×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Google hijack and redirect solved and Fake antivirus software popups

Google hijack and redirect solved and Fake antivirus software popups

Google hijack and redirect solved and Fake antivirus software popups

(OP)
I am an IT Professional and I picked up a nasty virus today on my home PC.  I would like to post how I removed it to help others who are not professionals.

I picked up the virus browsing the web with Internet Explorer.  I knew I had a virus because a FAKE antivirus program started popping up on my screen.  I am using Windows XP service pack 3.

Here is my fix:
(you will need a second computer and a USB memory key)

1.  Reboot your computer and start it in SAFE MODE by hitting the F8 key during reboot. (If you need more explanation do a google on Safe Mode on the second computer).

2.  In safe mode do a system restore to the nearest point prior to getting the virus. Start / All Program / Accessories / System Tools / System Restore (If you need more explanation do a google on System Restore on the second computer).

3.  The system restore will reboot your system, press F8 during the reboot and this time start in Safe Mode with Networking.

4.  On a second computer download Malwarebytes (free at http://www.malwarebytes.org/mbam.php ) to your USB key.  Install malwarebytes on your restored computer now running in safe mode for the second time, and run the updates on malwarebytes and then scan your computer.  Malwarebytes will probably need to reboot, so go ahead and reboot into standard Windows XP.

In my case the Fake Antivirus was now gone.  But I still had a problem.  My Google searches were being hijacked and redirected to strange pages.  This was caused by a rootkit virus.

To identify the rootkit I used a free tool: Kaspersky Virus Removal Tool 2010 from this link:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

I started with just scanning the Disk Boot Sectors and made this change to the options:
On the main program page, click on Security Level - Custom, then Settings, Additional tab, and make sure Rootkit Scan and Deep Scan are checked.

The program found Rootkit.Win32.TDSS.d but could not delete it.  On a second computer I googled that rootkit name and found a removal tool also from Kaspersky:
http://support.kaspersky.com/viruses/solutions?qid=208280684

It ran a small command prompt window (window with a black background and white words) and rebooted my computer and that was it.

Fake Antivirus software cleaned and Google redirect removed.

Ironically I have never use a Kaspersky product before, but I am grateful and impressed with the results I received from the tools sourced by them, mentioned above.

I will definitely check into their basic PC antivirus program as this problem slipped right past my Norton Endpoint Security antivirus I am running.

Hope this helps lot's of people.



 

RE: Google hijack and redirect solved and Fake antivirus software popups

There is one thing I'd like to pick you up on. Many modern malware strains infect your system restore and a resotre may not work. The first thing I'd do is try to remove before a system restore.

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 

RE: Google hijack and redirect solved and Fake antivirus software popups

(OP)
My experience with these types of malware is they block any attempt to install many types of virus removal software.  So the only choice is to go back to a time before the virus.

If your restore point has been infected too, then life if not good.  Fortunately I have not encountered this problem to date.

RE: Google hijack and redirect solved and Fake antivirus software popups

In addition, I've had to use several AV boots disks, one gives a clean bill of health and another may flag up something else.

So if you think you've been infected and have cleanded  it up, get a second opinion.

And I knwo this nasty one you had, I spent some time getting rid of it on my folks pc.

And they only had their internet for a week...

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close