PDA

View Full Version : I can't seem to get rid of this Malware.



spikerS
03-28-2015, 09:36 AM
Ok, so not sure where I picked this up, but I am at my wits end trying to get rid of it.

I have some fucking redirector on my laptop. occasionally when I click a link, some random site comes up. For example I clicked a thread on Beyond a couple mins ago, and it redirected me to a dating site. I close the site, go back to beyond and reclick the link, and it goes where it was supposed to.

It doesn't happen often at all. maybe once or twice a day.

I have run full scans with Kaspersky, ad-aware, and MSE, and nothing is picking it up. There are no unknown or unusual extensions in chrome either...

anyone have any ideas I can try?

firebane
03-28-2015, 09:47 AM
download and grab JRT .. Junk Removal Tool.

And if that doesn't work grab ComboFix

xnvy
03-28-2015, 09:48 AM
Malwarebytes? Usually works good for me. Oh and if you do run this, rename the .exe before your unit or something. I'm not sure why.

A790
03-28-2015, 10:44 AM
Do you have a screen recording program, like SnagIt or Camtasia? If so, can you record a video of it happening? It may be a program that you can uninstall (seriously, happened to me once) but it's hard to tell without seeing the redirection happen.

spikerS
03-28-2015, 10:52 AM
I could get one I suppose, but it happens so infrequently, it would take forever to get a capture of it.

I did a JRT scan and it fixed one registry item for IE, but I never use IE...

doing a malwarebytes scan now, and see what it can find.

revelations
03-28-2015, 10:54 AM
Boot into safe mode for starters. F6 or F8 during bootup.

Download and install a safe mode uninstaller (so that you can remove programs)

Run an ESET ONLINE SCANNER and MALWAREBYTES full/custom scan (both free). Will remove 99% of problems this way.

asd913
03-28-2015, 11:02 AM
http://malwaretips.com/blogs/websteroids-removal/

This is a step by step I often go back to no matter what the malware is (I just skip the specific websteriod part).

spikerS
03-28-2015, 12:26 PM
well, malwarebytes picked up a couple things and removed them, and did a reboot.

With any luck, this stops this crap. I will give it a few days now and see if it keeps happening.

firebane
03-28-2015, 12:33 PM
Originally posted by spikerS
well, malwarebytes picked up a couple things and removed them, and did a reboot.

With any luck, this stops this crap. I will give it a few days now and see if it keeps happening.

Look at your hosts file.. c:\windows\system32\drivers\etc\hosts

If anything is causing a redirect it could be in there.

revelations
03-28-2015, 01:07 PM
Originally posted by firebane


Look at your hosts file.. c:\windows\system32\drivers\etc\hosts

If anything is causing a redirect it could be in there.

:werd:

Programs like ROGUE KILLER will look at your hosts file and reset for you if needed.

ronaldo
03-28-2015, 01:24 PM
I'm in the same boat. Used Malware bytes and other software so many times to no resolve. Running Rogue killer now..lets hope it can fix it

revelations
03-28-2015, 01:28 PM
If youre not in SAFE mode, chances are good nothing will be fixed.

ZenOps
03-31-2015, 06:36 AM
Its rare, but the DNS you hookup to might be corrupted and not your computer itself.

ipconfig /all

ipconfig /flushdns

Try switching DNS for a while. Its always been a weak point of the internet, how does one really absolutely know for sure that when you go to a .com banking site, you are actually going to it?

revelations
03-31-2015, 11:00 AM
Originally posted by ZenOps
Its rare, but the DNS you hookup to might be corrupted and not your computer itself.

ipconfig /all

ipconfig /flushdns

Try switching DNS for a while. Its always been a weak point of the internet, how does one really absolutely know for sure that when you go to a .com banking site, you are actually going to it?

ISP-managed DNS - however I used Google DNS as a fall-back. (8.8.8.8)

ZenOps
03-31-2015, 09:30 PM
I think I'm going to try google 8.8.8.8 as primary for a while.

Even though my pings to it are a solid 20ms higher than the primary for Shaw, I get the feeling its faster once it does the actual lookup, and is more reliable from a security perspective.

Not to be a conspiracy theorist, but the secondary Shaw DNS in Calgary 64.59.135.135 looks a little bit wonky... Trust is something earned but easily lost.

spikerS
03-31-2015, 09:41 PM
fuck, it came back with a vengance today. probably close to a dozen redirects, and this time malware bites found nadda.

back to square one. FML.

firebane
03-31-2015, 09:48 PM
Originally posted by spikerS
fuck, it came back with a vengance today. probably close to a dozen redirects, and this time malware bites found nadda.

back to square one. FML.

Malwarebytes and such are useless for massive attacks like your getting.

I hope your using either Firefox or Chrome and not IE.

Did you try ComboFix? You can also use HiJackThis and then submit the log to a secure site to have it analyzed.

revelations
03-31-2015, 09:59 PM
Yep, with nasties like this: no safe mode = not cleaned (cant shutdown active programs in memory sometimes)

ComboFix works great too.

spikerS
03-31-2015, 10:11 PM
yeah, using chrome exclusively.

I am currently in safe mode running another malwarebites.

I will look into combo fix too.

If this doesn't work, I think I am going to find a big drive to backup to and just wipe.

revelations
03-31-2015, 10:33 PM
Prob know this already, but with MB, make sure its a custom scan and youve checked all the tests.

ronaldo
03-31-2015, 11:26 PM
Using Rogue Killer has seem to removed all the random ads and pop ups from my browsers...for now at least

se7en
04-01-2015, 12:00 AM
This happenes on my phone. Very frustrating Lol.

taemo
04-01-2015, 07:38 AM
also make sure that your browser is not using any proxies.

open IE, go to Internet Options, Connections then LAN Settings

make sure it's not redirecting you to a config script or a proxy server

spikerS
04-01-2015, 06:17 PM
well, I gave up.

I got Malwarebytes, windows defender, JRT, adaware, and a few others. 16 hours of scanns, and configuring them all to scan every damn file, and NOTHING!

And I was getting hit still, about 7-8 times a day now.

Waived the white flag, went and bought a 1TB external HDD, and backed up my movies, music, and pics.

went into the recovery options, and told it to reset my PC. I have only reinstalled Chrome. I am hoping this will finally get rid of these effing pop ups.

revelations
04-01-2015, 06:35 PM
^ too late now, but did you check/fix your hosts file?

spikerS
04-01-2015, 06:41 PM
yeah, I had run a rogue killer scan too, and nothing was found.

with any luck, this reset and backup solves it

revelations
04-01-2015, 06:51 PM
Not to sound alarming, but if the recovery process DOESENT format the disk (boot sector) then there is a chance that bugs could still be present. Whenever I reinstall Windows, I delete all the old partitions and perform a full format.

If youre going to go as far as recovery, might as well perform a thorough cleaning process, leaving no stone unturned.

spikerS
04-01-2015, 06:58 PM
Originally posted by revelations
Not to sound alarming, but if the recovery process DOESENT format the disk (boot sector) then there is a chance that bugs could still be present. Whenever I reinstall Windows, I delete all the old partitions and perform a full format.

If youre going to go as far as recovery, might as well perform a thorough cleaning process, leaving no stone unturned.

I hear yah, and I normally do that too. But I really don't want to hunt down drivers and crap from scratch. I will if I have to, but I don't even have a recovery disk for this thing.

carson blocks
04-01-2015, 07:07 PM
Did you try Combofix? Since I found Combofix I haven't had to do a format and rebuild once.

spikerS
04-01-2015, 07:16 PM
yeah, i tried to use it, but it said it wasn't designed for windows 2000...and I am running 8.1....

Thales of Miletus
04-01-2015, 07:29 PM
Originally posted by spikerS
yeah, i tried to use it, but it said it wasn't designed for windows 2000...and I am running 8.1....

Type in regedit and then Deltree.

Did that take care of your problem?

April fools.

Waldi
04-02-2015, 08:35 AM
Originally posted by ronaldo
I'm in the same boat. Used Malware bytes and other software so many times to no resolve. Running Rogue killer now..lets hope it can fix it

I used spyboot on my father-in-law pc and was succesful.

spikerS
04-02-2015, 08:57 AM
this is the gift that just keeps on giving! so I reset the laptop, and now windows is saying that my licence is invalid and to buy a new licence.

:facepalm: FML

revelations
04-02-2015, 09:11 AM
Just go through the hoops of entering in the new ID codes by calling the automated MS system.