Hijacked internet searchs

Marty1Mc · 12-01-2012, 09:33 PM

Depends on the virus. Like I said before, re-directors tend to tie directly into the browsers. Also, many malware removal programs don't get them. But, restoring the registry removes the pointers and allows the system to boot up without the virus loading into memory and putting a reservation against the file. Then running a virus removal program can find and remove it. Like I said, I do it all the time.

gregzoll · 12-01-2012, 09:39 PM

Wrong again Marty1mc. You are way off base on this.

Marty1Mc · 12-01-2012, 09:43 PM

Dude, I really am not trying to win an argument. No offense, just because your brother works in the industry, means nothing for your knowledge. I have removed browser redirectors this way, period. I don't care whether you agree or not. It works.

gregzoll · 12-01-2012, 09:53 PM

It has nothing to do with my brother working in the industry, it is that I have been dealing with this stuff since before it became mainstream. That means at least going on 21 years now since computers have been getting infected by people using the Internet, and 15 years dealing with Windows based viri.

I have also dealt with the old Dos based viri, that dates over 30 years ago. So been doing this stuff for a very long time.

Marty1Mc · 12-01-2012, 09:59 PM

So, I have too. I had the original PC. So what.
I also have a degree in Computer Science, am a programmer by trade and do ethical hacking on the side. I know what I am doing around a pc and in the registry.
My last job was to recover a password protected video stream from cameras. The manager forgot the password and the place was robbed. I cracked it and the guy was caught.

OP, give it a try. Like I said, I have had it work many times.

digitalplumber · 12-02-2012, 09:06 AM

Quote:

Originally Posted by gregzoll

Not that easy. That is why there have been white papers written on how to properly remove malware.

My brother was one of them that helped to write the process stated on both malwareteks.com & majorgeeks.com, to remove malware from computers. He does this stuff professionally for emisoft, as a part of their Malware removal team.

Exactly, I would rather pull the drive and place in a USB dr and scan using a known clean machine.

The last thing I will do, if you can get it to function, is use the restore back. Reason is, the restore(s) can contain the issue and you dont know how far back to go to not recover them.

Marty1Mc · 12-02-2012, 09:38 AM

Quote:

Originally Posted by digitalplumber

Exactly, I would rather pull the drive and place in a USB dr and scan using a known clean machine.

The last thing I will do, if you can get it to function, is use the restore back. Reason is, the restore(s) can contain the issue and you dont know how far back to go to not recover them.

I am recommending this specifically for browser redirectors. You can do what you are talking about above, spend a lot of time and when you are done, the browser redirector will still be there. You will probably think the virus scan didn't remove it. But, it probably did.

Why then is the browser redirector still working? Because the damage to the registry has already been done. These are unique viruses. They modify 3 areas of the system: The local registry, the settings for the browser and the HOSTS file (local system file). All of these need to be returned to the correct state as well and virus scanner programs do not do this. Without knowing how to crawl through/edit the registry and edit the HOSTS file, most people are not going to rid the computer of this. There are some programs like "ComboFix" that do this on some of the viruses, but I have seen less success with these lately.

Also, most people notice a redirector almost immediately. Therefore, the restore point is usualy as of the last window update.

I don't do this with other viruses, just redirectors.

danny325is · 12-05-2012, 11:08 AM

you can clean it an make it usable agian, but it is not worth the time IMO.

I hope you backed up everything you need off that machine, if not start is Safe mode and back up what you need.

Then do a clean fresh install of windows. You will love the new feel. I am not a fan of windows 8, but if you don't have windows 7. you can get windows 8 for 39.99.