StarDestroyer.Net BBS

Well... yet more computer troubles...

A few days ago I got hit by another faux anti-virus, this one called Windows Diagnostic. It hid almost all of our files and brought down .exe execution as well.

I went to safe mode and killed it with Malwarebytes, and I downloaded Avira and MS Security Essentials as well.

I managed to fix the .exe issue and brought back the hidden files, and got Adblock Plus for Mozilla as well... I like it. I also picked up ZoneAlarm to back up the Microsoft firewall.

However, somehow I seem to have picked up a Google redirect virus(es?). Also, Firefox updated to another version... 3.6 or something... and now Adblock doesn't work, and neither does NoScript. If I try to pull up Options in the Add-Ons window, it freezes hard and I have to use task manager to kill it. Also, my automatic updates... aren't turning on.

So, suggestions? I've been scanning pretty much every day with Malwarebytes. I'll gladly post a HijackThis log as well if requested; I'm pretty sure I have something stuck in the registry.

All help is deeply appreciated. Thanks in advance!

Adblock does not work with Firefox 4 right now

Damn. So it's just going to be a matter of waiting till they make it compatible? Better than it being dead, I suppose. I was pretty sure I hadn't updated to Firefox 4 though... it said version 3 something, I think. Could be wrong though.

What about the Google redirect and the automatic updates?

I had the google redirect just recently. I scoured my computer for hours, and I found it weird because I don't ever even get spyware/ads/viruses because I'm extremely careful about that sort of thing. Turns out what had happened was that my specific IP was being targeted (DNS or whatnot) for redirection. To solve this, I had to restart the modem & router in order to refresh everything. I'm told it's possible for your modem/router to get hacked, so you want to do the physical reset if possible instead of just powering everything off. As in, get a pen and stick it in the tiny reset hole on your modem as you restart it. But of course, that's not going to fix the problem if it's happening on the software side of things. To confirm that it's not software, try to see if the redirect happens on other PCs using the same connection. Internet Explorer is more susceptible to the problem than FF is, in my experience, so test it in IE.

I'll have to remember to not upgrade to FF 4.0 just yet. If you still only have 3.6.16 (Help->About MFF) like I do, you should still be able to use Adblock Plus.

Alyeska wrote:Adblock does not work with Firefox 4 right now

I've been able to upgrade it on FF4 by going to Adblock's homepage and installing from there.

I definitely still have Firefox 3.6.16, but Adblock isn't coming up. I'll try going to the homepage. I think it's notable that the Add-Ons window isn't functioning properly-- I can disable or uninstall add-ons, but I can't go to their options. I tried deleting the extensions.* files in the Firefox profile, but that hasn't done anything. Pretty sure it may be related to whatever bug I've got.

No HijackThis log? I might just go ahead and post that... we only have this one PC available here so I can't really check the connection.

The redirect thing is sporadic BTW, it's on-off. Sometimes it'll redirect every search, other times it functions just fine... I don't know what's up with that, I agree that it may be a router issue.

HeadCreeps wrote:I'll have to remember to not upgrade to FF 4.0 just yet. If you still only have 3.6.16 (Help->About MFF) like I do, you should still be able to use Adblock Plus.

I've recently upgraded my computers to Firefox 4.0 and Adblock Plus works fine.

Elheru Aran wrote:The redirect thing is sporadic BTW, it's on-off. Sometimes it'll redirect every search, other times it functions just fine... I don't know what's up with that, I agree that it may be a router issue.

That sounds like what I had. With FF it was random, but then my FF has Noscript/ABP and generally higher security than IE. When I tried googling anything in IE, it happened every single time. This makes IE recommendable for testing. However, those other problems are possible symptoms that your software has been affected as well, so confirming that the problem still happens on other computers won't necessarily mean resetting your hardware will fix the problem.

From when I was researching it, the google redirect itself, when it's in your software, is extremely well-hidden. It won't show up in Task Manager, and I'm a little doubtful that it's going to show any evidence in a highjackthis log. None of your spam killers or virus programs are likely to detect it.

Blah, I can't edit my previous post.

I don't know if you've been able to run a google search for this or not (since you said it's sporadic and not every time), but there is an article here on removing the problem. Given what you've said, the first thing I would suggest is to check the HOSTS file, as stated in that article.

Huh, Adblock works with Chrome. Nice. I think I like Chrome, especially with the FasterChrome extension...

Aside from that, the HOSTS thing didn't help, and the automatic updates are still screwed. At least Avira turned itself back on.

I did a Spybot S&D scan and found two bugs in the registry that turned off antivirus and firewall. Yikes. Killed those. Think I'll turn the computer to safe mode and scan again with Rkill too, though.

Suggestions? Ideas?

Oh yeah, is it a bad thing if there's an iexplore.exe process running, even if you DON'T have Internet Explorer up and running? I'm suspecting yes...

I hate to sound like a stereotypical computer geek, but have you considered the possibility that you might do better with an alternative OS?

Yes. That's not really an option right now, though.

Chrome is a fucking huge resource hog...

I can't begin to imagine what problems you'd have migrating to Linux that could be worse than this, but fair enough. My second choice after that would be a complete reinstall of your current OS, and this time install a competent anti-virus program and firewall before anything else, even Firefox.

I've also have version 3.6.16 and adblock plus works perfectly.

On my in-laws computer they just had a virus similar to the OP. It downloaded a fake anti-virus program called MS Removal Tools and tried to get us to sign up for their service for something like 40 to 60 dollars. Couldn't run anything and it kept saying that it was infected.

It also redirected websearches but I managed to download Combofix (man, do I love Combofix) and rebooted the computer into safe-mode. From there I renamed Combofix since some viruses would target it and the program worked like a charm. After about half in hour total, the computer is now clean.