November 06, 2010

I believe I've been hijacked . I have a dirty, dirty computer-- Oh, my monkeys, can you hope me?

Apparently I've been trashed by the google redirect virus. It started on my desktop, and Mr. BlueHorse has made a number of attempts to clean things up, but nothing's working. Just now I attempted to do a search for information on a borrowed laptop, and the following popped up: The page at http://www1/fullpc-scan50/com says: Warning! Your computer is at risk of malware attacks. We recommend you to check your system immediately. Press OK to start the process now.. Same bloody popup as on the desktop. I disconnected from the modum, attempted a scan (was derailed on it, so I'm assuming I'm screwed--again.) I have Avast on my home computer as well as Malwarebytes and AdAware, and Norton on the borrowed laptop. Please hope me tech Monkeys!

  • Not even slightly a techy monkey, but hoping this might be helpful.
  • Sounds nasty - can you let us know what has been tried so far? I've found this and this. You may need this, though judging by the first link's directions, it might not be enough on its own. Also, if you have one trojan there is almost certainly more. I've had good results in the past from scanning with Hijack This, to at least get an idea of the scope of the problem. Plus there are plenty of forums out there that can help you with interpreting a Hijack This log.
  • And one more set of directions, seems to be getting good feedback.
  • Stinkin' google. Only they claim they'll leave you alone if you turn Java and Javascript off. That might just be another way to let your guard down though... I sometimes keep Dillo for a html only browser running in a different window when I want to use google instead of bing and keep the java on in Firefox, for example...
  • Sounds a bit like one I had... *very* persistent and didn't get removed by my usual tools (Avast, Malwarebytes AntiMalware & HijackThis). I saw a recommendation on a forum for these strangely named progs and they did the trick: 'Norman Malware Cleaner' 'Hitman Pro' I then ran scans with all my usual progs (in Safe Mode) and used SpybotS&D and IOBitSecurity360 to confirm things were AOK.
  • Geez, BlueHorse, I hope that you're able to get things sorted out soon. polychrome's links offer solid advice so hopefully it won't come down to the dreaded re-format and re-install hassle.
  • Polychrome, you are my hero! I'm keeping my fingers crossed, but after following poly's links and doing some further research, I did the following on the laptop: Ran Hitman and TDSSKiller; checked with Housecall and Symantec. The Avast scanner and Malwarebytes installed on the desktop would not run prior to this. They run now, and everything seems to check out OK. I'm not sure how you know without doing an actual google search to see if it screws up again, and there's no way in HELL I'm going to try google for fear of getting contaminated again. I'll use yahoo, TYVM, even if it's not my favorite. On one site's recommend, I also went back and deleted ALL my cookies, temp files, and history, and checked all the security settings. I am going to run broccoli's Norman Malware Cleaner as well as the two programs to confirm, and then I shall pray to the gods in the machine that this is taken care of. I think I'll be double checking with Eset scanner as well on my desktop. I seriously thought of switching to Chrome, but then read where this stupid rootkit virus is affecting that, also. The explanation of what might be going on that made the most sense to me was on this page. This thing took over my hotmail and sent weird links to everyone in my address book. I just hope no one was gullible enough to click on the links. I don't think opening the email of itself would infect anyone...?
  • Glad to help. VERY glad things seem to be coming good. Fingers crossed for you.
  • Glad you're back and hopefully problem free now.
  • Got your evil email. No, I didn't click the link, I still have my X-Files "TRUST NO ONE" poster on my wall (next to the I WANT TO BELIEVE" with a picture of a flying McRib). But "Norman Malware Cleaner"? Does it remove both the Naked and the Dead? (I'm only making light because I think everything's okay now; if not, feel free to email me more viruses...)
  • Glad to hear things are looking up! Since I got rid of that Google redirect rootkit I have been much more careful. Mine got infected simply by viewing an innocent blog with malicious code posted to it - a Java exploit that installed the rootkit automatically. I'd recommend using NoScript Firefox plugin and disabling Java.
  • I'm running Windows Update while reading this page.
  • Arrrrgh! It's back on the desktop. Miserable stuff.
  • MetaFilterian deezil has some good links and instructions that might help...
  • After much cursing and screwing around with no success, Mr. BlueHorse has decided to reformat. The problem we're having now is that XP sp3 loads almost to the end, then the hard drive just keeps churning with a black screen, or it freezes up. Whaz up wid dat? Anybody have any ideas?
  • Could be a zombie computer now.
  • When you say you get a black screen, I'm assuming this is after successful installation of XP? You did actually reformat and not just reinstall? I would first disconnect all peripherals including anything plugged into a USB port. See if that changes anything. If not, allow up to an hour for it to fix itself from the black screen (go to bed or have dinner). Not kidding. I've had XP repair itself after a long wait when I thought it was dead. If still no luck, do the F8 thing to get a boot menu if you don't get one and try "with logging". The log should show what file it's hanging up on and you can get help on that. You may need to reboot into Safe Mode to view the log. Also, Safe Mode coming up and not crashing is a good thing. Windows may have mis-detected the card and installed the wrong video driver. Oh, and insure that any driver disks that came with the PC were supplied in installation and have been updated if necessary. But if it ran before with an out of date driver, it probably still will. Good luck.
  • Oh, Toonces, thanks so much!
  • Computer haiku Chaos reigns within. Reflect, repent, and reboot. Order shall return. Yesterday it worked Today it is not working Windows is like that. Windows has crashed. I am The Blue Screen of Death. No one hears your screams. Stay the patient course. Of little worth is your ire. The network is down. A crash reduces Your expensive computer To a simple stone. Three things are certain: Death, taxes, and lost data. Guess which has occurred. Serious error. All shortcuts have disappeared. Screen. Mind. Both are blank. Seeing my great fault Through darkening blue windows I begin again. Errors have occurred We won't tell you where or why. Lazy programmers. Login incorrect. Only perfect spellers may enter this system. There is a chasm of carbon and silicon the software can't bridge. --Johne Cooke I'm trying to remain serene about this, but alas, my guts are still knotted from the GooRoo attack and the spamnapping. (sorry foop!) Perhaps all is well. I shall run the checkers one more time to sooth my paranoia.