Log in

No account? Create an account
09 April 2010 @ 12:15 pm
a request to the hive mind  

My dad’s computer has been infected with a virus which redirects searches to completely random places. Ted’s spent about twenty hours trying to clean it up, to no avail. In desperation, we turn to the hive mind to see if anybody has suggestions he hasn’t tried. The following is what he *has* tried:

Ok, so the computer has run into js/fake alert and I can’t seem to get rid of it. Have uninstalled and reinstalled completely the browser.

Used Spydoctor, McAfee, and Norton to try and get ride of the problem and still no joy. After reinstall of Firefox the search feature will work for a while and then start back up with random websites keyed to something that I cannot find and will block any attempt to get to antivirus software web pages. I cannot get Norton to update and windows update does not work either (and that is on explorer 8). I have not found anything on the web to guide me in a permanent fix.

Any suggestions would be helpful.

Also I am not convinced that the problem with web page navigation is related to the virus but nothing else is coming up to point me in
another direction.

I know he has also downloaded spyware and virusware updates onto memory sticks from a different computer and installed them, so it’s not just being unable to get to upgrades–the latest thing he can download doesn’t seem to be doing the trick either.

Nor can we tell if possibly Dad’s hitting some site which is reinfecting him, so if anybody has any idea where the virus might be *coming* from, that could be helpful too. :/

Thank you in advance!

(x-posted from the essential kit)
Current Mood: hopefulhopeful
The Renaissance Manunixronin on April 9th, 2010 12:05 pm (UTC)
Well, it sounds like it's pretty definitely infected. But you knew that.

McAfee and Norton/Symantec antivirus are not highly regarded these days. My personal suggestion would be the free-for-personal-use versions of AVG or Avast!, or in the paid category, Kaspersky antivirus, which is currently considered to lead the pack.

As to cleaning the machine ... this may be one of those cases where you need to bite the bullet, back up all personal data, wipe the disk, and reinstall. Glad to see he's using Firefox; after reinstalling, make sure that the Firefox extension NoScript is installed. MANY infections picked up on the Web come from cross-site scripting attacks, and NoScript will stop 99% of them cold. It does take a little bit of a learning curve to get the feel of which sites you need to (and safely can) allow scripts for.
kitmizkit on April 9th, 2010 12:17 pm (UTC)
Unfortunately it's a new almost-laptop machine which didn't come with reinstallation software (or even a DVD-ROM upon which software can be run), so we've been hoping like hell we can fix it and not have to send it back to the manufacturer to have it reinstalled. OTOH, it's new, so it should still be under warantee if we /do/ have to do that.

Thank you very much!
Herefoxherefox on April 9th, 2010 03:26 pm (UTC)
Just a note, a lot of machines now a days come with a partition on the hard drive, completely separate from the rest of the drive where the reinstall info is for the OS...you may want to do a search for the make and model and see if that's the case...it probably is if you didn't receive any OS discs and the like when it was purchased.
Amber n Tealamber_n_teal on April 9th, 2010 12:12 pm (UTC)
I'm with unironin on the ineffectiveness of those 3. They may have been top dog at one time. But not they aren't much better than virii themselves. I'd promptly uninstall them and then install AVG or Avast from http://download.com After running one of those 2, go back to download.com and download malwarebytes as well. This one doesn't have a real time watch your stuff program unless you pay (I think) but it's kick butt on searching out root kits and finding things that other programs miss. I use it about once a week and AVG every day. It's clunky and slows my computer down, but it's MUCH better than Norton, which was a piece and I deleted it off of my computer within a week of buying it.
Amber n Tealamber_n_teal on April 9th, 2010 12:14 pm (UTC)
Oh, and when we had that particular trojan, I copy pasted the url I needed to go to in the browser. That helped. And we got it from myspace we believe (thanks sis in law)
pgwfolcpgwfolc on April 9th, 2010 12:35 pm (UTC)


Spyware Blaster


Panda Anti-Rootkit

All free. Spyware Blaster is passive protection, so it's kind of a barn door situation right now. But good to install once you get things cleaned up.

Additionally, you may want to try McAfee Freescan. It's a virus scan run from McAfee's servers. Viruses have been known to target your anti-virus software. The externally-run scan can't be affected by that. It does require that you use Internet Explorer, however, as FireFox doesn't support ActiveX controls. (Precisely because they allow you to do things like scan your entire computer through a browser application.)

Hopefully, one of those will do the job.
wednesday childewedschilde on April 9th, 2010 03:39 pm (UTC)
seconding malwarebytes...

also microtrends
Ellen Millionellenmillion on April 9th, 2010 04:50 pm (UTC)
I had something that sounds just like this and malwarebytes took care of it.
spiffikinsspiffikins on April 9th, 2010 02:43 pm (UTC)
It may be worth checking whether the hosts file has been modified to redirect you to another web site when you make requests? It lives in windows/system32/drivers/etc and may hide if you don't have "show system files" enabled.

16:9 1.78:1 OAR: Ryusixteenbynine on April 9th, 2010 03:09 pm (UTC)
And whatever you do, set him up in the future with a non-admin account. This cuts down on the vast majority of this junk like you wouldn't believe.
anthony_lionanthony_lion on April 9th, 2010 04:43 pm (UTC)
As mentioned by others, just forget it!

Hope and pray that there's a separate 'install partition' on it and use that to wipe the machine clean.
If not, feel free to yell at the manufacturer. Alternatively, if you still have the license sticker on the side of the PC, MS might send you a CD for 'shipping, handling and a fistfull for the bother'... )

If you still want to be a masochist and try to clean it, try Hijack This!

Oh, and Trend makes some decent AV SoftWare, too.

If Hijack This! tells you that there's something in the registry that shouldn't be there, and that you can't delete, consider this tool:
In addition to overwrite old passwords there's a Registy editor in there.

Rules of computer protection:

1. Always use a Router/firewall between your computer and your Cable/DSL modem.

2. Unless you have a good reason otherwise, disable the 'feature' called uPnP.

3. Set up GOOD passwords on the router, and if wireless accesspoint, disable logging into it from the WiFi portion, set up the meanest WPA encryption possible and change the SSID.

4. On the PC, use a non-admin account for daily work. No nomal SW should ever require admin rights for running. If your Scanner WS, camera drivers or printer utilities require Admin rights to run, return them as defective because the crap is not following basic design guidelines.

5. The MS firewall is 'better than nothing', but a good one that comes together wih a decent AV-suite is worth paying money for.
Scott Kennedyscottakennedy on April 9th, 2010 08:24 pm (UTC)
I'll second the recommendations of Malwarebytes in this thread. It's helped me a number of times. As have Ad-Aware and, long ago, SpyBot. I also concur that if your computer has a reinstall partition (which really is quite common) that might be the easiest solution (after backing up any files he wants to keep).

Other suggestions:
If he hasn't booted his computer in safe mode before running a virus scan, he should do so.

Deleting temporary files can also sometimes help. There's a dumb old program called CleanUp (available on Download.com) which deletes all your temp files; it also can be helpful. Note, I wouldn't use it on a Vista or Win7 system, just XP and earlier.

While you've probably searched for your cause as well, in case you didn't come across it, the link below seems to describe your problem, and you might find it informative.

Good luck!
dqg_nealdqg_neal on April 9th, 2010 11:42 pm (UTC)
I don't know if I need to say this or not. But make sure to turn off system restore. If it is js/fake alert, the stinger virus loves to reinstall itself.

It has been recommended before. MBAM http://www.malwarebytes.org/ is probably the best option for this one. But one pass may not clean all the infected files. Make sure to run it in safe mode.

And the other problem that may occur. (It happened on two computers that I was repairing at work. It looses the shell command for .exe)


ladynladyn on April 10th, 2010 05:53 pm (UTC)
My hubby is a Network Admin and has actually come across this exact virus. He used http://free.antivirus.com/hijackthis/ but he says you have to be careful because the items it lists are not always bad and if deleted can cause issues, specifically with your browsers. So...he recommends this only if you know what NOT to delete as well.