Rerouting to ad websites

Radio91PRadio91P Layton, UT New
edited November 2010 in Science & Tech
A friend of mine asked that I clean off her laptop as she was concerned she had a virus. I found and deleted 19 viruses. However, both in IE and Firefox if you search of something and then click the link it will take you to an ad site. I don't see any add-ons that would be doing it. I used Avira and Malwarebytes to scan which are now not finding any viruses. Is there something I'm missing? Is there something else I can try? By the way, it won't reroute you if you directly put in the address you are wanting.:(

Comments

  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2010
    She has spyware, not a virus, which mean a virus scanner is not likely to detect anything. MBAM is a very good anti-spyware program, but most infections require multiple programs.

    HJT, MBAM, smitfraudfix, etc. etc.

    Just keep throwing programs at the PC until it stops giving you shit.
  • Radio91PRadio91P Layton, UT New
    edited September 2010
    Sounds good Thrax. Thanks
  • ardichokeardichoke Icrontian
    edited September 2010
    That or just format and reinstall. Some of those hijackers are really resilient and it ends up taking less time to backup, format, reinstall than it does to clean everything up.
  • Radio91PRadio91P Layton, UT New
    edited September 2010
    What is the best way backup her stuff? Is there a risk of taking the hijacker to the new install?
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2010
    Not really. Unlike a virus, spyware is not infectious. Most spyware strains also infect system32, temp directories or various useless hidden folders in the user account directory. Long story short, spyware is not likely to reside in any location you'd target for backups.
  • ardichokeardichoke Icrontian
    edited September 2010
    hooo boy... that's a loaded question. If she's a good user, then you SHOULD only need to back up her user directory (provided she's using a version of Windows newer than ME). Essentially, when I'm doing a backup and reinstall, I just make a list of the software that will be needed after the reinstall, copy the users data to an external hard drive (or secondary internal drive) then pop in the Windows CD, do a full format of the Windows drive and reinstall. After that, reinstall whatever software is needed and copy the user data back. It's possible that some remnant of the problem could be present in her user data (especially if she downloaded something and installed it that caused the problem) but the chances are slim that the infection would be carried over just in her data (in my past experience anyway).
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian
    edited September 2010
    If she has 32 bit windows (especially if it is XP), just run combofix once, mbam once, call it a day. Take your friend to lunch afterward with all the time you just saved.
  • trolltroll Windsor, Nova Scotia Icrontian
    edited September 2010
    This ^
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian
    edited September 2010
    You may also want to do clear all settings in IE to make sure there aren't proxy things hanging about.
  • ardichokeardichoke Icrontian
    edited September 2010
    I still say that once you've got an infection like this it's better to format and reinstall. It's very hard to be sure that you've cleared up 100% of the problem and you could be leaving something less obvious but far more malicious behind if you just attempt to clean it up. Format and reinstall won't leave things behind.

    IMHO, the best way to deal with spy/malware and virii is to protect yourself from getting them in the first place. Once you've been infected though, it's best to nuke it from orbit in most cases.
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian
    edited September 2010
    Potato potato. I've cleaned off worse infections before without any problems. I had one recently that was hella bad and ended up telling the guy it wasn't possibly without a reformat and reinstall (1000's of infected DLLs and windows EXEs without the ability to run sfc /scannow and such).

    To answer your question about backing up:
    External HDD or to DVD or something like that, scan it with a known safe computer, dump it back on her computer after your reinstall is complete (if you go that route).
  • Radio91PRadio91P Layton, UT New
    edited September 2010
    I ran spybot search and destroy and finally got it. Thanks for the info on backing up.
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian
    edited September 2010
    You should look over my suggested weapons, I don't trust spybot by itself.
  • P0rkCh0pP0rkCh0p baltimore
    edited November 2010
    Radio91P wrote:
    A friend of mine asked that I clean off her laptop as she was concerned she had a virus. I found and deleted 19 viruses. However, both in IE and Firefox if you search of something and then click the link it will take you to an ad site. I don't see any add-ons that would be doing it. I used Avira and Malwarebytes to scan which are now not finding any viruses. Is there something I'm missing? Is there something else I can try? By the way, it won't reroute you if you directly put in the address you are wanting.:(

    look up windows defender virus its a bitch to clean, worse case format and start over, you will have to go through the registry to clean alot of it up, its a pain to do. i would save what ever files to a remote drive and format the main drive, restart and scan the new one and go from there
Sign In or Register to comment.