Free Forex Lessons Portal

Question by Anonymous: Help with a redirect virus, please?
I have a google direct virus that often takes me to “ampnetwork” and “forex” but sometimes also shopping and cooking sites. Also, when I try to visit a YouTube or yahoo answers page it often says “this video/ question is unavailable/ deleted”. Then I hit the back button and try again and the page loads correctly. I noticed that the URL is different between the correct page and the page that doesn’t load correctly. Similarly, when I try to load some Wikipedia pages it will say “no information has been added for this page”, then of course I try again and it works (however, it will load the correct name of the page. ex “X… There is no info for X” back one page, try again “X… full page for X”. All of these problems only exist when I use Google to reach these pages. My question: is there anyone with some tips on how to eliminate this problem as efficiently and effectively as possible? Thank you.

Best answer:

Answer by Pulsar
You have more likely than not got a Rootkit.

A complete pain to get rid of.
this generic attack on the infection should put things right.

First

click on Start > Run.

Type in the following into the open box.

devmgmt.msc

then Click on OK.

This will run Device Manager.

In Device Manager,

click on View > Show Hidden Devices.

expand all the devices by clicking on the “Plus” sign.
Now try to find

TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,
right click on whatever one you found and select Disable.

make sure that you do not select the Un-Install option
otherwise infection will be back once you reboot your computer.

if none of them are there do not worry,
it could be something simpler but follow what comes next.

you will have to enable view hidden folders in, folder options > view.

Delete everything in the windows temp folder,
C > Windows > Temp

Delete all cookies,
Delete all temporary internet files(not to be confused with windows temp files)
these are best deleted via your internet browsers.
it will save you messing about in the the hidden system files

reset internet explorer,
tools > internet options > Advanced tab > reset .

Delete everything in the prefetch folder.
C > Windows > Prefetch

Delete the hosts file,
C > Windows > System32 > drivers > etc > HOSTS

A clean hosts file will be written by windows when you reboot later.
Note: if you were using a custom Hosts file
you will need to replace any of those entries yourself.

Delete the flash cookies found in the macromedia, #Shared Objects folder.
c > users > “your name” > App Data > Roaming > macromedia > Flash player > #Shared Objects

delete everything you find in the #Shared Objects folder

last lot to delete,
navigate to
c > users > “your name” > App Data > Local > Temp

delete everything in the Temp folder.

Run a full scan with this
Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

and remove everything suspicious it finds.

Do not have any open windows and shut down all programs when you run it.

Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_sfx.exe

Then run a full scan with this and remove what it finds.

Super anti spyware Pro : http://www.superantispyware.com/

Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SUPERAntiSpywarePro.exe
this has a tool built in that can reset the URL prefix’s, USE IT.

reset your router to default.

download then run,Hitman pro : http://www.surfright.nl/en to mop up anything left.
remove what ever it finds.

your redirect virus will now be gone.

.

What do you think? Answer below!