First virus in years - how can I beat this?

[TheNiceGuy]

Hi all
As of a few years ago I have been using Microsoft Security Essentials for security, and have had no problems. A couple of days ago I clicked on an ad while surfing the net, and have picked up a couple of popups from that site that won't go away. They are super annoying as they popup on the desktop continually, weather I'm using the internet or not.

I've scanned for viruses several times and nothing is showing up.

Any ideas?

 

[compman25]

superantispyware and malwarebytes

 

[jadinolf]

superantispyware and malwarebytes

Great advice!

 

[TheNiceGuy]

I ran the Malwarebytes and it picked up 4 trojans. Looks like we beat it.
Thank you.

 

[Chiefcrowe]

I'd also recommend scanning with an online scanner such as f-secure and an offline AV boot disc such as avira, just to make sure.

 

[COPOHawk]

1. Malware Bytes
2. Superanti-spyware
3. ESET (NOD32) Online Scanner - this is the best free online scanner out there...picks up stuff that resident AV software misses, including McAfee, Symantec, MS Security Essentials.


I clean off an average of 2 computers a week for customers..make sure you run the online scanners just in case...it is WAY too common these days for rootkit viruses to remain dormant...and come back after a few days/week to bite you again.

Good luck.

 

[Modelworks]

Any time a pc appears to be infected and antivirus software isn't finding anything it usually means a rootkit is in place. root kits can infect drivers so that the rootkit is invisible to the OS. One really popular and bad variant is TDL3/4 .
http://blog.eset.com/2011/05/10/the...-bypass-the-windows-os-loader-patch-kb2506014

It effects windows 7 x32 and x64 versions by patching drivers.

 

[SZLiao214]

I am a big fan of Combofix from bleeping computer

Try it out next time.

 

[COPOHawk]

TDSSKiller is great to remove the above mentioned rootkit virus. I had that damn TDL3/4 actually infect a DSL modem/router (Qwest) that I had to reset to factory specs to get rid of...it had a DNS hijack going on for all internet traffic...but didn't actually infect the computers.

Combofix can work great...but I have had a few times when it messed up a computer when trying to remove the virus...use at your own discretion.

 

[Chiefcrowe]

wow, how did that thing affect the router? that is crazy! never seen that before!!

 

[lowrider69]

There's some good advice given in this thread so far. I would like to add a bit of advice....dump MSE. It's not what it used to be and it misses quite a few drive-by infections these days especially rootkits from what I have noticed. If you want to stick with a free AV go with Avast 6 or Avira.

 

[LiuKangBakinPie]

Tds rootkit
Device manager show hidden devices
Hmmm what this sys that dont belong In my drivers? Delete reboot.
Bootsector->mbrcheck

 

[Venom20]

I have never been a fan of MSE either. Personally it feels like I'm putting too many eggs in the Microsoft basket. Good choice on Malwarebytes. I generally recommend a boot up into safe mode for some additional scans if you are able to (with AV as well).

I regards to the virus infecting the router, I can believe it. Most ISP's will install custom firmware. It would not be too difficult to infect one ISP at a time.