Copy Book Virus

By Dragoon88
Dec 26, 2008
  1. Hi!

    I seem to have obtained a virus that prevents my antivirus or any malware removal programs updating. I am also redirected through a site called when using Firefox or Internet Explorer. Often adverts or search engines pop up in new windows spontaneously.

    I have followed the 8 steps for malware removal and attached the three required logs.

    I would very much appreciate any advice or assistance you may be able to offer me with this issue.

    Thanks very much.

    PS: I may as well be honest as I'm asking for help. I think I got the virus through a keygen (a common way I know), I don't know if that helps at all. Lesson learnt though I think...
  2. tlearyus

    tlearyus TS Rookie

    one of our laptops with XP Home has this as well and we have tried EVERYTHING !!

    there is nothing that removes it on planet earth at the moment
    have notified mcafee, symantec and all major virus labs
    there is no cure and even formatting your hard drive may not fix it

    Malwarebytes, Spyware Docter, Spyware Blaster etc all say system is clean
    ran comobofix and sdfix in safe mode
    AVG was useless
    no text copy-book exists in registery
    no weird DNS settings exist in network settings or hosts file (tip if you delete your windows hosts file it cripples the annoying pop-up windows but the google search results still redirect to advertising sites.)

    IMHO Google really need to resolve this as it seems targetted at Google users !!

    regards - tlearyus

    PS: if anyone actaully solves this please let me know how you did it.
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  4. tlearyus

    tlearyus TS Rookie

    OK i tried all of those 8 steps plus Adware SE and then DRWebCure both with latest defs but no viruses found and the same google search redirect problem still exists in all browsers..

    what next to try - have just spent 2 full days on this *ouch* ??

    PS: my copy of MAM and SAS both run OK and update defs OK..
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    tlearyus you need to create your own thread, just for you
    And then following the guide, submit all the logs.
    Here's the guide again

    @Dragoon88 you need to update Malwarebytes (as the defs are old) and scan again
  6. Dragoon88

    Dragoon88 TS Rookie Topic Starter

    Hi, thanks very much for the replies. I was unable to update MWB as that is part of what the virus does. After following some steps given to me on (I am sorry if you sites are competitors and I should not mention this!!) I managed to update and run.

    The virus seems to have gone - ie: I no longer actually see myself be redirected, but I feel my computer is not running as well as it has - maybe I am paranoid.

    In total I have now used:

    Kapersky online

    All after advice, I know it can be bad to just run everything you can find.

    I am sorry if linking to other boards may be against your rules - and I don't wish to break them after you offering help.

    The logs of everything I have run are posted:

    I would post them on this site but some are a real pain to find and I have multiple logs with similar names :(

    EDIT: I forgot to say I actually did the 8 steps before I posted the first time. Ie: I updated java and everything else - only problem was I ran an out of date MWB.
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You know that post#3 up there (by me) well that should have enabled you to update Malwarebytes.

    Anyway, I'll go and check out that link (which seems to be ok to be posted for reference :mad: :) )

    ok I've read through it all

    For the moment lets clean up System Restore (about the only thing I can do safely, between these boards)
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
  8. Dragoon88

    Dragoon88 TS Rookie Topic Starter


    I did also follow the advice in your post to enable updating on MWB, I did not see the file I was meant to disable, maybe a different program cleaned it up.

    I also followed your advice about the system restore.

    I turned off system restore, applied, then turned back on and created a new system restore. Is this correct or should I have left it turned off - and turned on when I am totally fixed?

    Thank you!
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    As per above, back on
    But just for your info: I have never used it, have you? If never, then maybe have a think if it's needed. ie System Restore is usually the first to be infected and then corrupted with Virus\Malware, so what's the use!?
  10. Dragoon88

    Dragoon88 TS Rookie Topic Starter

    Yeah that is what I did :)

    I guess you are right. I have only used System Restore once to good effect in about 10 years. Why is it so easily infected :s ?
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It's the first common place that these virus writers attack
    How nice is that!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...