Have redirect virus, have followed 8 steps but still having problems

Status
Not open for further replies.
So I seem to have a virus which redirects to advertising websites when I click on a link from internet searches. I suspect I may have other viruses too, or this virus has corrupted other stuff because my defragmenter (which is supposed to run when the computer goes into screensaver mode) gives an error message every time it tries to start. My computer screen has also mysteriously turned completely black a couple times, which I was only able to rectify by restarting the computer.
After following the 8 steps, at first it stopped redirecting but now it is back to doing it again.

I am most definitely not a techie person... I really appreciate any help you can give me.
 
Hi there. :)

Okay, I see some stuff. Go into HijackThis, scan, tick the following and click 'fix':

Code:
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com

This is an attempt to get you to visit the website of a rogue antivirus program, and various other places, which also probably go there. I get no ping response from 82.98.235.133, but either way, these should be removed. As far as I can see, your HJT log is clean aside from this, and the others appear to have removed the offending malware.

If you perform the actions specified in HJT and restart, what happens? Does it stop redirecting?
 
Hello fencergirl

Remove Avira or Norton from add/remove programs in controlpanel.

Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

Choose one of the servers at Majorgeeks....save the file on your desktop

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Reboot.

Please download combofix here ->
ComboFix
Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please attach it to your next post

fengergirl - Do what ChrisDown suggest
 
Hey sorry I didn't see your message ChrisDown. I started Combofix before I went to bed.

I did another HijackThis scan, but it seems that Combofix might have fixed the problems because none of the O1 items are listed anymore..?
And I don't seem to be having the redirect problem anymore.
I'll attach the combofix log just in case.

Thanks so much, both of you! :)
 
HostsXpert will have fixed it, I see you have that on your PC (as touch recommended) from the ComboFix log.

That log looks clean to me. :)
 
Status
Not open for further replies.
Back