Internet browser virus
 

Having problems which manifest as:
In MS Internet Explorer, Google search result websites navigate to a different website from that selected.
Initially thought Avant browser not affected but now getting uncommanded start and filling up with pages showing URL referring to 'bestmanage': with little Ferrari logo on tab.
Whilst actively exploring cleaners . .
Any ideas?
edited to remove actual virus URL in case anyone clicks on it :{

Sounds like ad-ware to me. Most likely slipped itself in with something you (or someone else) installed on your computer. Try Ad-Aware: http://www.lavasoftusa.com/products/ad_aware_free.php

Good luck if AdAware can remove that one. Worth a try, though.
I've read of users successfully removing it with Superantispyware

which is superior.
Generally with this type of infection (BHO loaded by a trojan) it's best to full scan and quarantine with at least two different applications and in safe mode, which will prevent all or part of it from loading, thus greatly increasing the chance of successful cleaning.
Quarantine, rather than deleting. That way if you nuke a system file, you can get it back.
When all is well turn off system restore, then turn it back on again.
It's possible you might need heavier duty tools to completely get rid of it. If the above steps fail, you'd best do a HijackThis scan, and post the results at one of the forums that deal with these. (see the sticky).

So far tried AVG, Grisoft & Lavasoft with no success.
Superantispyware running now and has reached alert level Heinz - 57 threats detected :uhoh:
Suspect came from crack site - lost legit system disc for laptop and was going to crack another legit OS disc.
F**k me! it's up to 63 now!

With thanks for assistance.

Don't forget 'hijack this' (sticky)

Perhaps Spybot could find and destroy?

I have no confidence in Adaware - been on my machine for years, together with Avast and Zone Alarm. Not found anything for ages and I forgot about it for nearly a year - remembered it a couple of weeks ago, updated and ran it - nothing found!

Use AVG,Spybot,Adware6.0
great combo.
regds
MEL

Thanks, folks.
Seem to have got rid of the Avant problem by running Superantispyware in safe mode but MS Internet Explorer redirection is still with us.
I'd been advised to disable System Restore in order to avoid risk of reverting to infected state. Would System Restore have solved the problem? Too late now - all SR wiped.
Just going to start in safe and try AVG,Spybot,Adware, Superantispy again.

Just as well I don't have a real job to go to :p

HAWK21M - I use exactly the same 'combo' as you do! ;)

Basil, highly unlikely system restore would've nuked it. Trojans worm their way into restore points, generally, hence deleting them once cleaned.
Have a look at Superantispyware "preferences"> "repairs".
That should do what you need.
There are a few freeware programs that can help prevent this sort of thing happening again. Spybot has a "teatimer" feature, that guards against certain registry changes.
Winpatrol can guard many aspects of the system, though not quite in realtime for the free version.
SpywareTerminator is a free resident antispyware with HIPS, (optional) and an open source AV (optional) and a toolbar (also optional) which is better featured than some of the pay for jobs. I use this last one, but without the AV or toolbar.

Gotcha!!
 

Had a look on spywareinfo.com and as a result of their advice ran FixWareout which seems to have disabled the redirector.
Subsequently ran Kapersky which found shedloads of viruses which, I think, had all been previously isolated.
Ran CCleaner.
Switched on Restore.

With thanks for all your suggestions.

Check (if you haven't already) that your Initial page setting has not been changed to that site.

Homepage is OK.
It's all a bit of a worry if you do your banking etc on the PC.

Good instincts kind sir.

You may wish to backup your pictures, files, favourites and other data then start anew just to be sure.


You can repartition (backup first please) then install using a version compatible (SP2, SP1 XP Home disk) from any OEM and re-enter your key (sticker on the lappie bottom). If any squawks, call the Microsoft toll free # and get a legitimate override using the key on the sticker.

Network cards, modems, video chips and sound devices will likely need drivers from the laptop's manufacturer. A second PC with internet access and CD burner would be useful here.

Be sure to run Windows Update, restart the computer if asked, then re-run WU until the machine is current. Please install AVG AV as well and update before accessing any back ups. Use MS Office? There are security updates at office.microsoft.com.

I tend to babble on. Apologies.

:zzz:

vapilot2004,
Thank you for the advice. I'll look into calling MS - I'd assumed they'd say "Go forth etc" :eek:

Try PrevX. It does require a payment IF you want it for more than 30 days, but works 100% in the trial period and allows you to remove what it finds, unlike some of the other BS out there.

It's not found by searches, since it's only downloadable by recommendation. You can find the home by typing Prevx into google.

Get that, and run it. I don't know the physics behind it, but it has found things for me and some previous clients that AVG, Spybot, Hijackthis nor AdAware could find.

Simple interface, just as logical as the rest.

Hope it helps anybody.

Dan.