Anyone know what virus would cause the following symptoms?

[Arkitech]

One of the sites that I visit (or should I say use to visit after this latest virus) has really screwed up my OS. I've tried running Adaware and Malwarebytes but they get shut down while scanning and corrupted. When I try to run online scanners the virus won't let me update Java, I end up with 2502 and 2503 errors. Also when in IE if I try to search for anything I get redirected to other suspicious looking search engines and websites (this does'nt happen in firefox). If I could just put a name to this virus I could probably find a fix for it. Anyone have a clue what the name of this virus is?

 

[WaitingForNehalem]

You should reformat.

 

[Underclocked]

Have you tried some of the fixes such as combofix from safe mode? http://elitekiller.com/malware.htm download the rogue removal kit and run the fixes from safe mode.

 

[Arkitech]

Originally posted by: Underclocked
Have you tried some of the fixes such as combofix from safe mode? http://elitekiller.com/malware.htm download the rogue removal kit and run the fixes from safe mode.

Thanks for the suggestion but I decided to just go ahead and format the drive and reinstall Vista from scratch. After this next install I'm going to build a recovery image, I should have done that a long time ago anyway.

 

[Bateluer]

I've encountered similar viruses before, usually in the Antivirus 2009, Personal Antivirus, or similar fake AV variety. Odds are, MBAM will run from Safe Mode, but it won't remove everything and so the virus will redownload itself as soon as you come back into normal mode.

Also, word of warning, I experienced a virus like this last week that would jump onto USB devices you plugged into the infected computer. Beware of any autorun.inf files on your thumb drives and external hard drives or you'll get reinfected.

 

[RebateMonger]

Originally posted by: Bateluer
Odds are, MBAM will run from Safe Mode, but it won't remove everything and so the virus will redownload itself as soon as you come back into normal mode.

The last malware I encountered wouldn't let the PC boot into Safe Mode and wouldn't allow ANY software to run in Normal mode. The solution to removing the infection was to rename MalwareBytes to "winlogon.exe", since this process HAS to be allowed to run or no one will be able to get onto the computer, which defeated the "blackmail" purpose of the malware.

However, removing the malware also killed the computer, so a complete re-install was necesary.

Arkitech:

Yes, having image backups of PCs is a great idea. It allows quick recovery and is a 100% sure thing.

 

[Lanyap]

Sounds like TDSS. For future reference, this virus, among other things, installs as a driver and that's how it controls anti-malware programs and access to certain websites. One option to allow removal is to open device manager and select the option to view hidden drivers. Look for TDSS and disable it (don't uninstall it). Then you can run your anti-malware progs and get to security websites. Search google for more details.

 

[Chiefcrowe]

agreed!

Originally posted by: WaitingForNehalem
You should reformat.