Annoying Virus, can you help? Vista

Django x2

Django x2

Django x2

Soldato
Joined
28 Sep 2008
Posts
14,223
Location
Britain
My friend has asked me to look at her sisters laptop. She keeps getting popup IE windows which try to load some java thing but often fails. Occassionally it works and some random page about puppies or similar appears, occassionally too, some naughty sites, but not often.

MSE fails to update too now (i've seen this before with a similar virus) just says it can't connect although the internet actually works fine. It doesn't redirect like other virus either, it gives correct google results and when you click on the links it takes you to the right page (albeit via a very odd URL).

I've run Malware Bytes and it found 7 infections which it said it cured. I believed it because scanning again found nothing, however, the virus is still there (same behaviour).

Can you guys suggest what to check for next?

Thanks
 
Boot into safe mode and do full system scan, then make the program do another boot up scan for when you restart the PC, you know before windows starts, just to make sure the infection has gone.
 
Usually a Spybot and Malware Bytes scan will find the most curious of infections and remove them. Spybot will go one step further and continue scanning before Windows logs in to ensure the system is clean too.

I would then install a proper AV package on the machine, something like AVAST with web scanning enabled so that any suspect scripts trying to load with pages are flagged before they do any damage.
 
add combo fix to the list.

Helped a friend who had exactly the same thing and after running malware bytes, I ran combofix which detected rootkit presence which it removed. Problem solved.
 
Offline scanning is my preferred method for removing viruses. Give the above a try, but if you're running "live" it's always advantage malware.
 
bledd. said:
disable system restore
run ccleaner slim
run mbam
run nod32
run spybot s&d
Click to expand...

I cant install Spybot as it seems to want to connect to the internet to download files when it installs. Whilst I can browse the internet fine from the infected machine, I can't seem to run programs that update over the internet (Malware bytes, MSE, included).

Is there a proper installer I can get?
 
go in to registry and delete everything from start up from the two locations:

Hkey_Local_Machine\Software\Microsoft\Windows\currentversion\Run
Hkey_current_user\Software\Microsoft\Windows\currentversion\Run

also the start menu "start up" folders.

remove anything in windows host file and remove any IE proxies or connection settings.

restart the pc

check internet settings, by using ipconfig and ping and checking the nic properties to make sure nothing strange there.

install firefox.

should be ok after that.

edit: if that does not fix it then you might have a virus/malware/rootkit that has installed itself as a service or a more advanced one which could be a hassle to remove manually.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom