Anyone heard of this spyware

[Ratatapa]

Ok i just wanna know if anyone heard about it, after work i'm going to see him to pass Antivirus, Malwarebytes and Hjakthis from Hirenboot CD.

He got 2 problems.

1) exemple he goes on google.com and search for firefox, the search does fine.

But when he click on the link, it opens a pop up, with a different random website, and the main page is still on google. so he cannot do any search. But if i enter firefox adress manually in the address bar it works. (this affect IE and firefox)

2) well this one is pretty well known, but every website that is a Antivirus or antispyware is blocked. Aka if i got to avg.com it says the connection has been interrupted. So i can't update his antivirus.


Anyway i'm going to see him tonight to fix this with Hiren boot CD, i just wanted to know if anyone of you guys heard about the problem 1.

[Cephius]

Usually a variant on the Trojan.Vundo, and what you're talking about is http redirect which a lot of them can do rather easily. A quick pass of malware bytes should do the trick, this type of infection usually isn't that serious.

[Seraph]

A friend had something similar to this, due to the recent Flash exploit. He followed the instructions here and was fine:

http://www.bluegartr.com/forum/78291...s-malware.html

It was a combination of the trojan, a rootkit, HTML redirecting, and a few other weird quirks.

[Dmitry]

I have both of those problems as well. I try to follow that other post but whenever I go to MalwareBytes.org the page comes up as can't connect. Is there anywhere else I can download malwarebytes that won't come up with connection problems?

[Saga]

do you have a link to this spyware?

[Cephius]

I have both of those problems as well. I try to follow that other post but whenever I go to MalwareBytes.org the page comes up as can't connect. Is there anywhere else I can download malwarebytes that won't come up with connection problems?

Either download the files on another computer and put them on a USB stick, or have someone else download them and send them to you over AIM/MSN/IRC/whatever.

[Ratatapa]

well after passing

Combofix
Hjackthis
Kaspersky
Malwarebytes
Superduperspywareremoval
Registrycleaner
Ccleaner

and other

Spyware still affecting the PC

lame consolation guy wanna reformat anyway so

[testdummy]

Try the fix here:
New Firefox Virus Causes Redirects to Adsites | SpillSpace.com | Web Tools

[Ratatapa]

That'S fun but the problem is that this virus affect IE too, and he's an old school person aka that doesn'T wanna use firefox. (even if you can import stuff)

as for part 2 i tried it and it doesn,t work either

[Kriz]

Reformatting is best if you've reached the point where ComboFix/MalwareBytes aren't helping (even multiple runs of CF, and a Full Scan of MB?).

Since you have a Hiren's CD, an option is going via that, going to a file browser, and looking in /WINDOWS and /WINDOWS/SYSTEM32 for files, usually afjsldfgsdgh.dll kind of files, especially with a modification date rather recent.

Also, using a Windows CD, I'd do a FixMBR via the Recovery Console. I've seen some recent infections hit the MBR of a drive, and survive a machine frozen via Deep Freeze restart.