Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8


30 posts

Geek

Trusted

  Reply # 508691 18-Aug-2011 18:47
Send private message

After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?

2267 posts

Uber Geek
+1 received by user: 679

Trusted

  Reply # 508708 18-Aug-2011 19:07
Send private message

graciem: After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?


You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684







 
 
 
 




30 posts

Geek

Trusted

  Reply # 508712 18-Aug-2011 19:16
Send private message

BarTender:

You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684




nothing's found :(



30 posts

Geek

Trusted

Reply # 508725 18-Aug-2011 20:13
Send private message

fixed... i think :)

downloaded the trial version of the 2012 Kaspersky (http://www.kaspersky.com/internet-security-2012?icid=bnnr_mhp_kis_area) in safe mode.  when i tried to install it, it's trying to stop me from installing saying something about admin setting is not allowing this, which is what I've been getting from installing other anti virus software.  thought that was it, then there was the popup from Kaspersky saying there may be virus that's stopping me from installing and I need to install a special virus removal software.  I Ok'd that and it started downloading the next program.  when trying to run it, I get the popup asking me to block it.  I just keep unblocking to let the program to install.  After it's done trying to scan, looks like nothing's happening and a small popup from Kaspersky saying you need to run full windows.  I did that but couldn't find where to run it.  Went back to safe mode and tried again, ignore the warning and just waited a bit longer.  it detected 1 file.  and now seems working fine, yipee!

ps. above is for removing the google url hijacking virus.

1524 posts

Uber Geek
+1 received by user: 269

Trusted
Subscriber

  Reply # 508726 18-Aug-2011 20:14
Send private message

Hmmm.... with Mr Mauricio's article on maliciousness, I thought I'd give Malwarebytes a go.

But I also have Microsoft Security Essentials running on the machine. Malware is going through first scan - and just look at what cropped up and got stomped on:

Exploit

Now I'm worried....




________
AK


108 posts

Master Geek
+1 received by user: 2


  Reply # 508917 19-Aug-2011 11:34
Send private message

I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.

29k

6 posts

Wannabe Geek


  Reply # 508945 19-Aug-2011 12:27
Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


It was stopping Vista going in Safe Mode? I'm glad you said that, because I got it on a Vista machine and couldn't get into Safe Mode and blamed it on my machine being old/dodgy/dying. One less thing I have to worry about.

108 posts

Master Geek
+1 received by user: 2


  Reply # 508962 19-Aug-2011 12:59
Send private message

Actually its still not getting into safe mode after removal of that malware, so can't confirm if that was the cause or not.

Ironically one of the first things that popped up after booting for the first time with a clean system was the Java update window. Its such a stupid process that its no wonder so many people don't have the updates and have been infected. You have to click the update window, and then accept a UAC prompt, and THEN you need to click the Java update popup again to install the update...no average user is going to do that, leaving them vulnerable. Best solution as Mauricio says is just to get rid of Java...

BDFL - Memuneh
59590 posts

Uber Geek
+1 received by user: 10762

Administrator
Trusted
Geekzone
Lifetime subscriber

1524 posts

Uber Geek
+1 received by user: 269

Trusted
Subscriber

  Reply # 509033 19-Aug-2011 14:55
Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


Hmmm, hope it's gone then and isn't tricking the security software.




________
AK


108 posts

Master Geek
+1 received by user: 2


  Reply # 509040 19-Aug-2011 15:11
Send private message

Nope, its gone, I wouldn't just rely on Avast :-)

2395 posts

Uber Geek
+1 received by user: 110


  Reply # 509043 19-Aug-2011 15:13
Send private message

After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 509046 19-Aug-2011 15:16
Send private message

One thing I noticed is that by default if java is installed then IE and Firefox will run the java. Chrome seems to have a more sensible default prompting you to allow java on this site etc.

19 posts

Geek
+1 received by user: 5


  Reply # 509048 19-Aug-2011 15:18
Send private message

kyhwana2: After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

This is fantastic advice. It's especially good for bringing a neglected machine up to speed. It checks your Flash/Shockwave/Java, and almost every application you can think of - Acrobat, Firefox...I think mine even detected an update for Notepad++

291 posts

Ultimate Geek


  Reply # 509610 21-Aug-2011 14:39
Send private message

we got this on our windows xp desktop. From firefox, with a few old java plugins installed. I think java was latest version.

Also got the google redirect malware, nothing detected it, combofix from bleepingcomputer finally removed it.




HTPC: Antec Fusion 430, Gigabyte GA-MA78GPM-UD2H F7, AMD X2 4850e, Sapphire 4670 1GB, Corsair 4x1Gb,  Adata 128Gb SSD, WD10EARS Green, LG GGC-H20L Blu-ray, Hauppauge NOVA TD-500, Logitech z-5500, Logitech Harmony 525, Samsung LA40B530 1080p, Vista Premium-32 SP2, Catalyst 10.12(Facelift preview), Mediaportal 1.2.3+OneButtonMusic, AC3Filter, Cyberlink Powercinema 6 codec, BLU-RAY: Samsung BD-F7500

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44


New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.