Stupid interrupting starfish grmmbl.
Aug. 10th, 2009 02:16 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
hazliyaSo, I'm having this issue when I use google to search and click on a link. The link will then take me to an unrelated spam-filled random search engine designed to wreck my system.
Malwarebytes' scan turns up nothing. Can anyone help?
Malwarebytes' scan turns up nothing. Can anyone help?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2009-08-10 07:54 pm (UTC)I had a Vundo infection completely disable not only my ability to visit important websites, but also Malwarebytes' ability to detect it. It targeted everything that I would have used to destroy it.
Try going to atribune.org ; if it works, make an account and post about your infection. They'll walk you through what you have to do step by step.
If you can't access atribune.org (which I couldn't), you're going to need to use somebody else's computer to make the posts. Use a thoroughly disinfected thumbdrive to copy the text files and downloaded executables that the atribune people will suggest to you, and scan it each time it's touched your computer just in case.
I was able to clear out my vundo infection without a problem thanks to the people at atribune. :)
no subject
Date: 2009-08-11 03:30 am (UTC)no subject
Date: 2009-08-10 08:19 pm (UTC)I had an infection like that some time ago (It may have been a vundo or virtumundo variant, I think), and to get rid of it involved Going to a clean computer, putting an up to date copy of MB, Spybot, and Ad-Aware onto a flash drive, booting the infected machine into safe mode so the malware had as little chance to interefere as possible, and running the tools from the flash drive. Try that.
Sadly, we're getting more and more to the day when the only real way to remove an infection is to back up your data (you have backups, right?) and reformatting the system.
no subject
Date: 2009-08-11 03:28 am (UTC)It was on my work computer- the IT guy installed a super-cleaner (which actually screwed a bunch of stuff up). I'd suggest start with laurion's advice. You could also try AVG (which is what Rob always recommends). I can't remember what the super-crazy program was called, but I could find out if the other suggestions don't work.
no subject
Date: 2009-08-11 03:03 pm (UTC)no subject
Date: 2009-08-11 03:32 pm (UTC)no subject
Date: 2009-08-11 05:22 am (UTC)no subject
Date: 2009-08-11 05:23 am (UTC)no subject
Date: 2009-08-11 03:03 pm (UTC)no subject
Date: 2009-08-11 07:22 pm (UTC)no subject
Date: 2009-08-11 02:08 pm (UTC)So, the last time I had a problem like this it was something that had edited my Hosts file. Information on what it does is at http://en.wikipedia.org/wiki/Hosts_file. Anti-spyware programs use it to map 'evil domain names' to something innocuous like 127.0.0.1. If spyware gets a hold of it, it can map google.com to something terrible.
In XP, it's under C:\Windows\system32\drivers\etc\. I don't think it has an extension, it's just 'Hosts', but you can open it in Notepad. Search for 'google.com' and delete every entry you find there. After you save this, you may want to set the file to be read-only.
The hosts file overrides the computer's normal method of looking up the IP for a domain name. So when you delete google's entry (if it's there), you tell your computer 'ignore this hard-coded evil IP and go look up the real one.'
Let me know if this works/if Google is in there.
no subject
Date: 2009-08-11 02:11 pm (UTC)no subject
Date: 2009-08-11 03:50 pm (UTC)Combofix is the name of the super-potent cleaner that the IT guy installed- It's for 'experienced users only' yadda yadda- and it can cause problems (mine had bios issues and pathway issues when it was done). But it did get rid of the stupid virus.