Had a look at a PC that was not updating AVG free, or letting you get to any anti-virus or anti-spyware websites.
Manually downloaded and updated AVG and Spybot - Spybot found fraud.pchealth and a couple of other gremlins, but AVG would still not update.
When I googled something and clicked on the link, a new tab opened in Firefox and it went to another search page - the links appeared to be going via go.google.com
Checked hosts files, tcp/ip settings, proxy settings, dns settings. Ran Hijackthis and Spybot again, but still nothing, but still problems with browser forwards, and AVG failing to complete a scan as the services would stop then restart when a scan was initiated.
Finally googled go.google.com and found a link on the techguy.org website:
http://forums.techguy.org/malware-removal-hijackthis-logs/746850-go-google-redirect-virus.html
Followed these instructions
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
which then ran, found some rootkits, rebooted, and continued scanning and then removed the rest of the virus - tdssserver from memory (i'll get a copy of the fix log)
Rebooted and then downloaded malwarebytes.org and ran that - left the user with orders to run superantispyware and AVG after malwarebytes had finished running; AVG found a trojan within a couple of minutes and deleted it.
No comments:
Post a Comment