Internet browser virus
Thread Starter
Internet browser virus
Having problems which manifest as:
In MS Internet Explorer, Google search result websites navigate to a different website from that selected.
Initially thought Avant browser not affected but now getting uncommanded start and filling up with pages showing URL referring to 'bestmanage': with little Ferrari logo on tab.
Whilst actively exploring cleaners . .
Any ideas?
edited to remove actual virus URL in case anyone clicks on it
In MS Internet Explorer, Google search result websites navigate to a different website from that selected.
Initially thought Avant browser not affected but now getting uncommanded start and filling up with pages showing URL referring to 'bestmanage': with little Ferrari logo on tab.
Whilst actively exploring cleaners . .
Any ideas?
edited to remove actual virus URL in case anyone clicks on it
Last edited by Basil; 10th Jul 2007 at 17:43.
Join Date: Oct 2006
Location: EGBJ Gloucester
Age: 40
Posts: 103
Likes: 0
Received 0 Likes
on
0 Posts
Sounds like ad-ware to me. Most likely slipped itself in with something you (or someone else) installed on your computer. Try Ad-Aware: http://www.lavasoftusa.com/products/ad_aware_free.php
Good luck if AdAware can remove that one. Worth a try, though.
I've read of users successfully removing it with Superantispyware
which is superior.
Generally with this type of infection (BHO loaded by a trojan) it's best to full scan and quarantine with at least two different applications and in safe mode, which will prevent all or part of it from loading, thus greatly increasing the chance of successful cleaning.
Quarantine, rather than deleting. That way if you nuke a system file, you can get it back.
When all is well turn off system restore, then turn it back on again.
It's possible you might need heavier duty tools to completely get rid of it. If the above steps fail, you'd best do a HijackThis scan, and post the results at one of the forums that deal with these. (see the sticky).
I've read of users successfully removing it with Superantispyware
which is superior.
Generally with this type of infection (BHO loaded by a trojan) it's best to full scan and quarantine with at least two different applications and in safe mode, which will prevent all or part of it from loading, thus greatly increasing the chance of successful cleaning.
Quarantine, rather than deleting. That way if you nuke a system file, you can get it back.
When all is well turn off system restore, then turn it back on again.
It's possible you might need heavier duty tools to completely get rid of it. If the above steps fail, you'd best do a HijackThis scan, and post the results at one of the forums that deal with these. (see the sticky).
Thread Starter
So far tried AVG, Grisoft & Lavasoft with no success.
Superantispyware running now and has reached alert level Heinz - 57 threats detected
Suspect came from crack site - lost legit system disc for laptop and was going to crack another legit OS disc.
F**k me! it's up to 63 now!
With thanks for assistance.
Superantispyware running now and has reached alert level Heinz - 57 threats detected
Suspect came from crack site - lost legit system disc for laptop and was going to crack another legit OS disc.
F**k me! it's up to 63 now!
With thanks for assistance.
Recidivist
Join Date: Jun 2005
Location: Essex, UK
Posts: 1,239
Likes: 0
Received 0 Likes
on
0 Posts
Perhaps Spybot could find and destroy?
I have no confidence in Adaware - been on my machine for years, together with Avast and Zone Alarm. Not found anything for ages and I forgot about it for nearly a year - remembered it a couple of weeks ago, updated and ran it - nothing found!
I have no confidence in Adaware - been on my machine for years, together with Avast and Zone Alarm. Not found anything for ages and I forgot about it for nearly a year - remembered it a couple of weeks ago, updated and ran it - nothing found!
Thread Starter
Thanks, folks.
Seem to have got rid of the Avant problem by running Superantispyware in safe mode but MS Internet Explorer redirection is still with us.
I'd been advised to disable System Restore in order to avoid risk of reverting to infected state. Would System Restore have solved the problem? Too late now - all SR wiped.
Just going to start in safe and try AVG,Spybot,Adware, Superantispy again.
Just as well I don't have a real job to go to
Seem to have got rid of the Avant problem by running Superantispyware in safe mode but MS Internet Explorer redirection is still with us.
I'd been advised to disable System Restore in order to avoid risk of reverting to infected state. Would System Restore have solved the problem? Too late now - all SR wiped.
Just going to start in safe and try AVG,Spybot,Adware, Superantispy again.
Just as well I don't have a real job to go to
Basil, highly unlikely system restore would've nuked it. Trojans worm their way into restore points, generally, hence deleting them once cleaned.
Have a look at Superantispyware "preferences"> "repairs".
That should do what you need.
There are a few freeware programs that can help prevent this sort of thing happening again. Spybot has a "teatimer" feature, that guards against certain registry changes.
Winpatrol can guard many aspects of the system, though not quite in realtime for the free version.
SpywareTerminator is a free resident antispyware with HIPS, (optional) and an open source AV (optional) and a toolbar (also optional) which is better featured than some of the pay for jobs. I use this last one, but without the AV or toolbar.
Have a look at Superantispyware "preferences"> "repairs".
That should do what you need.
There are a few freeware programs that can help prevent this sort of thing happening again. Spybot has a "teatimer" feature, that guards against certain registry changes.
Winpatrol can guard many aspects of the system, though not quite in realtime for the free version.
SpywareTerminator is a free resident antispyware with HIPS, (optional) and an open source AV (optional) and a toolbar (also optional) which is better featured than some of the pay for jobs. I use this last one, but without the AV or toolbar.
Thread Starter
Gotcha!!
Had a look on spywareinfo.com and as a result of their advice ran FixWareout which seems to have disabled the redirector.
Subsequently ran Kapersky which found shedloads of viruses which, I think, had all been previously isolated.
Ran CCleaner.
Switched on Restore.
With thanks for all your suggestions.
Subsequently ran Kapersky which found shedloads of viruses which, I think, had all been previously isolated.
Ran CCleaner.
Switched on Restore.
With thanks for all your suggestions.
Join Date: Aug 2005
Location: fairly close to the colonial capitol
Age: 55
Posts: 1,693
Likes: 0
Received 0 Likes
on
0 Posts
It's all a bit of a worry if you do your banking etc on the PC.
You may wish to backup your pictures, files, favourites and other data then start anew just to be sure.
lost legit system disc for laptop and was going to crack another legit OS disc.
Network cards, modems, video chips and sound devices will likely need drivers from the laptop's manufacturer. A second PC with internet access and CD burner would be useful here.
Be sure to run Windows Update, restart the computer if asked, then re-run WU until the machine is current. Please install AVG AV as well and update before accessing any back ups. Use MS Office? There are security updates at office.microsoft.com.
I tend to babble on. Apologies.
Join Date: Jul 2002
Location: Hungary
Age: 39
Posts: 684
Likes: 0
Received 0 Likes
on
0 Posts
Try PrevX. It does require a payment IF you want it for more than 30 days, but works 100% in the trial period and allows you to remove what it finds, unlike some of the other BS out there.
It's not found by searches, since it's only downloadable by recommendation. You can find the home by typing Prevx into google.
Get that, and run it. I don't know the physics behind it, but it has found things for me and some previous clients that AVG, Spybot, Hijackthis nor AdAware could find.
Simple interface, just as logical as the rest.
Hope it helps anybody.
Dan.
It's not found by searches, since it's only downloadable by recommendation. You can find the home by typing Prevx into google.
Get that, and run it. I don't know the physics behind it, but it has found things for me and some previous clients that AVG, Spybot, Hijackthis nor AdAware could find.
Simple interface, just as logical as the rest.
Hope it helps anybody.
Dan.
