We help IT Professionals succeed at work.

News 11 today virus

mtgatl
mtgatl asked
on
Randomly i am getting popups and IE's showing up with different websites.  The most common one is showing this page
http://www.news-11-today.com/finance-news/breaking-news.php?ex=001&tid=dcpvus2

When i try and x out of the window it says are you sure you want to navigate away, newsflash! click the cancel button or ok buttom.  Image has been attcahed.  screen shot
I ran an updated malware bytes and get nothing...

please help :)
Comment
Watch Question

To start with, I would blacklist that site, it will stop you even getting there. Also, try and clear out all of your temp internet files and install the free avast! antivirus, it will run a boot-level scan and then you can uninstall the AV.

If you are an admin, set the ISA server or your firewall to block access to the site, if not you can add it to your untrusted sites in IE.

I would also run a manual search on your registry (regedit) <---be careful!!! and search for 'news-11', delete any entries

Commented:
I would give Spybot S-D a try, in case Malware Bytes is missing something.  Do you have any other kind of anti-virus protection, or do you just rely on Malware Bytes?
reset your internet settings
Control Panel > Internet settings > advanced > reset
---
if not fixed it, please post here the startup programs:
Start > run > msconfig > startup >print screen
or
Start > regedit > goto HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
post them here, or export the .reg file then attach it here

regards
Putting it on a content advisor list for your system. Never use it again. Run clean-ups for you system. Use Norton, it works.
Also you should run Super Anti-Spyware.
http://superantispyware.com/download.html
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for further instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.