[Utael]

So, somehow I picked up a virus. When I search in firefox, google does its search but each link takes me to some other sketchy search engines. I've run Malwarebytes anti malware with no success.

I will be running spybot search and destroy here soon and was wondering what else I may be able to try to get this thing gone.

[modi123_1]

Did you run malware bytes in safe mode? If not do that. 9/10 times it takes care of it.

Any id on the virus name? You can probably just zero in on a one shot fixer..

[Utael]

Unfortunately, I don't know the name of the virus, After spybot is done searching, I'll pop into safemode and run malware bytes again.

[calvinthedestroyer]

Check your host file to make sure it was not changed.

[no2pencil]

Disable all Firefox addons. Any search hijack I've seen is an addon to the browser.

[Utael]

no2pencil, on 21 July 2012 - 12:21 PM, said:

Disable all Firefox addons. Any search hijack I've seen is an addon to the browser.

I checked all my addons, and the only things still running are the ones I've personally added (Way before this virus came around)

Where would I find the host file?

Also, for some strange reason it will not boot into safemode, It gets to loading the basic system files, gets stuck on one file and never loads...

This post has been edited by Utael: 21 July 2012 - 11:31 AM

[Ryano121]

Find it at -

C:\Windows\System32\drivers\etc\hosts

Also is this only happening with Firefox? Or with all browsers?

This post has been edited by Ryano121: 21 July 2012 - 12:09 PM

[no2pencil]

Utael, on 21 July 2012 - 02:30 PM, said:

Also, for some strange reason it will not boot into safemode, It gets to loading the basic system files, gets stuck on one file and never loads...

You know what would be REALLY helpful? Knowing what that file is.

[Utael]

Update on info, it only seems to use Google, haven't tried another browser, when I get home ill get the file name I do know its a .sys file, all my docs (that are important are backed up) so if o can't sort this out today ill just do a wipe and reload. Maybe ill dual boot with ubuntu this time.

[no2pencil]

Delete your Google Search, & reinstall it.

[Utael]

no2pencil, on 22 July 2012 - 07:53 PM, said:

Delete your Google Search, & reinstall it.

google.JPG

It effects Both Firefox and Google Chrome, I am talking about the actual webpage and not the add-on bar. Although I did try your suggestion.

Going to do a quick restart into safemode and I'll post which sys file its getting stuck on.

And of course now it boots into safe mode

[KYA]

It might be a dns hijack or a portion of the TDDS rootkit. Reset and reboot your router if you have one and flush the dns cache on your local box.

[GunnerInc]

The sys file is probably TDSSserve.sys

Search for "Google Redirect Virus" and you will find tons of info on how to remove it.

[Utael]

KYA, on 22 July 2012 - 08:40 PM, said:

It might be a dns hijack or a portion of the TDDS rootkit. Reset and reboot your router if you have one and flush the dns cache on your local box.

I'd do that except it doesn't effect any other device on this network. I have also flushed the DNS cache with no change.

GunnerInc, on 22 July 2012 - 08:42 PM, said:

The sys file is probably TDSSserve.sys

Search for "Google Redirect Virus" and you will find tons of info on how to remove it.

It booted now in safe mode and am now running malware in safemode, we will see if it comes up with anything. While thats going I will certainly do that.

I don't remember the name of the process, I was just excited it booted into safemode, I will definately track that down. If the malware bytes doesn't pick anything up that will be the next step since that requires a dedicated program.

[Utael]

Update: Ran TDSS killer, found a trojan am restarting and will find out whether this solved the issue, If it does I know what I'm downloading next (kaspersky {hope i spelled that right})

Looks like I'm gonna be shelling out $60 this next pay period.

This post has been edited by Utael: 22 July 2012 - 09:04 PM