Solved

spyware malware windows

Posted on 2011-09-26
3
489 Views
Last Modified: 2013-11-22
i dual boot my pc between win7 and ubuntu. on the windows side of things i notice google instant searches weren't working. and now i'm pretty sure i have some sort of malware, or spyware, despite the fact that my windows security essentials is running fine. i think i have something, because not only does google instant search not work, but search result always link to something else that is trying to sell me something. i also notice that the google instant search isn't working no matter which browser i try, ( IE8, chrome, firefox ). so i was going to look at my host file and ip settings, however, i would imagine that whatever is the problem is more complicated than just messing with the host file. also, i assume that since it doesn't matter what browser i use, this bit of malware must be in the windows system and not in internet explorer.
i mention the ubuntu thng because i thought i would use ubuntu to dig into the guts of wiindows to try and find this thing.
i know i could try malware bits, or combo fix, but i would like to try and dissect this to try and understand the mechanics of these things.
so any suggestions on how to start? up to this point i have mostly used combo fix or malware and i am not sure how to go about trying to de-constuct malware.
i don't care if i break windows.
0
Comment
Question by:JeffBeall
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
Comment Utility
Try using TDSSKiller if searches are redirected. Then if the problem persists, followed with MalwareBytes and ComboFix and show us the CF log.

Download and run Kaspersky's TDSSKiller
http://support.kaspersky.com/viruses/solutions?qid=208280684


"Google Hijack" - Google Search Gets Redirected"      
http://www.experts-exchange.com/A_3299.html


0
 
LVL 33

Assisted Solution

by:paulmacd
paulmacd earned 250 total points
Comment Utility
Take a look at the proxy settings in your browser(s) and see if they've been tampered with.  You can also try starting your browser(s) without addons/plugins to see if that helps.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
Comment Utility
ms security essential eventually found it. i wanted to try and poke around and learn about the mechanics of this, not use something like combofix or security essentials. oh well, maybe next time.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now