LFS Forum - Rootkit/ redirect virus

#1 - Bmxtwins

Rootkit/ redirect virus

Mon, 3 Dec 2012 22:52

I had a searh engine reirect virus. Couldnt fix it so im doing a system restore to 5 days ago, should that be enough?

#2 - JackDaMaster

Mon, 3 Dec 2012 23:30

have you ever heard of google

#3 - aroX123

Mon, 3 Dec 2012 23:36

#4 - Bmxtwins

Tue, 4 Dec 2012 00:05

Quote from JackDaMaster :have you ever heard of google

well. the problem is that when i go to any search engine I can type in anything I want and it automatically brings me to a random ad site.

For example I can type in Jack sucks at staying on 4 tires and it would bring me to an add page with apple pie.

edit: seems system restore worked

#5 - DeKo

Tue, 4 Dec 2012 02:22

I suggest doing the usual Malwarebytes/Spybot S&D/combofix scans in safe mode, would have to be pretty good to dodge that. Then, start using MSE for anti-virus.

#6 - Bmxtwins

Tue, 4 Dec 2012 03:10

I have always used malwarebytes and mse, it got past both of those.

#7 - Framaris

Tue, 4 Dec 2012 08:50

I recommend Malwarebytes and emsisoft anti malware...and to clean all the shit hanging on your browsers try adwCleaner: http://www.softpedia.com/get/A ... al-Tools/AdwCleaner.shtml

Also rootkit are often installed in the master boot record...so to be sure boot from windows cd, chose repair and go to the Command Prompt (cmd) and type:

bootrec /fixmbr

Then type:

bootrec /fixboot

That should remove it if it was there...

#8 - Bmxtwins

Tue, 4 Dec 2012 12:16

I don't think my PC ever came with a windows disk. It was all preinstalled and stuff. Damn HP.

#9 - Framaris

Tue, 4 Dec 2012 12:34

To create a system repair disc

Open Backup and Restore by clicking the Start button , clicking Control Panel, clicking System and Maintenance, and then clicking Backup and Restore.
In the left pane, click Create a system repair disc, and then follow the steps. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

#10 - three_jump

Tue, 4 Dec 2012 12:50

Quote from Bmxtwins :I don't think my PC ever came with a windows disk. It was all preinstalled and stuff. Damn HP.

You can download the iso images from MS (or in this case an affiliate)
http://easytopia.de/windows-7- ... al-direkt-download-links/ (Ignore the german, just scroll to the links)

All you need is the CD-Key Sticker (that will also tell you the iso you'll need) which should be on your PC / notebook.
(In case you want to do a clean install)

#11 - Bmxtwins

Tue, 4 Dec 2012 13:27

Quote from Framaris :To create a system repair disc

Open Backup and Restore by clicking the Start button , clicking Control Panel, clicking System and Maintenance, and then clicking Backup and Restore.
In the left pane, click Create a system repair disc, and then follow the steps. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Yeah thats probably a good idea

#12 - Becky Rose

Wed, 5 Dec 2012 08:25

All anti-virus anti-malware software is rubbish, they just use md5 hash checks. The malware authors have been getting past that for years by using polymorphic installers and the anti-virus community has not yet managed to deal with that.

The problem is Windows.

The sad part is that there's no money in browser jacking anyway, if you speak to the people who've done it. Unfortunately for as long as people think there is money in it then they will try.