I got on a friend's laptop recently and noticed it had a whole lot of crap on it.
I cleaned up most of it including DrAntiSpy as well as some other apps and dlls.
The was no antivirus so I installed AntiVir free version which cleaned some stuff.
However there is still an issue, whenever in google or other search engine, the search is redirected with some add popup to go.google.com, but not to the actual page. If I click on the cached page option then it works.
The same problem occurs in FireFox so it's not just IE. Furthermore, windows update as well as many other sites for antivirus or antispyware are forwarded to 127.0.0.1, but not through the hosts file which is empty. (Automatic updates still work asking to install SP3),
Killing all apps did not help, but once I killed the svchost hosting DCOM Server Process Launcher and terminal services, IE stopped redirecting.
I am wondering if there may be a DCOM component loaded that should not be there. Anybody know of a good resource about DCOM and how to spot bad entries.
My time with the PC is very limited so I have not had a chance to disable DCOM or reset the winsock to see if that helps.
I did try installing ComboFix but antivir detected TR/Dropper.Gen in some of it's files. Is that normal? I heard ComboFix was really good at getting rid of tough viruses or malware.
The owner of the computer says the computer is running better than it had for months and is quite happy. I am not happy knowing it has some nice well hidden malware on the system.
Any other ideas or programs would be greatly appreciated.
Thanks
elkinm
I cleaned up most of it including DrAntiSpy as well as some other apps and dlls.
The was no antivirus so I installed AntiVir free version which cleaned some stuff.
However there is still an issue, whenever in google or other search engine, the search is redirected with some add popup to go.google.com, but not to the actual page. If I click on the cached page option then it works.
The same problem occurs in FireFox so it's not just IE. Furthermore, windows update as well as many other sites for antivirus or antispyware are forwarded to 127.0.0.1, but not through the hosts file which is empty. (Automatic updates still work asking to install SP3),
Killing all apps did not help, but once I killed the svchost hosting DCOM Server Process Launcher and terminal services, IE stopped redirecting.
I am wondering if there may be a DCOM component loaded that should not be there. Anybody know of a good resource about DCOM and how to spot bad entries.
My time with the PC is very limited so I have not had a chance to disable DCOM or reset the winsock to see if that helps.
I did try installing ComboFix but antivir detected TR/Dropper.Gen in some of it's files. Is that normal? I heard ComboFix was really good at getting rid of tough viruses or malware.
The owner of the computer says the computer is running better than it had for months and is quite happy. I am not happy knowing it has some nice well hidden malware on the system.
Any other ideas or programs would be greatly appreciated.
Thanks
elkinm
Facebook
Twitter