Announcement

Collapse
No announcement yet.

Not sure what's going on

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not sure what's going on

    I just got my laptop back from the shop.
    My foster daughter had managed to get it infected with a really annoying virus, and I had to take it in to be cleaned up.

    Based on how much it cost me, I don't think they had to wipe the drive, because I was only billed for a "disinfect".

    The computer came loaded with McAfee. I had intended to remove it and put something else on. The guy at the shop asked if I minded him putting something else on.
    The product he installed was Avira Antivir Free. I'm not familiar with it.

    My problem is that, every time I do a Google search, I get redirected when I click on the links in the results. I have to click on the links several times before I actually get to what I'm looking for, and what Google says the site is.
    It will open several times to a page with some type of ad based search site, or I will get a 404 error. Finally, after about the 3rd or 4th try, I actually get what I was looking for in the actual link.

    Is it possible I still have something on the computer, or is it possible that, in the time I've had it back, another of the girls has managed to infect it again?

    I ran Lavasoft AdAware, and I did an online scan at TrendMicro.
    It found a few cookies, but that was all, and they were removed, but I'm still having the issue.

    Any ideas?
    Too tired of living and too tired to end it. What a conundrum.

  • #2
    Yeah, sounds like you're still infected. If it's been doing it all the time since you got it back, odds are good they just ran a basic scan and clean and called it done.
    I AM the evil bastard!
    A+ Certified IT Technician

    Comment


    • #3
      I haven't really used the computer much since I got it back, but the girls have been using it a lot.

      I only really noticed the Google issue since about Thursday, though.
      I don't have a problem with redirects from any other sites, but I haven't used any other search engines, either, and I usually only visit a couple of sites in my bookmarks.

      The computer has windows XP and I use Firefox, but IE is installed, and until I told the girls to use Firefox only, I think they were using IE.
      Too tired of living and too tired to end it. What a conundrum.

      Comment


      • #4
        After cleaning out a friends system I had the same thing happen. The virus had added it's own DNS setting into windows. Once they were cleaned out it worked fine.

        Comment


        • #5
          Sounds like a Google hijack to me. I've had two of those this year. ::grumble::

          Try downloading and running SuperAntiSpyware and/or MalwareBytes. (Links provided so you don't have to worry about Google redirecting you.) Beyond that, I honestly don't know how to fix the problem. I believe I used a System Restore the first time (because there were other problems going on), and just reinstalled the second (because my computer needed it).

          Good luck!
          "Enough expository banter. It's time we fight like men. And ladies. And ladies who dress like men. For Gilgamesh...IT'S MORPHING TIME!"
          - Gilgamesh, Final Fantasy V

          Comment


          • #6
            A couple files to look at (by default they don't exist but they're useful):

            C:\windows\system32\drivers\etc\hosts
            C:\winnt\system32\drivers\etc\hosts

            If there's a bunch of entries in there, remove all of them and just have this line alone in the files:

            127.0.0.1 localhost

            And if the files don't exist, don't worry then.

            Comment


            • #7
              Sorry Ree, answering your questions in the order that makes the most sense to answer them means major reordering of your post. Hope you don't mind too much.

              Quoth lordlundar View Post
              Yeah, sounds like you're still infected. If it's been doing it all the time since you got it back, odds are good they just ran a basic scan and clean and called it done.
              Quoted for truth.

              Quoth Ree View Post
              Is it possible I still have something on the computer, or is it possible that, in the time I've had it back, another of the girls has managed to infect it again?
              Yes, on both counts. The simplest truth about any operating system (Windows, Linux, Mac, it doesn't matter) is that, once compromised, there is no 100% method to be certain that any infection has been removed. People do their best with it, but there is no guarantee that, this time, some brand new variant was installed that hides better than the other bits of malware with the same name.

              The closest that can be gotten to sure is to reformat and reinstall from scratch. And, with the way BIOS is updatable via software, that's not 100%.

              So, it is possible? Yes. From your descriptions, it's very likely.

              Quoth Ree View Post
              The computer came loaded with McAfee. I had intended to remove it and put something else on. The guy at the shop asked if I minded him putting something else on.
              The product he installed was Avira Antivir Free. I'm not familiar with it.
              Bleh. I have a Windows virtual machine that I use for testing web pages. I installed Antivir, and hated it. Calling it nagware is very kind. I'd switch to either Avast or AVG. Oh, and skip out on McAfee and Symantec. McAfee is so-so, and Symantec is so bad that I refuse to touch a machine that has it installed unless the first thing I can do is remove it.

              Quoth Ree View Post
              My problem is that, every time I do a Google search, I get redirected when I click on the links in the results. I have to click on the links several times before I actually get to what I'm looking for, and what Google says the site is.
              It will open several times to a page with some type of ad based search site, or I will get a 404 error. Finally, after about the 3rd or 4th try, I actually get what I was looking for in the actual link.
              This could be one of a few things. Since you do make it to the site eventually, I very much doubt that it's an entry in the hosts file (suggested by LionMan).

              The DNS setting (from KnowOne) is a real possibility, though. For this, the single best thing you can do is call your ISP (unless you have a home network. If you do, let us know, and we can give steps to go through that your ISP will likely refuse to do with a home network), and tell them you need to check your connection settings. Have them step you through verifying everything. And if, during the process, you don't see or hear DNS come up, ask them to help you check your DNS settings.

              The last real possibility is some form of malware is on the machine. If that's what it is, then you're likely to be a bit screwed. Mainly because we can only provide so much assistance via the net for removal of the malware. If the easy steps don't do it, you're going to be best off taking it back to the specialist, who will charge you again (which is where you get screwed).

              Something you might consider doing would be setting up a dual-boot system, using Ubuntu Linux on one half of the drive, and Windows on the other. Do not give anybody but you access to the Windows side, but let others have access to the Ubuntu side. The advantage to this is that extremely few pieces of malware can even properly install in Linux, never mind infect the Windows side. Your data would be safe, and you'd manage to save on trips to the PC guy in future. It's worth a thought, anyway.

              Comment

              Working...
              X