from the CD.

 

[crimson]

Wow I fixed it. I'm back in windows. I found out that Comodo installed some kind of network driver. I don't understand this. It's so weird and unheard of. I was able to go into my network properties, uninstall the Comodo driver, and restart my computer. Now my network connection is fine.

 

[PandaCloudAntiv]

You ran Avira and Hijackthis but both didn't work well on your computer may be because of database of those antivirus are not updated. Try to update one of your antivirus software and rescan your computer may be they are able to trace malware in your pc this time. You can easily update your antivirus software by clicking update option/button in your software.thts it...