|
Download and install hijackthis.
Run the prog, let it do a scan. Tick any instances of domex the do the fix. it may fix the problem for you. Take the time to have a look at the information posted by the scan, there could be all sorts of strange stuff there. |
Update on where I am so far.
This is a tricky little thing. I've run most of the cleaning measures on majorgeeks suggested by M Mouse. First good tip was that I found two items on the rogue list that I was able to uninstall via the control panel. Then I downloaded and ran SuperAntiSpyware. Despite the fact that I've been running malwarebytes on a weekly basis SaS found 242 suspect items which I have removed. Unfortunately the issue is still there, I have also downloaded Combofix which I am about to run. If this has no effect I'll move on to the rootkit versions. Majorgeeks pages are very good, clear instructions and simple to use. GB |
You may be going in circles, i.e. you home page is set to domdex.com so every time you start your browser it goes there and re-infects. What browser are you using by the way?
|
It is important to point out also that, as good as M Mouse's link to MG is, it does not call for a boot-time scan. Unlike some suggestions of running this in Safe Mode/Command prompt I am even more cynical and cautious and do not let ANY part of Windows near my machine for a boot-time scan. It needs to be run in DOS from a boot CDROM. Virii now are getting pretty clever at 'hiding' inside a Windows frame. I do not know of one which hides in DOS - yet......................
|
Well I've run the other tools and the rootkit tools and they don't find any infection. I was running IE7 which I have upgraded to IE8 the homepage is set to Google in internet options, although I've changed that to another site to see if it helps, which it doesn't.
So am truly nonplussed now. |
GB - Avira will download an ISO to burn a boot-time CDROM, or Avast has a setting which enables a DOS-run scan. If, as it seems, you probably have an infected Windows system file, a boot scan will ask you to delete infected files. You may well need then to restore them from your Windows XP CDROM. Be prepared!
|
|
Post #22? ........
|
It is not so much "DOS" you need to run.
The key point is that you need to boot the machine from an O/S which is not loaded by the boot sector of the hard drive of the potentially infected machine. What that O/S is is irrelevant. It could be a normal copy of winXP, Unix, whatever. For example the Micro$oft boot-CD virus scanner (which I have used successfully to detect really clever infections) actually loads a copy of win7. This is no suprise, since you want that O/S to support peripherals like network controllers, USB, etc, and you want it to be able to get onto the internet and download the latest virus definitions. Plain DOS would be no good; apart from anything else DOS 6.2 only supported hard drives up to 2GB :) Once the stuff has booted off the CD, everything on the HD is treated as passive data and can be freely scanned. Since nothing on the HD is executed (as program code) there is no way for anything on the HD to interfere with this virus scan. You can achieve a similar result without a boot CD. For example if you suspect your drive C: has a virus, you can take the HD out of that machine and pop it into another machine as a secondary HD and virus scan it. Or, more cleverly, you can make a Trueimage (or some ISO) image of the whole drive, copy it to another machine (one guaranteed to be virus free) where you use TI to mount it as a logical drive, and virus scan that logical drive. FWIW, I have seen many infected machines but nothing that I have sole access to has ever got infected. That's why I think people catch the nasties in particular ways. |
Just trying to keep it reasonably simple!
|
Absolutely agree on the access. This PC has 5 user accounts on it. My laptop which I use for business has only myself, which I run as a standard user and an admin account that I log in to when I want to do admin type things. I don't generally get any problems on this one.
By restricting Domdex as a site within IE I've got rid of the irritating effect where it goes to a Dpomdex blank page whenever you try to access a site in IE. That is a symptom rather than the problem though, so I will now need to look at the boot methods as above. I have the windows XP CD so can restore files if necessary. |
HijackThis (suggested above) might well point to the entry that is causing the issue.
It hasn't been developed much since TM took over, but is still serviceable. HijackThis - Trend Micro USA |
| All times are GMT. The time now is 05:38. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.