?
Solved

Laptop infected with browser redirects

Posted on 2011-04-28
16
Medium Priority
?
707 Views
Last Modified: 2013-12-06
laptop infected with various browser redirects, including: ads.clicksor.com and atelbh....

Have run Malwarebytes, AdAware, Spybot and CCleaner to no avail.  System will sometimes work fine for a few minutes on web but almost always gets redirected if I try to go to anti-spyware site. Really frustrating!
0
Comment
Question by:CharAp
  • 5
  • 3
  • 2
  • +4
15 Comments
 
LVL 8

Accepted Solution

by:
Sean Scissors earned 300 total points
ID: 35485988
I would suggest running HitmanPro, then right afterwards before rebooting run TDSSkiller. The TDSS is by Kaspersky and a great tool for finding TDSS rootkits that cause viruses to pop back up. Below you will find links to all of the software as they are all freeware.

http://www.surfright.nl/en/downloads/
http://support.kaspersky.com/viruses/solutions?qid=208280684

Good luck.

Another thing to check for is your Hosts file located at "C:\WINDOWS\system32\drivers\etc"
Make sure there are no added sites in there that could be causing the re-direct.
0
 
LVL 7

Assisted Solution

by:namol
namol earned 300 total points
ID: 35486016
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 300 total points
ID: 35486020
TDSSkiller mentioned above is a great tool.

If that doesn't work, try running one of the "rogue process" killers prior to doing a new Malwarebytes scan.

Details in EE Articles here:
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:CharAp
ID: 35486037
Hosts file is empty, sorry I forgot to say that I had checked that already. I will try Hitman Pro (oddly I use that on another PC on startup) and TDSSkiller.
0
 

Author Comment

by:CharAp
ID: 35486046
hunart: I have already tried that with existing utils, I will try with Hitman and TSSKiller as well...
0
 

Author Comment

by:CharAp
ID: 35486081
HitmanPro - nothing found
TDSSkiller - nothing found
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 300 total points
ID: 35486097
You could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

However if the MBR is infected then you would need to re-write the MBR

The virus in the MBR is hard to remove if you have already booted the system. To remove the MBR virus you would need to re-create the MBR of the system. How to fix the MBR on Windows XP and Vista could be found below. Please follow the steps and let us know of the result.

How to fix MBR in Windows XP and Vista
http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/

I hope that would help

Sudeep
0
 
LVL 38

Expert Comment

by:younghv
ID: 35486127
You may find that Menu Item #5 in RogueKiller (mentioned above) will help by applying a DNS fix.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35488066
Are you using a router? sometimes it can be due to infected router.

Try the suggested ComboFix, let it install the Recovery Console, then scan in normal mode.
Scan only once and show us the logfile.

Also try this tool:
Download aswMBR.exe ( 511KB ) to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35488221
@ SSharma, it is possible that this is an mbr issue.
But we should NEVER suggest to fix the mbr without proper diagnoses first, that it is really needed and leave caution, specially if it is a Dell.

We haven't even ask the asker what system he has... We need to include an important note when suggesting to re-write their mbr as for Dell users it can prevent them from accesing the Dell restore utility.
0
 
LVL 2

Expert Comment

by:nmacfall
ID: 35698364
rkill and malwarebytes have not been mentioned here in combination, though I have found it very effective...I'm exploring hitmanpro 3.5 now, and will suggest it if I find it valueable...

http://www.bleepingcomputer.com/download/anti-virus/rkill - Get all versions of rkill
Malwarebytes.org - get latest, and update definitions

Rkill stops unnecessary/malicious services
malwarebytes removes the bad entries...
0
 
LVL 38

Expert Comment

by:younghv
ID: 35699194
@nmacfall,
Welcome to EE - always good to have new folks posting advice.
If you will look at the links to 'EE Articles' is the Expert Comments, you will see that rogue process killers -- followed by a Malwarebytes scan have been mentioned.

http:#a35486020

"If that doesn't work, try running one of the "rogue process" killers prior to doing a new Malwarebytes scan.


Details in EE Articles here:
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)"
0
 
LVL 2

Assisted Solution

by:nmacfall
nmacfall earned 300 total points
ID: 35699303
Thanks for the warm welcome...
0
 

Author Comment

by:CharAp
ID: 35699740
Lots of good advice but in the end decision was taken that this would all cost too much time so a new laptop was purchased. Thanks anyway as there were some good tips for future problems.
0
 

Author Closing Comment

by:CharAp
ID: 35699753
Partial solution
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question