Lbello
asked on
100ksearches.com virus
Yesterday I can across a Windows XP with 100kseaches virus. This virus hijacks when you search through Google and redirects the browser to a site not relayed to the search. Has anyone come across this problem and if so is there a solution?
John
You need to scan your system for malware. When that is done, open your hosts file (c:\windows\system32\drive
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's another problem, it won't allow me to run malwarebytes or any anti-virus software. And will not boot into safe mood.
That is a much bigger issue than maybe we supposed at first. Given your last post, that machine is pretty much toast.
I would say try to restore to a prior period, but it is doubtful that would work.
You probably should back up the data and reinstall the operating system. In the state it is in (no A/V or Safe Mode), it could easily absorb more time in troubleshooting than in re-installing.
... Thinkpads_User
I would say try to restore to a prior period, but it is doubtful that would work.
You probably should back up the data and reinstall the operating system. In the state it is in (no A/V or Safe Mode), it could easily absorb more time in troubleshooting than in re-installing.
... Thinkpads_User
Can you try running Rkill: Here is the download link
http://download.cnet.com/RKill/3000-8022_4-11464676.html
this is known to kill malware/virus processes and then try running other scanners
http://download.cnet.com/RKill/3000-8022_4-11464676.html
this is known to kill malware/virus processes and then try running other scanners
also you can try downloading on a usb stick from another computer and then run it on the infected pc
ASKER
If I create a bootable CD with the latest security essentials virus definattion loaded. will that work?
And which security essentials would you recommend?
And which security essentials would you recommend?
try Running Rkill to see if you can kill the virus process and run malwarebytes or combofix
if that doesnt work:
I would try a more in depth scanner than security essentials
Try making a cd ISO of kaspersky
Its a rescue disk and has worked wonders for me in the past with trojans/malware/viruses
download kaspersky rescue disk 10 here:
http://support.kaspersky.com/faq/?qid=208282173
if that doesnt work:
I would try a more in depth scanner than security essentials
Try making a cd ISO of kaspersky
Its a rescue disk and has worked wonders for me in the past with trojans/malware/viruses
download kaspersky rescue disk 10 here:
http://support.kaspersky.com/faq/?qid=208282173
Did you try running TDSSKiller? You have a TDSS rootkit and that is the appropriate tool. If TDSSKiller will not run, try running rkill as recommended above. Use the iExplore version of rkill.
ASKER
Sorry for the ignorance, but, how do I run rkill?
just download rkill from the link above I posted earlier and click run, it takes care of the rest and runs through a command prompt
ASKER
OK to run from CD?
Although not the same malware, this removal guide from Bleeping Computer has the instructions you need. Follow the removal instructions through step 17.
http://www.bleepingcomputer.com/virus-removal/remove-system-repair
http://www.bleepingcomputer.com/virus-removal/remove-system-repair
ASKER
Lastly run Malwarebytes, correct?
Yes.
ASKER
Thank you. I'll update all tomorrow.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well.... I ran Rkil then after-wards I was able to access msconfig and check the services running at start up. I disable 2 fictitious malware, restarted and I was able to Google search and access website.
Not sure if this fixed the problem, but I asked the end user to please monitor for any problem.
Through it all I was unable to run Malwarebytes.
Not sure if this fixed the problem, but I asked the end user to please monitor for any problem.
Through it all I was unable to run Malwarebytes.