irritating virus
 

There is a virus somewhere on my desktop pc. When I launch IE my homepage appears as normal but after a few seconds a blank page is displayed with this address:



I can't get rid of it. I've updated the malwarebytes db and run a scan, I've run a scan with MSE I've deleted all the cookies and temp files using CCleaner.

nonplussed. Has anyone else had this experience or could give me a tip on how to get rid?

Cheers

Use System Restore to restore the computer to an earlier date - as far back as you can go or certainly well before the date this occurred. Then run an antivirus program like AVG Antivirus (free download) not just a malware program.

If that doesn't work reformat the hard drive using your original Windows disc with a hard reinstall of Windows.

The former option is quite quick, the second will take a few hours.

Open the page you want to go to on start up then go to tools>options then in the 'general tab' you'll see the option for setting the home page click on 'use current' then click ok and the next time you go on line it should be the right page. It may not be a virus it may be that you opened a page with some options you wanted and one of the pre-ticked boxes said @make this my home page' it catches all of us out at times.

Restoring to an old status, or reinstalling the system, is a major headache because lots of work and "stuff" disappears.

GG's solution may fix it. If not, rather than wipe everything, try a different browser such as Firefox or Chrome.

Just tried GGs method, which unfortunately didn't stop it so will go for a restore now. I don't keep much on this machine, its one the kids use for games which is why I have to clean it a couple of times a week to get all the virus's off.

System Restore does not remove your files. It will only remove any changes to the system that were installed afer the restore date. Reinstalling Windows also does not remove your files as long as you use the option to retain your files.

If you have a virus it will certainly give you an ever bigger headache than the relatively simple solution of System Restore.

Bit of information here:

domdex.com - Google Search

and here,

Embedded link to malicious site domdex.com - Threat Details and Removal Information

It does not sound like you are running a reputable Anti virus product?

I thought MSE was at least a fairly competent, and reputable AV?
It's what the OP said he scanned with. That and MBAM.

I would agree but he comments on the need to clean off virus a couple of times a week - so something doesn't add up. If it is running with Real Time Protection - then there is generally no need to do a scan as reported - at least not on that frequency.

I would strongly suggest the OP removes the link to domdex.com as they are a web tracking company so - you do not really want to go linking to it..

Yeah, but the computer is used by kids.
Only disabled internet and usb connections would prevent it becoming infected.

I didn't post the entire link only the Domdex part to avoid the issue of others getting the same problem, it's much longer than that (but I have removed it).

I admit to being surprised that running MSE doesn't pick up the repeated threats, as it is mainly adware I'm assuming that the definitions are running ahead of the MSE identification/updates and that the childrens type sites my kids use are particularly targeted by these guys.

I also wonder if the AV interacts with the parental controls I have installed in some way that restricts the identification of viruses.

Can't be real time AV running can there ???? Tried OpenDNS ?

Erm ... good luck!

It generally takes me about a year to get a new machine set up how I want it, not a few hours - and that's with the old machine available somewhere on the network so I can copy stuff off its hard disk.

-yes, and why is it that this 'format and reinstall' guff still gets airtime? MIGHT work, but not guaranteed by any means depending on the 'infection', and a complete pain in the *** as well. Far better to make a serious slash at getting rid of the thing EVERYWHERE properly - or if you want to take Flap5's advice - NEW hard drives (ALL), destroy all old drives (NB do not copy from them, so all stuff lost) /USB drives/floppies/'borrowed' CDROMS and anything else that might have the infection.

Now think it is the 'easy' solution?

By the way - do not just 'Run' AVG or similar - run a boot scan if you have a particularly nasty one.

Then fix the source of the problem... Otherwise you will continue to be doing this weekly.. good luck.

At risk of being very boring half the advice above appears to be 'well this is what I do so you will have to do it too'. It sounds like a hijacker of some description.

If you want a painless attempt at removal go to the following link and read carefully the step by step instructions on what to do.

If you feel less than confident then make a post and explain your problem having complied with what they ask you to do before posting and someone who knows what they are doing will assist you.

Majorgeeks

I have reinstalled Windows with reformatting our 'family' computer on a number of occasions. It is never quick or easy but as a last resort often the only thing left to do.

Did I mention System Restore? I believe I did.

To add to my last you should always backup your files. That goes without saying, which is why I didn't say it. Then you have an external drive with all of your files on from which you quickly copy to your newly formatted original hard drive. Quite straightforward really considering what you are doing. Unlike what BOAC and Gertrude are implying. I backup my important stuff onto several external hard drives.

With this being your 'family' computer you either have to do all of this regularly or stop them from going onto dangerous websites. I would say do both as and when necessary. Otherwise don't start a family. :)

- which could easily transfer the virus to your new machine.:ugh:

Nobody has suggested ROOTKIT infection. I have found this to be quite good at removing some of the nasties. Anti-rootkit utility TDSSKiller

A paid for version of AVG Anti Virus also has builtin Rootkit detection.

Download and install hijackthis.
Run the prog, let it do a scan.
Tick any instances of domex
the do the fix. it may fix the problem for you. Take the time to have a look at the information posted by the scan, there could be all sorts of strange stuff there.

Update on where I am so far.

This is a tricky little thing. I've run most of the cleaning measures on majorgeeks suggested by M Mouse. First good tip was that I found two items on the rogue list that I was able to uninstall via the control panel. Then I downloaded and ran SuperAntiSpyware. Despite the fact that I've been running malwarebytes on a weekly basis SaS found 242 suspect items which I have removed.

Unfortunately the issue is still there, I have also downloaded Combofix which I am about to run. If this has no effect I'll move on to the rootkit versions. Majorgeeks pages are very good, clear instructions and simple to use.

GB

You may be going in circles, i.e. you home page is set to domdex.com so every time you start your browser it goes there and re-infects. What browser are you using by the way?

It is important to point out also that, as good as M Mouse's link to MG is, it does not call for a boot-time scan. Unlike some suggestions of running this in Safe Mode/Command prompt I am even more cynical and cautious and do not let ANY part of Windows near my machine for a boot-time scan. It needs to be run in DOS from a boot CDROM. Virii now are getting pretty clever at 'hiding' inside a Windows frame. I do not know of one which hides in DOS - yet......................

Well I've run the other tools and the rootkit tools and they don't find any infection. I was running IE7 which I have upgraded to IE8 the homepage is set to Google in internet options, although I've changed that to another site to see if it helps, which it doesn't.

So am truly nonplussed now.

GB - Avira will download an ISO to burn a boot-time CDROM, or Avast has a setting which enables a DOS-run scan. If, as it seems, you probably have an infected Windows system file, a boot scan will ask you to delete infected files. You may well need then to restore them from your Windows XP CDROM. Be prepared!

Groundbased:

Try (free): www.superantispyware.com

Post #22? ........

It is not so much "DOS" you need to run.

The key point is that you need to boot the machine from an O/S which is not loaded by the boot sector of the hard drive of the potentially infected machine.

What that O/S is is irrelevant. It could be a normal copy of winXP, Unix, whatever. For example the Micro$oft boot-CD virus scanner (which I have used successfully to detect really clever infections) actually loads a copy of win7. This is no suprise, since you want that O/S to support peripherals like network controllers, USB, etc, and you want it to be able to get onto the internet and download the latest virus definitions. Plain DOS would be no good; apart from anything else DOS 6.2 only supported hard drives up to 2GB :)

Once the stuff has booted off the CD, everything on the HD is treated as passive data and can be freely scanned. Since nothing on the HD is executed (as program code) there is no way for anything on the HD to interfere with this virus scan.

You can achieve a similar result without a boot CD. For example if you suspect your drive C: has a virus, you can take the HD out of that machine and pop it into another machine as a secondary HD and virus scan it. Or, more cleverly, you can make a Trueimage (or some ISO) image of the whole drive, copy it to another machine (one guaranteed to be virus free) where you use TI to mount it as a logical drive, and virus scan that logical drive.

FWIW, I have seen many infected machines but nothing that I have sole access to has ever got infected. That's why I think people catch the nasties in particular ways.

Just trying to keep it reasonably simple!

Absolutely agree on the access. This PC has 5 user accounts on it. My laptop which I use for business has only myself, which I run as a standard user and an admin account that I log in to when I want to do admin type things. I don't generally get any problems on this one.

By restricting Domdex as a site within IE I've got rid of the irritating effect where it goes to a Dpomdex blank page whenever you try to access a site in IE.

That is a symptom rather than the problem though, so I will now need to look at the boot methods as above.

I have the windows XP CD so can restore files if necessary.

HijackThis (suggested above) might well point to the entry that is causing the issue.
It hasn't been developed much since TM took over, but is still serviceable.

HijackThis - Trend Micro USA