IE 9 browser redirect virus - what to do

Please dont say that :( there has to be another way....something in the registery I can look for?? another virus remover that could possibly look at the registery or other areas that Malwabytes doesnt?

You listed the best ones, and viruses can wreck an operating system beyond repair.  Sorry, but you have just joined a very, very long list of people that have wrecked their machines with viruses and have had to rebuild.

... Thinkpads_User

howcome Symantec didnt catch it?? I have that running

ALL virus applications are rear-guard applications. They only figure out what to do after the first ones have invaded machines. The virus apps are always running to catch up. Why did Symantec not catch it? Because the virus has not yet been included in it virus signatures.

.... Thinkpads_User

You're not giving me any hope :) thanks

Sorry, however, I have been at this for a long time and have seen operating system ruined beyond repair many times.

... Thinkpads_User

Thanks for your help. Our IT department will be mad at me for this :)

If you are using Windows 7, get EMET V3 or V3.5 Tech Preview from Microsoft after you get going again. EMET obfuscates addresses making it difficult for viruses to take hold.

Also, never click on advertising links. Most of them are death to a computer.

... Thinkpads_User

I think that's what i've done probably...clicked on an ad

Please take a look at this in-depth Symantec article on cleaning up these threats. It may help you here. Also see if your IT department can contact Symantec Support for assistance.

http://www.symantec.com/business/support/index?page=content&id=TECH201560

.... Thinkpads_User

thanks, let me take a look

So what's happening on my machine is similar to
W32.Changeup infection?

And, also, in one of the links, I read that "hosts" file might have additional lines in it and it did and I deleted it. How about Services file in C:\Windows\System32\drivers\etc

I see stuff like:
qotd               17/tcp    quote                  #Quote of the day
qotd               17/udp    quote                  #Quote of the day

doom              666/tcp                           #Doom Id Software
doom              666/udp                           #Doom Id Software

p2pgroup         3587/tcp                           #Peer to Peer Grouping
p2pgroup         3587/udp                           #Peer to Peer Grouping

So what's happening on my machine is similar to W32.Changeup infection?

That I cannot say. I use Symantec (myself and my clients) and I found this link responding to a like post here where the asker had been hit with porn.exe and sexy.exe including their network.

I thought it might be worth a read on your part.

... Thinkpads_User

thanks, we posted at the same time (I posted another above)

Hosts should be empty except for comments (and in my case, DNS entries for servers I manage).

Services contains common ports

"This file contains port numbers for well-known services defined by IANA"

So I see qotd in my file, doom, and p2pgroup and they seem harmless to me given the first line in the file quoted above.

.... Thinkpads_User

ok, was just checking. My Hosts has one line for localhost that I use for PHP. I'll see what our IT says. Thanks again for your help ( i like to get a whole new laptop, if i could :))

thanks, david, let me take a look.

Thanks, David. I ran that but didnt do it. I have to wait for IT to take a look at it. I am thinking thinkspad is correct.

@Farzadw  - Thank you and I am always happy to help.   ... Thinkpads_User

Thanks for sticking with this. And yes, I have to have the laptop wiped out. IT looked at it today, ran another virus scanner but didnt help. Thanks again.

Is there EMET V3 or V3.5 Tech Preview for Windows 8?

EMET V3.5 Tech Preview works fine on Windows 8. I put it on my Windows 8 machine and set it up. You need to set up EMET for each application as well (lower right button to configure).

.... Thinkpads_User

thanks