Had a look at a PC that was not updating AVG free, or letting you get to any anti-virus or anti-spyware websites.
Manually downloaded and updated AVG and Spybot - Spybot found fraud.pchealth and a couple of other gremlins, but AVG would still not update.
When I googled something and clicked on the link, a new tab opened in Firefox and it went to another search page - the links appeared to be going via go.google.com
Checked hosts files, tcp/ip settings, proxy settings, dns settings. Ran Hijackthis and Spybot again, but still nothing, but still problems with browser forwards, and AVG failing to complete a scan as the services would stop then restart when a scan was initiated.
Finally googled go.google.com and found a link on the techguy.org website:
http://forums.techguy.org/malware-removal-hijackthis-logs/746850-go-google-redirect-virus.html
Followed these instructions
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
which then ran, found some rootkits, rebooted, and continued scanning and then removed the rest of the virus - tdssserver from memory (i'll get a copy of the fix log)
Rebooted and then downloaded malwarebytes.org and ran that - left the user with orders to run superantispyware and AVG after malwarebytes had finished running; AVG found a trojan within a couple of minutes and deleted it.
2 October 2008
16 July 2008
Had a call to look at someone's PC - the BBC iPlayer wouldn't work, neither would internet banking, and McAfee Security Centre was blank when it loaded up.
I ran IE7 as administrator (Vista Home Basic) and it worked fine - tried this with McAfee as well and that also worked, so i thought it may have been a permissions issue.
Turned down IE7 security settings, but still nothing, so started Googling it...
Found this link on the McAfee site:
http://service.mcafee.com/FAQDocument.aspx?id=107121&lc=1033
And tried this part of it:
Rebooted just to make sure it still worked and all ok.
Not sure what caused it - whether a Java install got corrupted or something, but all sorted now.
I ran IE7 as administrator (Vista Home Basic) and it worked fine - tried this with McAfee as well and that also worked, so i thought it may have been a permissions issue.
Turned down IE7 security settings, but still nothing, so started Googling it...
Found this link on the McAfee site:
http://service.mcafee.com/FAQDocument.aspx?id=107121&lc=1033
And tried this part of it:
- Click Start and select Search.
- In the Search box, type CMD and click OK.
- In the Search results window, right-click CMD and select Run as Administrator.
- In the command prompt, type REGSVR32 JSCRIPT.DLL and press ENTER.
- After the confirmation message is displayed, type REGSVR32 VBSCRIPT.DLL and press ENTER.
Rebooted just to make sure it still worked and all ok.
Not sure what caused it - whether a Java install got corrupted or something, but all sorted now.
Subscribe to:
Posts (Atom)