Avatar of Camillia
Camillia
Flag for United States of America asked on

IE 9 browser redirect virus - what to do

Hello,

  I have a virus in my IE 9 that it keeps redirecting my browser to other sites. I've been reading about it and doing the stuff some sites suggest: Using Malwarebyes and tdsskiller and also removing the extra row in Hosts file but I still get redirected

I've watched and read these;
http://www.youtube.com/watch?v=jkPtWjarxI8

http://answers.yahoo.com/question/index?qid=20100203202257AAXDYZl


I haven't looked at the registery and dont want to touch that. Is there a "powerful" virus remover I can install/run to fix this?
Microsoft DevelopmentWeb Browsers

Avatar of undefined
Last Comment
Camillia

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
John

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Camillia

ASKER
Please dont say that :( there has to be another way....something in the registery I can look for?? another virus remover that could possibly look at the registery or other areas that Malwabytes doesnt?
John

You listed the best ones, and viruses can wreck an operating system beyond repair.  Sorry, but you have just joined a very, very long list of people that have wrecked their machines with viruses and have had to rebuild.

... Thinkpads_User
Camillia

ASKER
howcome Symantec didnt catch it?? I have that running
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
John

ALL virus applications are rear-guard applications. They only figure out what to do after the first ones have invaded machines. The virus apps are always running to catch up. Why did Symantec not catch it? Because the virus has not yet been included in it virus signatures.

.... Thinkpads_User
Camillia

ASKER
You're not giving me any hope :) thanks
John

Sorry, however, I have been at this for a long time and have seen operating system ruined beyond repair many times.

... Thinkpads_User
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Camillia

ASKER
Thanks for your help. Our IT department will be mad at me for this :)
John

If you are using Windows 7, get EMET V3 or V3.5 Tech Preview from Microsoft after you get going again. EMET obfuscates addresses making it difficult for viruses to take hold.

Also, never click on advertising links. Most of them are death to a computer.

... Thinkpads_User
Camillia

ASKER
I think that's what i've done probably...clicked on an ad
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
John

Please take a look at this in-depth Symantec article on cleaning up these threats. It may help you here. Also see if your IT department can contact Symantec Support for assistance.

http://www.symantec.com/business/support/index?page=content&id=TECH201560

.... Thinkpads_User
Camillia

ASKER
thanks, let me take a look
Camillia

ASKER
So what's happening on my machine is similar to
W32.Changeup infection?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Camillia

ASKER
And, also, in one of the links, I read that "hosts" file might have additional lines in it and it did and I deleted it. How about Services file in C:\Windows\System32\drivers\etc

I see stuff like:
qotd               17/tcp    quote                  #Quote of the day
qotd               17/udp    quote                  #Quote of the day

doom              666/tcp                           #Doom Id Software
doom              666/udp                           #Doom Id Software

p2pgroup         3587/tcp                           #Peer to Peer Grouping
p2pgroup         3587/udp                           #Peer to Peer Grouping
John

So what's happening on my machine is similar to W32.Changeup infection?

That I cannot say. I use Symantec (myself and my clients) and I found this link responding to a like post here where the asker had been hit with porn.exe and sexy.exe including their network.

I thought it might be worth a read on your part.

... Thinkpads_User
Camillia

ASKER
thanks, we posted at the same time (I posted another above)
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
John

Hosts should be empty except for comments (and in my case, DNS entries for servers I manage).

Services contains common ports

"This file contains port numbers for well-known services defined by IANA"

So I see qotd in my file, doom, and p2pgroup and they seem harmless to me given the first line in the file quoted above.

.... Thinkpads_User
Camillia

ASKER
ok, was just checking. My Hosts has one line for localhost that I use for PHP. I'll see what our IT says. Thanks again for your help ( i like to get a whole new laptop, if i could :))
SOLUTION
davidlevans13

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Camillia

ASKER
thanks, david, let me take a look.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Camillia

ASKER
Thanks, David. I ran that but didnt do it. I have to wait for IT to take a look at it. I am thinking thinkspad is correct.
John

@Farzadw  - Thank you and I am always happy to help.   ... Thinkpads_User
Camillia

ASKER
Thanks for sticking with this. And yes, I have to have the laptop wiped out. IT looked at it today, ran another virus scanner but didnt help. Thanks again.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Camillia

ASKER
Is there EMET V3 or V3.5 Tech Preview for Windows 8?
John

EMET V3.5 Tech Preview works fine on Windows 8. I put it on my Windows 8 machine and set it up. You need to set up EMET for each application as well (lower right button to configure).

.... Thinkpads_User
Camillia

ASKER
thanks
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.