Thread: Good program to get rid of REALLY shitty virus.

When I open up internet explorer 9 in Windows 7, my default browser is Google.com. When I open up internet explorer the address line says google.com but "Welcome to nginx!" is what is displayed. I can go to other pages but google.com won't work. I have Norton antivirus that is up to date and have ran it -- catches nothing. I've downloaded a couple of anti-malware programs suggested on yahoo.com considering the same virus but nothing works. I tried three programs, Windows Malware Detection or something like that, Another malware program, and Hijackthis. Nothing seems to work. Anybody seen this virus and dealt with it? Any good ideas of programs to run. Hijackthis is telling me to log in as admin so I have to create and admin user and try HiJackthis under the admin but not real confident it will work (having a few with a buddy and working slow). What are the new good programs I should be looking at, preferably freeware?

Edit: And I know you all have your favorite browser (ie. not IE) but this has been hitting most of the ones people use.

Clear your cache. And next time search the web. It's not a virus.

http://www.symantec.com/connect/foru...x-blocks-yahoo

Originally Posted by huckbucket

Clear your cache. And next time search the web. It's not a virus.

http://www.symantec.com/connect/foru...x-blocks-yahoo

Man I don't have Google but have been searching on Yahoo.com and have cleared my cache quite a few times. Give me a little credit.

Edit: I knew it was likely different than a regular virus such as malware given the internet responses I found but as long you know it's not a virus, what is it exactly? Also I took your advice and got the latest definitions. Is that the same as the definatitions they list on that page?

You did this?

Windows 7 and Windows Vista
Click Start , click Control Panel, click Network and Internet, and then click Internet Options.
Click the General tab, and then click Delete under Browsing history.
Click Delete all, click Yes to confirm that you want to delete this information, and then click OK.

Originally Posted by huckbucket

You did this?

Windows 7 and Windows Vista
Click Start , click Control Panel, click Network and Internet, and then click Internet Options.
Click the General tab, and then click Delete under Browsing history.
Click Delete all, click Yes to confirm that you want to delete this information, and then click OK.

Yah I just go to internet options and do that. I did that a bunch and also followed your way. Still the same thing and still the same result. And I also confirmed that I have admin properties so when hijackthis says I need admin properties as a possible reason its not working that can't be true either. I need to try one more thing.

Edit: I tried everything I could think of and what was suggested along with other stuff I found on my own. I know that page says it can be cleared via cache but definately can't. This is somehow making Google.com post "Welcome to nginx!" via taking google code hostage and just plain posting it or it's somehow redirecting to a page even though the page listed is google.com.

Time for beers. If you have any ideas that would be great. Tech geek power activate!!!!!

If huckbucket is right that it isn't a virus, try following the steps on this page:

http://support.microsoft.com/kb/972034

Basically you've got something running on your computer that is impeding normal DNS resolution and telling your browser the incorrect IP for well known sites in order to route traffic to a particular site. It could be that the entries are in your hosts file (c:\windows\system32\drivers\etc\hosts), but more likely there is some process running that you want to stop. Typically these types of processes launch at startup or logon. To see what programs are configured to start automatically, run this tool from Microsoft. I would focus on the Logon, Services, and Image Hijacks tabs. Typically a missing publisher attribute is a good sign of malicious software, but definitely do a bit of research before disabling anything you are unsure of.

http://technet.microsoft.com/en-us/s...rnals/bb963902

Quick question, is your homepage set to Google (originally)? Or is it when you use the search bar that you have the issue?

Edit: And for viruses try Lavasoft Adaware and Spybot found here and all offer free versions. I generally use a combination of these two plus Sophos to help keep BS at bay.


Adaware: http://www.lavasoft.com/

Spybot: http://www.safer-networking.org/index2.html

Originally Posted by reynolds.trailrun

Quick question, is your homepage set to Google (originally)? Or is it when you use the search bar that you have the issue?

Edit: And for viruses try Lavasoft Adaware and Spybot found here and all offer free versions. I generally use a combination of these two plus Sophos to help keep BS at bay.


Adaware: http://www.lavasoft.com/

Spybot: http://www.safer-networking.org/index2.html

Thanks and keep the ideas coming. YES I have google.com set as the default. I'll try everybodys ideas. Just might have to wait till after beer time. But thanks for all the answers and that have been introduced and all that anybody has to offer. I'm not usually stumped but I think this one is more in depth.

Edit: and cheers to Jubelale 2010!!!

I have always had good luck with malwarebytes as software to remove that junk.

Originally Posted by phatty

I have always had good luck with malwarebytes as software to remove that junk.

Unfortunately that was the other program that I tried. Thanks though.

Could be DNS issues, you have a bunch of computers out there infected with a Rootkit that takes over DNS and the FBI busted the ring. Hosts file should also be checked as mentioned. Can you do a tracert to Google.com or does it redirect or fail?

HiJackThis also is a package that scans and does a report of things found on your computer and if you do not know how to read the results and the next step for removing it is pretty difficult. It is not a package that the average user can run and have the problem fixed automatically.

I would try a software package called combofix. It is very powerful and not recommended that you use it unless you follow instructions of a trained person on one of the many ASAP (Alliance of Security Analysis Professionals) forums or knowledgeable malware removal sites bleepingcomputer.com forums. You can really mess up your computer and cause more problems if you do not know what you are doing!!

Have you tied to boot into safe mode and then do a scan? What about using one of the online scanners out there (ESET.com, Microsoft and some others will scan your system with offerings)

Superantispyware finds shit malwarebytes misses. Try that.

Holy fuck. Can we create a sticky thread that hovers over the US and Canada that says "AVG and Spybot"?
And stop using ie, you fucking dolt.

Sent from my cell phone. no, a cell phone.

I know little of computer stuff, but the free version of Advanced System Care has worked for me for quite a while:

http://download.cnet.com/Advanced-Sy...-10407614.html

Avast will do a boot time scan

Get a new computer

Lots of good suggestions. Nuclear option is to just back up all your stuff and do a clean install of windows. I'd only do that if none of the stuff already mentioned worked.

Something to be said for wiping everything and using Firefox from now on. Seriously, do a cost benefit.

Originally Posted by stuckathuntermtn

Holy fuck. Can we create a sticky thread that hovers over the US and Canada that says "AVG and Spybot"?
And stop using ie, you fucking dolt.

Sent from my cell phone. no, a cell phone.

Hey Douche... You realize you're the only douche who is all wound up. You know what that means? You're preobably the dumbest. Smarts don't follow an idiot. You realize anything you said to do was like 2001? You obviously arent too bright.

Well, good luck with that virus, then.

Sent from my cell phone. no, a cell phone.

Oh yeah. One other thing you could try is the system restore. Sometimes that works pretty well.
How long have you had the virus? Keep that approximate timeframe in mind.
Restart the computer and keep hitting f8 till you get boot options. Somewhere in there is the ability to pick a time to set your computer back to. You might even have the options for like, a week ago, two weeks ago, etc.
Doesn't always work, but it can.

Then, for the love of cake, don't use the following software: McAfee, Norton/Symantec, IE. This list is not all inclusive.
Sent from my cell phone. no, a cell phone.

Just one more.

I used Google Chrome until it slowed down and never loaded new pages at all. Tried all the suggested fixes and then moved on the Maxthon 3, which is not as streamlined as Chrome, but faster and has no hitches. Once you get things straightened out, it might be worth a try.

Originally Posted by stuckathuntermtn

Holy fuck. Can we create a sticky thread that hovers over the US and Canada that says "AVG and Spybot"?
And stop using ie, you fucking dolt.

Sent from my cell phone. no, a cell phone.

Hilarious. You call him a dolt for using IE, while you are saying to use AVG.

Laughable.

Oh, and for the op, try ccleaner