0
loumeinhart

please help bad malware virus redirects IE

By loumeinhart, in The Bonfire

Recommended Posts

loumeinhart    0

loumeinhart
Also can only run .exe's from ctrl-right click -run-as (unchecking admin box)

I don't have any backups or restore points. I can run regedit from \windows with the right click trick. IE works but is only useful in safemode.

The computer websites suck so I'm trying skydivers

Share this post

Link to post
Share on other sites

airricks    0

airricks
Have you tried downloading malwarebytes and running a scan? That seems to get rid of a lot of stuff. Although I've seen times where the malware won't let you download malwarebytes, or even install it if you download on another PC and move it over. Worth a shot though. Sometimes the least time consuming thing I've found is formatting and starting fresh, sucks without a backup though.

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
Where is the malware redirecting you to and is it creating popup IE windows? If you search on google are all results redirected??If you do a reboot is it REALLLLY slow to start up?

If so try TDSSKiller.http://support.kaspersky.com/viruses/solutions?qid=208280684
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

buff    0

buff
Boot into safe mode
Run - Regedit
Look in HKLM-Software-Microsoft-Windows-Current Version- Run

Look for a key that does not look right. Something random with tssd in it or sitting in a \Local Settings folder. That will probably be your malware. Note the path and then search the registery for every instance and get rid of the keys. Then go delete the program itself.

If you don't feel comfortable doing this, pay someone or get a MAC.
It's called the Hillbilly Hop N Pop dude.
If you're gonna be stupid, you better be tough.
That's fucked up. Watermelons do not grow on trees! ~Skymama

Share this post

Link to post
Share on other sites

ifall    0

ifall
Malware Bytes is a good one to use but I've found it will not run with a lot of the latest viruses. Another I like is Housecall by Trend Micro. I found some root kit viruses on someone's computer last week that housecall was actually able to remove. Restart into safe mode with networking then go here http://housecall.trendmicro.com/

Run a full scan not the quick one.

edit to add: After you run once do the fixes reboot back into safe mode download housecall and repeat until you have 0 threats found, then do it one more time.

Share this post

Link to post
Share on other sites

muff528    3

muff528
Quote

Boot into safe mode
Run - Regedit
Look in HKLM-Software-Microsoft-Windows-Current Version- Run

Look for a key that does not look right. Something random with tssd in it or sitting in a \Local Settings folder. That will probably be your malware. Note the path and then search the registery for every instance and get rid of the keys. Then go delete the program itself.

If you don't feel comfortable doing this, pay someone or get a MAC.



Yes, we had one computer at work become afflicted with a nasty hijacker called webantispy. It took over the browser and blocked exe files from being run. It also falsely reported trojan infections. It put stuff all over the registry. That's exactly how we fixed it. Found instructions on the internet to remove it manually. (at least I hope it's fixed) This sounds like something very similar.

Share this post

Link to post
Share on other sites

loumeinhart    0

loumeinhart
thanks everyone I'm going to try this stuff when I get home tomorrow. IE works in safemode so I will first try to get/run malwarebytes there. Now I also know what to look for in regedit.

I found spybot on the system so that is running currently in safemode but had to leave the house.

Ill let you all know how I fare..if you care

Share this post

Link to post
Share on other sites

agentsmith413    0

agentsmith413
Malwarebytes works in safe mode if the virus blocks it so just run the scan in safemode. Ive had this problem twice before and malwarebytes has always fixed it. Download it while in safemode and run it in safemode and it should do the trick.
Life is not a journey to the grave with the intention of arriving in a pretty and well preserved body, but rather to skid in broadside, all used up, and loudly proclaiming: Wow, what a ride!

Share this post

Link to post
Share on other sites

Guest   

Guest
Geez, why are you using IE at all?

Why try to patch something to fix a vulnerability that shouldn't be there in the first place?

Download and install Firefox, then add the "No-Script" plugin. Drive-bys will be in your rear-view mirror.

Or just run Linux. End of story.

mh
.
"The mouse does not know life until it is in the mouth of the cat."

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
Mark, even Firefox can be hijacked with the NoScript plugin. I know for a fact that TDSS hooks at the Atapi driver during preboot and intercepts all calls so if it sees a call to any browser it will hijack it and poison all Google search results. Its nice and will try to mask the hash of the sys driver to make it appear untouched.

Linux and Mac are not immune either, its just they are not profitable enough to dedicate all the time towards like Windows is right now. You get Linus on 60% of the desktops out there and you'll see the same volume of malware targeting it.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

theonlyski    3

theonlyski
format c: /q /s /autotest

Atleast, that was the easiest way back in the day!


(dont actually run it... really!)
"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

Share this post

Link to post
Share on other sites

theonlyski    3

theonlyski
Quote

Quote

Or just run Linux. End of story


When I have some free time I'd like to throw redhat on an old machine to setup a router for my house. Can I do that with cable internet?



You can do just about _anything_ with linux.

Hell, a Windows box can do internet connection sharing, routing and remote access isnt too terribly difficult to set up on the server systems.

Great thing about redhat is... well, all you have to do is google something like 'use redhat as nat router' and bam! 500 sets of instructions.
"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing