hazliya: (Default)
[personal profile] hazliya
So, I'm having this issue when I use google to search and click on a link. The link will then take me to an unrelated spam-filled random search engine designed to wreck my system.

Malwarebytes' scan turns up nothing. Can anyone help?

Date: 2009-08-10 07:54 pm (UTC)
From: [identity profile] zombie-dog.livejournal.com
It's probably vundo.

I had a Vundo infection completely disable not only my ability to visit important websites, but also Malwarebytes' ability to detect it. It targeted everything that I would have used to destroy it.

Try going to atribune.org ; if it works, make an account and post about your infection. They'll walk you through what you have to do step by step.

If you can't access atribune.org (which I couldn't), you're going to need to use somebody else's computer to make the posts. Use a thoroughly disinfected thumbdrive to copy the text files and downloaded executables that the atribune people will suggest to you, and scan it each time it's touched your computer just in case.

I was able to clear out my vundo infection without a problem thanks to the people at atribune. :)

Date: 2009-08-11 03:30 am (UTC)
From: [identity profile] hazliya.livejournal.com
The atribune anti-vundo thing came back clean. =/

Date: 2009-08-10 08:19 pm (UTC)
laurion: (Default)
From: [personal profile] laurion
Malware has gotten sneakier about blocking different anti-malware applications ability to update, or in some cases, to even detect the issue.

I had an infection like that some time ago (It may have been a vundo or virtumundo variant, I think), and to get rid of it involved Going to a clean computer, putting an up to date copy of MB, Spybot, and Ad-Aware onto a flash drive, booting the infected machine into safe mode so the malware had as little chance to interefere as possible, and running the tools from the flash drive. Try that.

Sadly, we're getting more and more to the day when the only real way to remove an infection is to back up your data (you have backups, right?) and reformatting the system.

Date: 2009-08-11 03:28 am (UTC)
From: [identity profile] treyvana.livejournal.com
I had that!
It was on my work computer- the IT guy installed a super-cleaner (which actually screwed a bunch of stuff up). I'd suggest start with laurion's advice. You could also try AVG (which is what Rob always recommends). I can't remember what the super-crazy program was called, but I could find out if the other suggestions don't work.

Date: 2009-08-11 03:03 pm (UTC)
From: [identity profile] hazliya.livejournal.com
I installed AVG, scanned once, and it wrecked my computer. Now I have to fix it. AVG is not the solution here.

Date: 2009-08-11 03:32 pm (UTC)
From: [identity profile] treyvana.livejournal.com
Yeah, I don't really love AVG either. It works as a preemptive sometimes, but otherwise, meh.

Date: 2009-08-11 05:22 am (UTC)
From: [identity profile] shogunhb.livejournal.com
I'm not a computer guy, but [livejournal.com profile] shadowravyn and [livejournal.com profile] k1ttycat both had similar problems and I managed to figure it out and fix them. Mostly by poking around forums online, rebooting in safe mode, futzing with the registry, and renaming my anti-malware programs to fool the malware. If you can't puzzle it out on your own, bring it over, I'll see what I can do.

Date: 2009-08-11 05:23 am (UTC)
From: [identity profile] shogunhb.livejournal.com
Assuming it's a laptop. If it's desktop, I can find some time to drop by.

Date: 2009-08-11 03:03 pm (UTC)
From: [identity profile] hazliya.livejournal.com
Can you get a laptop to boot? Mine won't anymore.

Date: 2009-08-11 07:22 pm (UTC)
From: [identity profile] shogunhb.livejournal.com
Maybe, but probably not, as I said, I'm not a computer person.

Date: 2009-08-11 02:08 pm (UTC)
From: [identity profile] mariaklob.livejournal.com
WARNING THIS MAY BE COMPLETELY UNHELPFUL.

So, the last time I had a problem like this it was something that had edited my Hosts file. Information on what it does is at http://en.wikipedia.org/wiki/Hosts_file. Anti-spyware programs use it to map 'evil domain names' to something innocuous like 127.0.0.1. If spyware gets a hold of it, it can map google.com to something terrible.

In XP, it's under C:\Windows\system32\drivers\etc\. I don't think it has an extension, it's just 'Hosts', but you can open it in Notepad. Search for 'google.com' and delete every entry you find there. After you save this, you may want to set the file to be read-only.

The hosts file overrides the computer's normal method of looking up the IP for a domain name. So when you delete google's entry (if it's there), you tell your computer 'ignore this hard-coded evil IP and go look up the real one.'

Let me know if this works/if Google is in there.

Date: 2009-08-11 02:11 pm (UTC)
From: [identity profile] mariaklob.livejournal.com
Oh, but if Google works and it's the resulting links that are corrupted, then the Hosts probably isn't the problem. Ignore me!

Date: 2009-08-11 03:50 pm (UTC)
From: [identity profile] treyvana.livejournal.com
btw, it's called a 'redirect virus'- I'm sorry AVG caused trouble, though.
Combofix is the name of the super-potent cleaner that the IT guy installed- It's for 'experienced users only' yadda yadda- and it can cause problems (mine had bios issues and pathway issues when it was done). But it did get rid of the stupid virus.

December 2011

S M T W T F S
     123
45678910
111213141516 17
18192021222324
25262728 293031

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 9th, 2025 01:40 pm
Powered by Dreamwidth Studios