• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Every return I get from a search engine redirects me to an advertisement

E

enwar3

Golden Member
This is really, really annoying. Everytime I click a search result on, say, Google or live.com, it redirects me to a random advertisement. Is this a virus? I recently (as in half an hour ago) removed AntivirusXp2009 =X


This looks like it fits Security better than Software For Windows.

AnandTech Moderator
mechBgon
 
Yes, and apparently the damage is worse than originally thought. It also directed you to the wrong forum where you can be ridiculed for
a) posting in the wrong forum
b) Not knowing how to google a solution
c) downloading infected pron.
 
AntivirusXp2009? yeah its a ivrus. a very nasty one. itjgets worse over time.also its a pain to remove
 
I guess you all know of the OP.
Try free MalwareBytes. It does a great job of removing AntivirusXP2009 I thought, and many more.
 
Originally posted by: BoomerD
Yes, and apparently the damage is worse than originally thought. It also directed you to the wrong forum where you can be ridiculed for
a) posting in the wrong forum
b) Not knowing how to google a solution
c) downloading infected pron.
Click to expand...

:^D
 
I got AntivirusXP2009 off, but I didn't notice until afterwards that all my browsers were still hijacked.

I ran malwarebytes three times or so amidst a number of reboots until the problem seemed fixed (at least in Opera), which was this morning. Tonight I open up firefox, BOOM the trojan is back and now it's back in Opera as well. In addition, I can't get to www.malwarebytes.org or open malwarebytes. This is really sad times.
 
If the hijack occurred because you downloaded and ran a Trojan Horse program, thinking it was a ________ (Flash Player update, codec, ActiveX dealiebob, whatever), then be more suspicious in the future. Bait... fish hook... you get the picture.

If the hijack occurred "under the surface" without direct help from you, then look at these security steps to make it unlikely to happen again.

Regarding your current problem, could you list these:

1) your Windows version and Service Pack level (for example, "Windows XP Home Edition, SP3" or whatever)

2) do you have a router?

3) what antivirus software you have installed

4) what anti-spyware software you have installed


It may sound like a far-fetched possibility, but if you have a router, it may have been compromised. Give it a full reset using the RESET button on the back, for starters.

As a starting point for cleaning up the infection, use a working computer to download and burn a .ISO of F-Secure's Rescue CD. Boot your infected computer from the bootable CD, and run a scan with it. It will take time, so this may be something you want to do overnight.

 
Originally posted by: mechBgon
If the hijack occurred because you downloaded and ran a Trojan Horse program, thinking it was a ________ (Flash Player update, codec, ActiveX dealiebob, whatever), then be more suspicious in the future. Bait... fish hook... you get the picture.

If the hijack occurred "under the surface" without direct help from you, then look at these security steps to make it unlikely to happen again.

Regarding your current problem, could you list these:

1) your Windows version and Service Pack level (for example, "Windows XP Home Edition, SP3" or whatever)

2) do you have a router?

3) what antivirus software you have installed

4) what anti-spyware software you have installed


It may sound like a far-fetched possibility, but if you have a router, it may have been compromised. Give it a full reset using the RESET button on the back, for starters.

As a starting point for cleaning up the infection, use a working computer to download and burn a .ISO of F-Secure's Rescue CD. Boot your infected computer from the bootable CD, and run a scan with it. It will take time, so this may be something you want to do overnight.
Click to expand...

It occurred without my knowing.. so "under the surface" I guess.

1. XP Pro SP2

2. No router... but I am on university campus and I use campus wireless...?

3. McAfee

4. I've run the McAfee scan and Malwarebytes (which removed it the first time but now I can't get the program to run). I tried to install search & destroy but a lot of the antivirus sites are blocked and the .exe file can't access the site to continue the install.

I'll try Rescue CD tonight.
 
Ok, give the Rescue CD a try, and then I would go in this order:

1) after the Rescue CD is done, boot into Windows and disable your wireless.

2) while your wireless is disabled (and wired network connections are unplugged), now uninstall the McAfee software and reboot as needed.

3) while your wireless and wired network connections are still down, enable the Windows Firewall as shown in my security steps link above. Use the No Exceptions checkbox for now.

4) now that the Windows Firewall is enabled, you can turn your wireless back on. To get started, I'd go get the free version of AntiVir from http://www.freeav.com/, and get that installed and updated. No AV is perfect but I feel it's a lot better than McAfee these days.

5) AntiVir will put a shortcut on your desktop. Double-click it and you'll see where it says there's never been a full scan of your computer. So run a full scan, and now you've scanned the system with two different antivirus products (F-Secure/Kaspersky and AntiVir).

6) Once that's done, head to Microsoft Update to upgrade your Windows Update engine to the Microsoft Update engine. Then go back again, and again, and again, until your system has all the Service Packs and all the Critical or High-Priority patches. This will take quite a while, so make sure you have lots of snacks 😀

7) Next, get your Data Execution Prevention fully enabled (the "security steps" link has info on that).

8) Run the free Secunia Personal Software Inspector to fix vulnerable stuff that no one realizes they've got. There's a link to that in the "security steps" page too.


Keep the Windows Firewall enabled. You may need to allow exceptions as time goes by, but don't take the firewall down altogether. Hope that helps 🙂
 
Originally posted by: mechBgon
Ok, give the Rescue CD a try, and then I would go in this order:

1) after the Rescue CD is done, boot into Windows and disable your wireless.

2) while your wireless is disabled (and wired network connections are unplugged), now uninstall the McAfee software and reboot as needed.

3) while your wireless and wired network connections are still down, enable the Windows Firewall as shown in my security steps link above. Use the No Exceptions checkbox for now.

4) now that the Windows Firewall is enabled, you can turn your wireless back on. To get started, I'd go get the free version of AntiVir from http://www.freeav.com/, and get that installed and updated. No AV is perfect but I feel it's a lot better than McAfee these days.

5) AntiVir will put a shortcut on your desktop. Double-click it and you'll see where it says there's never been a full scan of your computer. So run a full scan, and now you've scanned the system with two different antivirus products (F-Secure/Kaspersky and AntiVir).

6) Once that's done, head to Microsoft Update to upgrade your Windows Update engine to the Microsoft Update engine. Then go back again, and again, and again, until your system has all the Service Packs and all the Critical or High-Priority patches. This will take quite a while, so make sure you have lots of snacks 😀

7) Next, get your Data Execution Prevention fully enabled (the "security steps" link has info on that).

8) Run the free Secunia Personal Software Inspector to fix vulnerable stuff that no one realizes they've got. There's a link to that in the "security steps" page too.


Keep the Windows Firewall enabled. You may need to allow exceptions as time goes by, but don't take the firewall down altogether. Hope that helps 🙂
Click to expand...

Thanks for all the help! I will definitely try your suggestions.

As for Rescue CD, there are a lot of warnings about how the cd will rewrite system files that could turn my currently-limping-along laptop into a completely dead laptop. Should I go ahead and run the scan still?
 
Originally posted by: enwar3
Originally posted by: mechBgon
Ok, give the Rescue CD a try, and then I would go in this order:

1) after the Rescue CD is done, boot into Windows and disable your wireless.

2) while your wireless is disabled (and wired network connections are unplugged), now uninstall the McAfee software and reboot as needed.

3) while your wireless and wired network connections are still down, enable the Windows Firewall as shown in my security steps link above. Use the No Exceptions checkbox for now.

4) now that the Windows Firewall is enabled, you can turn your wireless back on. To get started, I'd go get the free version of AntiVir from http://www.freeav.com/, and get that installed and updated. No AV is perfect but I feel it's a lot better than McAfee these days.

5) AntiVir will put a shortcut on your desktop. Double-click it and you'll see where it says there's never been a full scan of your computer. So run a full scan, and now you've scanned the system with two different antivirus products (F-Secure/Kaspersky and AntiVir).

6) Once that's done, head to Microsoft Update to upgrade your Windows Update engine to the Microsoft Update engine. Then go back again, and again, and again, until your system has all the Service Packs and all the Critical or High-Priority patches. This will take quite a while, so make sure you have lots of snacks 😀

7) Next, get your Data Execution Prevention fully enabled (the "security steps" link has info on that).

8) Run the free Secunia Personal Software Inspector to fix vulnerable stuff that no one realizes they've got. There's a link to that in the "security steps" page too.


Keep the Windows Firewall enabled. You may need to allow exceptions as time goes by, but don't take the firewall down altogether. Hope that helps 🙂
Click to expand...

Thanks for all the help! I will definitely try your suggestions.

As for Rescue CD, there are a lot of warnings about how the cd will rewrite system files that could turn my currently-limping-along laptop into a completely dead laptop. Should I go ahead and run the scan still?
Click to expand...

I guess there's always that risk. Backing up your important stuff (emails, contacts, files, music, photos and documents) to an external drive, and making sure you have your Windows installation disc and CD key, would probably be a good just-in-case move.

 
I spent about 6 hours cleaning up someones laptop with similar issues. I ran the programs in the Security Toolkit that is stickied on the front page and eventually it was cleaned up, but I ran everything again under safe mode.
 
wow this was an annoying little ah heck to get rid of! thanks for this post and the tips- took a while but it finally worked 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top