Camillia
asked on
IE 9 browser redirect virus - what to do
Hello,
I have a virus in my IE 9 that it keeps redirecting my browser to other sites. I've been reading about it and doing the stuff some sites suggest: Using Malwarebyes and tdsskiller and also removing the extra row in Hosts file but I still get redirected
I've watched and read these;
http://www.youtube.com/watch?v=jkPtWjarxI8
http://answers.yahoo.com/question/index?qid=20100203202257AAXDYZl
I haven't looked at the registery and dont want to touch that. Is there a "powerful" virus remover I can install/run to fix this?
I have a virus in my IE 9 that it keeps redirecting my browser to other sites. I've been reading about it and doing the stuff some sites suggest: Using Malwarebyes and tdsskiller and also removing the extra row in Hosts file but I still get redirected
I've watched and read these;
http://www.youtube.com/watch?v=jkPtWjarxI8
http://answers.yahoo.com/question/index?qid=20100203202257AAXDYZl
I haven't looked at the registery and dont want to touch that. Is there a "powerful" virus remover I can install/run to fix this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You listed the best ones, and viruses can wreck an operating system beyond repair. Sorry, but you have just joined a very, very long list of people that have wrecked their machines with viruses and have had to rebuild.
... Thinkpads_User
... Thinkpads_User
ASKER
howcome Symantec didnt catch it?? I have that running
ALL virus applications are rear-guard applications. They only figure out what to do after the first ones have invaded machines. The virus apps are always running to catch up. Why did Symantec not catch it? Because the virus has not yet been included in it virus signatures.
.... Thinkpads_User
.... Thinkpads_User
ASKER
You're not giving me any hope :) thanks
Sorry, however, I have been at this for a long time and have seen operating system ruined beyond repair many times.
... Thinkpads_User
... Thinkpads_User
ASKER
Thanks for your help. Our IT department will be mad at me for this :)
If you are using Windows 7, get EMET V3 or V3.5 Tech Preview from Microsoft after you get going again. EMET obfuscates addresses making it difficult for viruses to take hold.
Also, never click on advertising links. Most of them are death to a computer.
... Thinkpads_User
Also, never click on advertising links. Most of them are death to a computer.
... Thinkpads_User
ASKER
I think that's what i've done probably...clicked on an ad
Please take a look at this in-depth Symantec article on cleaning up these threats. It may help you here. Also see if your IT department can contact Symantec Support for assistance.
http://www.symantec.com/business/support/index?page=content&id=TECH201560
.... Thinkpads_User
http://www.symantec.com/business/support/index?page=content&id=TECH201560
.... Thinkpads_User
ASKER
thanks, let me take a look
ASKER
So what's happening on my machine is similar to
W32.Changeup infection?
W32.Changeup infection?
ASKER
And, also, in one of the links, I read that "hosts" file might have additional lines in it and it did and I deleted it. How about Services file in C:\Windows\System32\driver s\etc
I see stuff like:
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
p2pgroup 3587/tcp #Peer to Peer Grouping
p2pgroup 3587/udp #Peer to Peer Grouping
I see stuff like:
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
p2pgroup 3587/tcp #Peer to Peer Grouping
p2pgroup 3587/udp #Peer to Peer Grouping
So what's happening on my machine is similar to W32.Changeup infection?
That I cannot say. I use Symantec (myself and my clients) and I found this link responding to a like post here where the asker had been hit with porn.exe and sexy.exe including their network.
I thought it might be worth a read on your part.
... Thinkpads_User
That I cannot say. I use Symantec (myself and my clients) and I found this link responding to a like post here where the asker had been hit with porn.exe and sexy.exe including their network.
I thought it might be worth a read on your part.
... Thinkpads_User
ASKER
thanks, we posted at the same time (I posted another above)
Hosts should be empty except for comments (and in my case, DNS entries for servers I manage).
Services contains common ports
"This file contains port numbers for well-known services defined by IANA"
So I see qotd in my file, doom, and p2pgroup and they seem harmless to me given the first line in the file quoted above.
.... Thinkpads_User
Services contains common ports
"This file contains port numbers for well-known services defined by IANA"
So I see qotd in my file, doom, and p2pgroup and they seem harmless to me given the first line in the file quoted above.
.... Thinkpads_User
ASKER
ok, was just checking. My Hosts has one line for localhost that I use for PHP. I'll see what our IT says. Thanks again for your help ( i like to get a whole new laptop, if i could :))
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, david, let me take a look.
ASKER
Thanks, David. I ran that but didnt do it. I have to wait for IT to take a look at it. I am thinking thinkspad is correct.
@Farzadw - Thank you and I am always happy to help. ... Thinkpads_User
ASKER
Thanks for sticking with this. And yes, I have to have the laptop wiped out. IT looked at it today, ran another virus scanner but didnt help. Thanks again.
ASKER
Is there EMET V3 or V3.5 Tech Preview for Windows 8?
EMET V3.5 Tech Preview works fine on Windows 8. I put it on my Windows 8 machine and set it up. You need to set up EMET for each application as well (lower right button to configure).
.... Thinkpads_User
.... Thinkpads_User
ASKER
thanks
ASKER