View Full Version : I can't seem to get rid of this Malware.
spikerS
03-28-2015, 09:36 AM
Ok, so not sure where I picked this up, but I am at my wits end trying to get rid of it.
I have some fucking redirector on my laptop. occasionally when I click a link, some random site comes up. For example I clicked a thread on Beyond a couple mins ago, and it redirected me to a dating site. I close the site, go back to beyond and reclick the link, and it goes where it was supposed to.
It doesn't happen often at all. maybe once or twice a day.
I have run full scans with Kaspersky, ad-aware, and MSE, and nothing is picking it up. There are no unknown or unusual extensions in chrome either...
anyone have any ideas I can try?
firebane
03-28-2015, 09:47 AM
download and grab JRT .. Junk Removal Tool.
And if that doesn't work grab ComboFix
Malwarebytes? Usually works good for me. Oh and if you do run this, rename the .exe before your unit or something. I'm not sure why.
Do you have a screen recording program, like SnagIt or Camtasia? If so, can you record a video of it happening? It may be a program that you can uninstall (seriously, happened to me once) but it's hard to tell without seeing the redirection happen.
spikerS
03-28-2015, 10:52 AM
I could get one I suppose, but it happens so infrequently, it would take forever to get a capture of it.
I did a JRT scan and it fixed one registry item for IE, but I never use IE...
doing a malwarebytes scan now, and see what it can find.
revelations
03-28-2015, 10:54 AM
Boot into safe mode for starters. F6 or F8 during bootup.
Download and install a safe mode uninstaller (so that you can remove programs)
Run an ESET ONLINE SCANNER and MALWAREBYTES full/custom scan (both free). Will remove 99% of problems this way.
asd913
03-28-2015, 11:02 AM
http://malwaretips.com/blogs/websteroids-removal/
This is a step by step I often go back to no matter what the malware is (I just skip the specific websteriod part).
spikerS
03-28-2015, 12:26 PM
well, malwarebytes picked up a couple things and removed them, and did a reboot.
With any luck, this stops this crap. I will give it a few days now and see if it keeps happening.
firebane
03-28-2015, 12:33 PM
Originally posted by spikerS
well, malwarebytes picked up a couple things and removed them, and did a reboot.
With any luck, this stops this crap. I will give it a few days now and see if it keeps happening.
Look at your hosts file.. c:\windows\system32\drivers\etc\hosts
If anything is causing a redirect it could be in there.
revelations
03-28-2015, 01:07 PM
Originally posted by firebane
Look at your hosts file.. c:\windows\system32\drivers\etc\hosts
If anything is causing a redirect it could be in there.
:werd:
Programs like ROGUE KILLER will look at your hosts file and reset for you if needed.
ronaldo
03-28-2015, 01:24 PM
I'm in the same boat. Used Malware bytes and other software so many times to no resolve. Running Rogue killer now..lets hope it can fix it
revelations
03-28-2015, 01:28 PM
If youre not in SAFE mode, chances are good nothing will be fixed.
ZenOps
03-31-2015, 06:36 AM
Its rare, but the DNS you hookup to might be corrupted and not your computer itself.
ipconfig /all
ipconfig /flushdns
Try switching DNS for a while. Its always been a weak point of the internet, how does one really absolutely know for sure that when you go to a .com banking site, you are actually going to it?
revelations
03-31-2015, 11:00 AM
Originally posted by ZenOps
Its rare, but the DNS you hookup to might be corrupted and not your computer itself.
ipconfig /all
ipconfig /flushdns
Try switching DNS for a while. Its always been a weak point of the internet, how does one really absolutely know for sure that when you go to a .com banking site, you are actually going to it?
ISP-managed DNS - however I used Google DNS as a fall-back. (8.8.8.8)
ZenOps
03-31-2015, 09:30 PM
I think I'm going to try google 8.8.8.8 as primary for a while.
Even though my pings to it are a solid 20ms higher than the primary for Shaw, I get the feeling its faster once it does the actual lookup, and is more reliable from a security perspective.
Not to be a conspiracy theorist, but the secondary Shaw DNS in Calgary 64.59.135.135 looks a little bit wonky... Trust is something earned but easily lost.
spikerS
03-31-2015, 09:41 PM
fuck, it came back with a vengance today. probably close to a dozen redirects, and this time malware bites found nadda.
back to square one. FML.
firebane
03-31-2015, 09:48 PM
Originally posted by spikerS
fuck, it came back with a vengance today. probably close to a dozen redirects, and this time malware bites found nadda.
back to square one. FML.
Malwarebytes and such are useless for massive attacks like your getting.
I hope your using either Firefox or Chrome and not IE.
Did you try ComboFix? You can also use HiJackThis and then submit the log to a secure site to have it analyzed.
revelations
03-31-2015, 09:59 PM
Yep, with nasties like this: no safe mode = not cleaned (cant shutdown active programs in memory sometimes)
ComboFix works great too.
spikerS
03-31-2015, 10:11 PM
yeah, using chrome exclusively.
I am currently in safe mode running another malwarebites.
I will look into combo fix too.
If this doesn't work, I think I am going to find a big drive to backup to and just wipe.
revelations
03-31-2015, 10:33 PM
Prob know this already, but with MB, make sure its a custom scan and youve checked all the tests.
ronaldo
03-31-2015, 11:26 PM
Using Rogue Killer has seem to removed all the random ads and pop ups from my browsers...for now at least
se7en
04-01-2015, 12:00 AM
This happenes on my phone. Very frustrating Lol.
taemo
04-01-2015, 07:38 AM
also make sure that your browser is not using any proxies.
open IE, go to Internet Options, Connections then LAN Settings
make sure it's not redirecting you to a config script or a proxy server
spikerS
04-01-2015, 06:17 PM
well, I gave up.
I got Malwarebytes, windows defender, JRT, adaware, and a few others. 16 hours of scanns, and configuring them all to scan every damn file, and NOTHING!
And I was getting hit still, about 7-8 times a day now.
Waived the white flag, went and bought a 1TB external HDD, and backed up my movies, music, and pics.
went into the recovery options, and told it to reset my PC. I have only reinstalled Chrome. I am hoping this will finally get rid of these effing pop ups.
revelations
04-01-2015, 06:35 PM
^ too late now, but did you check/fix your hosts file?
spikerS
04-01-2015, 06:41 PM
yeah, I had run a rogue killer scan too, and nothing was found.
with any luck, this reset and backup solves it
revelations
04-01-2015, 06:51 PM
Not to sound alarming, but if the recovery process DOESENT format the disk (boot sector) then there is a chance that bugs could still be present. Whenever I reinstall Windows, I delete all the old partitions and perform a full format.
If youre going to go as far as recovery, might as well perform a thorough cleaning process, leaving no stone unturned.
spikerS
04-01-2015, 06:58 PM
Originally posted by revelations
Not to sound alarming, but if the recovery process DOESENT format the disk (boot sector) then there is a chance that bugs could still be present. Whenever I reinstall Windows, I delete all the old partitions and perform a full format.
If youre going to go as far as recovery, might as well perform a thorough cleaning process, leaving no stone unturned.
I hear yah, and I normally do that too. But I really don't want to hunt down drivers and crap from scratch. I will if I have to, but I don't even have a recovery disk for this thing.
carson blocks
04-01-2015, 07:07 PM
Did you try Combofix? Since I found Combofix I haven't had to do a format and rebuild once.
spikerS
04-01-2015, 07:16 PM
yeah, i tried to use it, but it said it wasn't designed for windows 2000...and I am running 8.1....
Thales of Miletus
04-01-2015, 07:29 PM
Originally posted by spikerS
yeah, i tried to use it, but it said it wasn't designed for windows 2000...and I am running 8.1....
Type in regedit and then Deltree.
Did that take care of your problem?
April fools.
Waldi
04-02-2015, 08:35 AM
Originally posted by ronaldo
I'm in the same boat. Used Malware bytes and other software so many times to no resolve. Running Rogue killer now..lets hope it can fix it
I used spyboot on my father-in-law pc and was succesful.
spikerS
04-02-2015, 08:57 AM
this is the gift that just keeps on giving! so I reset the laptop, and now windows is saying that my licence is invalid and to buy a new licence.
:facepalm: FML
revelations
04-02-2015, 09:11 AM
Just go through the hoops of entering in the new ID codes by calling the automated MS system.
Powered by vBulletin® Version 4.2.4 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.