Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: HellFire on April 03, 2011, 10:09:59 PM
-
What makes this virus severe is that it's a ROOTKIT that embeds itself in the cores of your files, thereby being almost invisible to most AV & Spyware, it attaches itself to "Search Engines (ie Google, Bing or Yahoo)" sending your request to places not requested & freezing your screen!
If not taken care of as soon as possible it damages your system, etc. What makes it worse is it's not a single virus but a MULTIPLE one in hidden files, getting rid of a couple of these REDIRECT virus' gives one a false sense of well being & security whereas the reverse is true.
Any computer repair personnel/technicians/experts who know of this problem, please advise accordingly as to HOW to get rid of it once & for all. I scoured the internet for a FIXIT and was only able to be successful on a temporary basis, got rid of a couple on Wednesday only to find seven (7) more on an allegedly clean system today, the
problem is on going slowing the system down.
Appreciate your help, thank you.
-
this is what i got on the first google how to remove redirect virus. before you go google on how to get rid of redirect virus 2 of the top 3 answers were red flagged by wow addon on firefox. so be careful. also please note that epsilon company just got hacked into. that means if you have accouns with chase, citi, bestbuy and many others they may have your account emails now. so from now on dont click on the link that tells you your bill is due. go directly to the website and make payment if you are like me that does all bill payment on line. and oh yes welcome to the secure way to pay bills online :rofl. ok this is the last edit. i am currently changing the emails on all my bills to a new one. hey you never know. this actually may stop the thieves from stealing my info they already have.
http://www.ehow.com/how_5842581_remove-google-redirect-virus.html
semp
-
Firefox has a no redirect add-on that helps.
-
Firefox has a no redirect add-on that helps.
noscrip add on has the forbid meta redirections inside no script elements (whatever that means) on their advanced tab. I also use sandboxie whenever i go looking for info on anything and I mean everything i dont already have a link to. you never now.
semp
-
Maybe this will help
http://support.kaspersky.com/viruses/solutions?qid=208283363 (http://support.kaspersky.com/viruses/solutions?qid=208283363)
That malware can open a backdoor to your PC. I think I would reformat and make sure erase your MBR.
-
Gentlemen, thx much for ur assistance to my unpleasant dilemma & my sincerest
apologies for none response as I was attempting to do my very best in fixing my
problem. I printed out the following in my endeavors for a FIXIT:
(A) Firefox Redirect Malware Removal (B) How to Remove the Google Search Engine Redirect & Spyware Scanner Blocking Virus (C) How to REMOVE the Redirect Virus (D) Remove Google Redirect Virus.
Followed instructions assiduously but w/o any improvement!! Lots of time spent on this! The system is becoming slower with many freeze-ups & earlier this A.M. my CCleaner version 3.05 disappeared from my Desktop! This virus is gobbling up my software ... darn!
:cheers:
-
Gentlemen, thx much for ur assistance to my unpleasant dilemma & my sincerest
apologies for none response as I was attempting to do my very best in fixing my
problem. I printed out the following in my endeavors for a FIXIT:
(A) Firefox Redirect Malware Removal (B) How to Remove the Google Search Engine Redirect & Spyware Scanner Blocking Virus (C) How to REMOVE the Redirect Virus (D) Remove Google Redirect Virus.
Followed instructions assiduously but w/o any improvement!! Lots of time spent on this! The system is becoming slower with many freeze-ups & earlier this A.M. my CCleaner version 3.05 disappeared from my Desktop! This virus is gobbling up my software ... darn!
:cheers:
Format, reinstall.
-
Hope your not doing any online financial transactions with your PC.
-
Last rootkit problem I had I used TDS Killer worked like a charm
-
Last rootkit problem I had I used TDS Killer worked like a charm
Or at least that's what you think. The funny thing about good viruses is that you can't detect their presence.
-
Gentlemen:
Thx for ur inputs ... tried everything with NO success ... tried to learn more on reformatting my diskdrive but find it nigh on to impossible to
accomplish on "Vista Home Premium", hence I was dissuaded from even
attempting it. Not an easy solution on a Vista OS reformatting wise.
Unfortunately, yes I DO have financials on my PC, I thereby disconnected
my PC & am using my OLD Windows XP PC. Hopefully my disconnected
PC shall nullify the Virus. Shall have to REPAIR the PC in a Computer store. :frown:
-
Hellfire,
Instead of taking it to the computer store for a repair just yet, do you have the OS disks?
If so, why not use something like DBAN Boot & Nuke?
I am not the most knowledgeable computer guy but have used it in the past to wipe drives and it has been successful.
Here is the link: http://www.dban.org/ (http://www.dban.org/)
I am not entirely certain if when the rootkit is fubar'd if this will work but you may give it a go?
Best of luck to you....
BTW....How did you get the issue with the Google redirect?
-
Gentlemen:
Thx for ur inputs ... tried everything with NO success ... tried to learn more on reformatting my diskdrive but find it nigh on to impossible to
accomplish on "Vista Home Premium", hence I was dissuaded from even
attempting it. Not an easy solution on a Vista OS reformatting wise.
Unfortunately, yes I DO have financials on my PC, I thereby disconnected
my PC & am using my OLD Windows XP PC. Hopefully my disconnected
PC shall nullify the Virus. Shall have to REPAIR the PC in a Computer store. :frown:
Reformatting has nothing to do with your operating system. You basically start your Vista install again and choose the format option. If you don't have the installation media then you need to get it. Once more a reason not to buy a cheap boxed system.
-
The system should have come with a disk. It is not hard to reformat. Make sure to make a full reformat, and if you try to save any data from the infected machine, make sure the data is virus scanned before reinstalling backed up data from a infected OS.
-
Or at least that's what you think. The funny thing about good viruses is that you can't detect their presence.
LOL you're kidding right?
-
LOL you're kidding right?
Why would I be kidding? A properly made rootkit will never make any noise about itself, it just generates a little extra traffic on your line while it feeds away your banking information.
-
MrRipley,
So how does one know if they have a root kit issue and discover it?
That is a no BS question.....seriously would like to know. I run AVAST, Spybot, Adaware, and Win defender. Would those catch this?
Thanks,
:lol
-
MrRipley,
So how does one know if they have a root kit issue and discover it?
That is a no BS question.....seriously would like to know. I run AVAST, Spybot, Adaware, and Win defender. Would those catch this?
Thanks,
:lol
You don't. But once you KNOW your system has been compromised the only safe action is to format and reinstall. Trojan downloaders can load and install a dozen viruses with varying functionality. Some badly made viruses may make your system unstable or cause visual problems on purpose. The bad (well made) ones do their best to keep hidden.
There are at least 2 million different viruses and adware out there. The best of antiviruses catch 98% of the KNOWN exploits. Do the math.
-
Why would I be kidding? A properly made rootkit will never make any noise about itself, it just generates a little extra traffic on your line while it feeds away your banking information.
That's the point, you have an unknown process running hooked into inappropriate libraries that connects to something on the net. Decent AV will spot it, not to mention personal firewall/border firewall/HIPS.
Oh and at last count my border firewall has 4941745 malware signatures :D
-
Tried everything per respondents' suggestions ... all to no avail ...was unable to reformat PC, reinstalled the Vista disk & lost most of my programs with the exception of Windows.old (had no probs overlaying
Windows XP SP3, no data was lost).
How my PC was infected I've no idea, perhaps I should've paid attention
to my "WOT" symbols which showed as RED, yes, I know, the old, woulda, shoulda, coulda, this is an expensive lesson for me!
Read about dban.org but am hesitant to try it.... ran TDS Killer approx. 4 times per my attempts at removal of virus. Shall wrap this up for now & take the errant PC to repair shop. TY every1 for ur sincerest of assistance, I likewise commented re MSIE today.
-
Once your PC is operating virus free and correctly, I suggest you use software which will make a shadow copy or a image of your drive. There is pay for software which fairly easy to use. Ghost, Acronis, and Paragon Recovery are some of your choices.
(This will make a full backup of your operating system and software programs and data, mbr etc, etc.)
I also suggest you make daily or weekly backup of your most important data from software programs you use on a regular basis. I use a key drive and a second hardrive for this.
To sum this advise up, it is similar to disaster recovery. Many types of situations can create a situation for recovery , malware, failed hardrive, other failed or failing hardware, etc, etc. Doing the above steps and being diligent about them can save alot of time and headaches.
just my couple cents.
-
That's the point, you have an unknown process running hooked into inappropriate libraries that connects to something on the net. Decent AV will spot it, not to mention personal firewall/border firewall/HIPS.
Oh and at last count my border firewall has 4941745 malware signatures :D
The signature has to be detected first to be added there. You have to realize the AV people are always one step behind. Even the most advanced AVs do not have the ability to detect all viruses and the protection against 0-day exploits is even more marginal.
If you have 1 000 000 viruses and your super good AV detects 98% of them (most of them aren't even that good), how many viruses are you potentially exposed to right now?
Stuxnet is a good example of a widely spread good virus that went undetected for ages.
-
but with safe practices you can lower the risk. on the other hand if you watch pron and jump from site to site then you will get one in a matter of hours or days.
semp
-
The signature has to be detected first to be added there. You have to realize the AV people are always one step behind. Even the most advanced AVs do not have the ability to detect all viruses and the protection against 0-day exploits is even more marginal.
If you have 1 000 000 viruses and your super good AV detects 98% of them (most of them aren't even that good), how many viruses are you potentially exposed to right now?
Stuxnet is a good example of a widely spread good virus that went undetected for ages.
Good AV is behavioral based as well as signature based, as well as block undesired behaviors. So you're totally wrong - you really need to understand all the solutions available before you comment. And this is not new technology.
-
Good AV is behavioral based as well as signature based, as well as block undesired behaviors. So you're totally wrong - you really need to understand all the solutions available before you comment. And this is not new technology.
Oh boy are you off the mark there. I suggest you do some studies, http://www.av-comparatives.org/ is a good place to start. Note that the tests are done with _known_ set of viruses, they don't even have access to 0-day ones and still none of the AVs manage to provide a 100% detection rate.
No AV is going to give you a 100% coverage, the simple fact that you noticed you got infected is a strong testament of that in the first place. (And I'm referring to the OP here now)
Once you get a trojan dropper in your system you can't know what it has altered there and no AV is going to provide safety anymore. There can be a 0-day nastie that embeds itself into dll's like stuxnet did and no AV is going to catch it but it WILL catch your banking credentials or re-route your network traffic to hijack the site. Possibilities are endless.
Once you've actually found out you have a problem (lucky, huh?) the only safe solution is to nuke it from orbit, do some voodoo rituals on the harddrive and install from a dvd.
Of course if you're willing to trade 60 minutes of your time to a possible bank account hijack / losing all your money then the choice is all yours! :D
Nothing like a false sense of security provided by the AV software that is usually the first thing the virus attacks and disables.
-
No AV is going to give you a 100% coverage +1 Ripley
safe practices (safe browsing practice) +1 Semp
Just lookup Zues malware or Zues trojan horse.
Just my 3 cents
-
Stuxnet is a good example of a widely spread good virus that went undetected for ages.
Considering what that virus was, and who supposedly created it, I'd say it might be in a different league than your average redirect malware...
-
Considering what that virus was, and who supposedly created it, I'd say it might be in a different league than your average redirect malware...
Yet it was an example what can be done and how long it can be in distribution without anyone detecting it. I repeat: The best of AVs get 98-99% detection rates on a sample of known viruses. They can't even catch all of the viruses that are already known to exist, let alone 0-day ones.
No 'cleaning' is going to give you guarantee your system is uncompromised after you get infected that is a simple fact. The infection might not give any clue of its presence and it may have simply blocked your AV from touching it.
Every day millions of pcs that are hijacked run 24/7 as part of Ddos or spam botnets. Most of the users run antiviruses and probably think nothing's wrong.
-
Yet it was an example what can be done and how long it can be in distribution without anyone detecting it.
Fair enough...I'll have to make sure I shut down my uranium enrichment centrifuges when I get home... :)
-
Fair enough...I'll have to make sure I shut down my uranium enrichment centrifuges when I get home... :)
Be sure that you do! ;)
Ripley's point is still valid though. Well done malware can be nigh unto undetectable, antivirus is not foolproof, and if you get malware the only way to be certain it's gone is to restart your OS from scratch.
Wiley.
-
Oh boy are you off the mark there. I suggest you do some studies, http://www.av-comparatives.org/ is a good place to start. Note that the tests are done with _known_ set of viruses, they don't even have access to 0-day ones and still none of the AVs manage to provide a 100% detection rate.
No AV is going to give you a 100% coverage, the simple fact that you noticed you got infected is a strong testament of that in the first place. (And I'm referring to the OP here now)
Once you get a trojan dropper in your system you can't know what it has altered there and no AV is going to provide safety anymore. There can be a 0-day nastie that embeds itself into dll's like stuxnet did and no AV is going to catch it but it WILL catch your banking credentials or re-route your network traffic to hijack the site. Possibilities are endless.
Once you've actually found out you have a problem (lucky, huh?) the only safe solution is to nuke it from orbit, do some voodoo rituals on the harddrive and install from a dvd.
Of course if you're willing to trade 60 minutes of your time to a possible bank account hijack / losing all your money then the choice is all yours! :D
Nothing like a false sense of security provided by the AV software that is usually the first thing the virus attacks and disables.
Did you even read what I wrote?
You know I do IT security for a job right?
-
Stuxnet is a good example of a widely spread good virus that went undetected for ages.
err Stux wasn't widely spread.
-
Did you even read what I wrote?
You know I do IT security for a job right?
Ok you do your job trusting antivirus programs after the machine has been infected and I wish you luck. That's all. :O
You know the infection already got past your active antivirus when you get in the OP position in the first place! :rolleyes:
First it fails to protect you and then it SAVES THE DAY! :D
-
Hello every1:
Took PC to be repaired, after an extensive diagnostic, no virus' were ever found, no fee was charged. PC brought home.
Plugged PC in & ran a few hours of programs noticing that the PC was slow. Ran "ESET online" (AV Pgm) discovered the following:
A variant of Win32/Adware Virtumonde. NKO appication.
Ran Housecall (AV Pgm) & yet another virus was found:
Rogue AV749
Both virus' were cleaned & removed. Should anymore virus' be found over the weekend I plan to have my PC wiped clean.
-
Hello every1:
Took PC to be repaired, after an extensive diagnostic, no virus' were ever found, no fee was charged. PC brought home.
Plugged PC in & ran a few hours of programs noticing that the PC was slow. Ran "ESET online" (AV Pgm) discovered the following:
A variant of Win32/Adware Virtumonde. NKO appication.
Ran Housecall (AV Pgm) & yet another virus was found:
Rogue AV749
Both virus' were cleaned & removed. Should anymore virus' be found over the weekend I plan to have my PC wiped clean.
Just remember that just like in Aces High, the one that you don't see is the one that gets you. :salute
-
So far so good ... no virus' detected & u are correct MrRiplEy[H] am keeping a very close watch on my pgms, thx 4 ur suggestions & help.
:cheers:
-
WOOPS!!!!!!!!!!! my error, the virus reared it's ugly head this A.M., redirecting my queries to different sites ,,, it certainly is deep rooted, it's
off to the PC Repair for me for a thorough wipe of the hard disk :uhoh
-
PLease refer to my earlier post about making a shadow copy or image, wich ever a person wants to call it.
Making a backup has saved me many times from going and doing a full reinstall.
Just my 3 cents again
-
Ok you do your job trusting antivirus programs after the machine has been infected and I wish you luck. That's all. :O
You know the infection already got past your active antivirus when you get in the OP position in the first place! :rolleyes:
First it fails to protect you and then it SAVES THE DAY! :D
What an earth are you talking about?
You're not making much sense you know.
Let me explain...
1. 0 Day exploit is released.
2. User receives email with 0 day exploit based malware attached
3. AV misses it on a signature scan due to no signature existing yet
4. User tries to run attachment
5. AV blocks malware based on behavior at execution (could be any number of triggers)
It's not that hard to comprehend is it?