Copy Book Virus

[Dragoon88]

Hi!

I seem to have obtained a virus that prevents my antivirus or any malware removal programs updating. I am also redirected through a site called copy-book.com when using Firefox or Internet Explorer. Often adverts or search engines pop up in new windows spontaneously.

I have followed the 8 steps for malware removal and attached the three required logs.

I would very much appreciate any advice or assistance you may be able to offer me with this issue.

Thanks very much.

PS: I may as well be honest as I'm asking for help. I think I got the virus through a keygen (a common way I know), I don't know if that helps at all. Lesson learnt though I think...

 

[tlearyus]

one of our laptops with XP Home has this as well and we have tried EVERYTHING !!

there is nothing that removes it on planet earth at the moment
have notified mcafee, symantec and all major virus labs
there is no cure and even formatting your hard drive may not fix it

Malwarebytes, Spyware Docter, Spyware Blaster etc all say system is clean
ran comobofix and sdfix in safe mode
AVG was useless
no text copy-book exists in registery
no weird DNS settings exist in network settings or hosts file (tip if you delete your windows hosts file it cripples the annoying pop-up windows but the google search results still redirect to advertising sites.)

IMHO Google really need to resolve this as it seems targetted at Google users !!


regards - tlearyus

PS: if anyone actaully solves this please let me know how you did it.

 

[kimsland]

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Failing that, try here: https://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[tlearyus]

OK i tried all of those 8 steps plus Adware SE and then DRWebCure both with latest defs but no viruses found and the same google search redirect problem still exists in all browsers..

what next to try - have just spent 2 full days on this *ouch* ??

PS: my copy of MAM and SAS both run OK and update defs OK..

 

[kimsland]

tlearyus you need to create your own thread, just for you
And then following the guide, submit all the logs.
Here's the guide again https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

@Dragoon88 you need to update Malwarebytes (as the defs are old) and scan again

 

[Dragoon88]

Hi, thanks very much for the replies. I was unable to update MWB as that is part of what the virus does. After following some steps given to me on newbie.org (I am sorry if you sites are competitors and I should not mention this!!) I managed to update and run.

The virus seems to have gone - ie: I no longer actually see myself be redirected, but I feel my computer is not running as well as it has - maybe I am paranoid.

In total I have now used:

CCleaner
Malwarebytes
SuperAntiVirus
HiJackThis
Combofix
OTMoveIt3
Kapersky online

All after advice, I know it can be bad to just run everything you can find.

I am sorry if linking to other boards may be against your rules - and I don't wish to break them after you offering help.

The logs of everything I have run are posted:

newbie.org/help/index.php?showtopic=5628&st=0#entry39665

I would post them on this site but some are a real pain to find and I have multiple logs with similar names

EDIT: I forgot to say I actually did the 8 steps before I posted the first time. Ie: I updated java and everything else - only problem was I ran an out of date MWB.

 

[kimsland]

You know that post#3 up there (by me) well that should have enabled you to update Malwarebytes.

Anyway, I'll go and check out that link (which seems to be ok to be posted for reference )

ok I've read through it all

For the moment lets clean up System Restore (about the only thing I can do safely, between these boards)
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

 

[Dragoon88]

Hi,

I did also follow the advice in your post to enable updating on MWB, I did not see the file I was meant to disable, maybe a different program cleaned it up.

I also followed your advice about the system restore.

I turned off system restore, applied, then turned back on and created a new system restore. Is this correct or should I have left it turned off - and turned on when I am totally fixed?

Thank you!

 

[kimsland]

...
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

As per above, back on
But just for your info: I have never used it, have you? If never, then maybe have a think if it's needed. ie System Restore is usually the first to be infected and then corrupted with Virus\Malware, so what's the use!?

 

[Dragoon88]

Yeah that is what I did

I guess you are right. I have only used System Restore once to good effect in about 10 years. Why is it so easily infected :s ?

 

[kimsland]

It's the first common place that these virus writers attack
How nice is that!