Really troublesome virus/malware, antivirus can't detect

[DL402]

I'm using NOD32, and I checked my task manager to see anything suspicious, but nothing is listed.

What this virus has done so far has made every one of my google search links into some random spam websites when I click on them.

What's a solid program/antivirus that would be able to trace and fix this?

 

[D1gger]

Have you checked your hosts.ini file? perhaps Nod32 has dealt with the virus, but the hosts.ini file could have been changed before that happened, and then it would re-direct your web searches.

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

 

[DL402]

The hosts files remain the same, there's nothing wrong with them. Each website it redirects me to is different, it's one of those generic websites you go to when you enter a wrong url.

 

[rm_dimns]

I installed Utorrent and a few seconds later, viruses coming from the internet is being downloaded by my pc, good thing there is I got ESET NOD32 which can detect those downloaded viruses but I got annoyed coz it never stop and it keeps destroying my pc, now I can't hear music from my pc. Though I can fix the sound problem when I restart my pc but virus are continuously downloaded and blocked by NOD32. It's annoying. Then I use ESET Smart Security 4 and it's gone.

 

[Lanyap]

Sounds like you have a trojan virus. Use Malwarebytes to clean it up. It's the first thing I always run when I suspect malicious software on a pc.

http://www.malwarebytes.org/

 

[llee]

He has the Google Redirect Virus.

Download (on a separate computer) Spyware Doctor (google for key), Malwarebytes Anti-Malware, Spybot Search & Destroy, and Super Anti Spyware.

Download the manual patches for all of these programs.

Install, update, and run full scans with each of these 4 programs.

Reboot, perform live updates, and check if the problem is resolved.

 

[GrumpyMan]

Check your temporary files for .exe programs also.

 

[RebateMonger]

I recently saw a computer doing this. It's done by setting up a Web Proxy Server at 127.0.0.1. Check your web browser(s) LAN "Connection" settings for a pointer to a Proxy Server. The Proxy Server allows you to get to Google or Bing for searches and returns valid search results. But when you click on the search result links, you get sent to a malware-sponsored site. DNS and the HOSTS file were fine on the PC I looked at.

Despite running AV and anti-spyware software, the computer got contaminated with no interaction by the owner. At first it was displaying rogue AV software, along with a total inability to run any software at all. Fortunately, I was able to do a CTRL-ALT-DEL right at the User log-in time and from there was able to initiate a Windows System Restore. I thought everything was pretty clean when the owner noticed the browser search redirection.

Basically none of the tools I tried were able to find all of this particular malware. The Windows System Restore to a week earlier had gotten rid of most of it, but the Proxy Server remained undetected until I looked for it in the browser options. By doing the CTRL-ALT-DEL and ending all unrecognized processes, we could temporarily disable the Proxy Server. But it'd come back on reboot.

The PC owner wanted to switch from XP to Win7 anyway, so we ended up deleting the XP boot partition and installing Win7. Then I had the owner make a Win7 System Image backup to an external USB disk so we won't have to go through this again.

 

[bamacre]

Here is what I have learned to use...
http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/

My parents were having this same problem with their PC and this worked. It's worked for everything I've thrown at it. One caveat, make sure you have your Windows install disk. If it finds any Windows files that are infected, it'll delete them, and it's possible that you will need to run a repair install of Windows.

 

[RebateMonger]

I've had pretty good luck with the F-Secure Rescue CD. Biggest problems are that the scans can take a LONG time and you don't really know how long it's going to take. Also, the last time I used it was on an NVidia-chipset motherboard and it looked like the F-Secure disk didn't have a driver for the NVidia networking chip so it didn't download the latest malware definitions. I was stuck at 2008 definitions that probably won't detect recent malware.

There's a way to offer the Rescue CD an update on a USB stick, but it's a bit more work. but you should definitely do so if you see that the F-Secure scanner is using the original on-CD definitions. Version 3.01 of the scanner has built-in virus definitions from 2008 and those are supposed to update automatically when you set up the malware scan. But if it can't find the Internet, you need to manually provide a definition update.