What addware or virus is on my computer?

[ARMs]

Whenever I use a search engine and I search for something the page shows up showing me the links i can go to.   But when ever i click on the link it redirects me to porn or other add sites.   I have to click it 3 times going back and forth before it goes to the correct site.

I tried using Avast! anti-virus program which is up to date and SpyBot, and adaware to elimate this problem, but it never goes away.   This is happening on both Firefox and Internet Explore.    I also tried looking in task manager but I don't see anything suspicious.

[obesebear]

Hmmm.  I've used Ad-Aware Personal, AVG Anti-Virus, Spyware Doctor, and CCleaner to kill any and all problems I've had on my computers.  To get full use of Spyware Doctor, you have to buy it, but it's good!  If this doesn't fix it... you may as well sell your computer   

[yoshi314]

does your browser always automatically redirect you to the same search engine site? i remember something like that from my colleague's pc (in his case browser would always open msn.com). it was blaster or similar worm.

what you should do :
- try pressing ctrl+alt+del . if the process manager window doesn't show up - it's one of those "clever" bastards.

open regedit.exe and go to HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run and
HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
and check what's launching on startup. there might be suspicious processes as c:\windows\system32\explorer32.exe (which definitely should NOT be there, as windows explorer is c:\windows\explorer.exe) launched from suspicious dirs or exe files with weird names (e.g. 43576asdge.exe)

if you found the culprit try removing its entry from the registry. wait a few minutes and refresh.

if it's back  - you need a livecd or a separate pc. try using some linux livecd to scan your hdd or manually remove the offending file. no other way around that i guess (you can also use winPE disk if you have one).

If this doesn't fix it... you may as well sell your compute

i've been running linux since 2005 and i almost forgot about those nasty programs. there are os'es outside windows, you know.

[ARMs]

this adware is kinda wierd that its passes everything i tried.   I looked at the regedit and those folders has nothing suspicious.  Maybe its something that starts up when interet explorer or firefox starts up?

Just today morning i used avast! to scan my c drive and it picked up some trojan and I had it move to chests by the programs recommendations.   Then i used adaware and spybot to scan and remove any problems it can find.   Then i delete all temp files and cookies from explorer and firefox.   afterwards i restarted.    first thing i did was open internet explorer and tested it out.   My first try and it went to the site i wanted it to.   I then pushed the back button and rested it a few times and it went to the correct sites without going into any ad sites.   So i closed explorer and i tried it again and the problem accured again.

[ChaosControl]

This works everythime:
Format c:\ /q

[ARMs]

yeah i know that works.   But i really dont' want to do that long process every single time something comes up.   I've done that too many times and am sick and tired of it.   Its not too bad right nwo it only effects my internet search engines.

[ChaosControl]

yeah i know that works.   But i really dont' want to do that long process every single time something comes up.   I've done that too many times and am sick and tired of it.   Its not too bad right nwo it only effects my internet search engines.

Wow, I can't believe that if that happened a lot and you had to format a lot, you didn't make an image. Which is like restoring a comp in 5 min.

[ARMs]

Don't know how you would make an image.

[L. Spiro]

Disable all browser plug-ins.
Turn off Java Script and all ActiveX controls.

Since it works in both of your browsers I doubt this will fix it.  Sounds as though it is a DLL set to be injected into every process at start-up.


If you are using Windows®:

http://memoryhacking.com/download.php
#1: This can see processes running on your computer even if they hide themselves and do not appear in Task Manager.  Your first task should be to look through the File/Open Process/All list to see if any processes look strange or if there are any <unknown> processes.  You will see 3 <unknown>’s followed by a single process name (while every other process simply has 4 process names).  These are processes trying to hide themselves.  If MHS is started before the hidden process it is always guaranteed to be in the All list.

#2: While browsing the list of processes, check window names.  Look for AutoIt v3 specifically.  It may be msnmsgr.exe or any other normal process name, but actually it is an AutoIt v3 virus that has come out lately in various forms.  You may not have this, but using this as an example you should examine the titles of all the windows carefully to be sure they are what they should be.

#3: If you can not find a suspicious process, double-click your browser in the list of processes to open it with MHS.  Once MHS is attached to your browser, press Ctrl-D to open the Disassembler.  In the Helper window (which is floating at first), you will find an Exports tab. This lists all modules loaded by your browser.  Scan this list for oddly named DLL files that shouldn’t be there.  If you find one, you can search your drive for it and delete it, or you can enter the file name (including the dot and extension) and try to search for more information on it through Google (assuming you have a way to do that, seeing as that is what is bugged for you right now).


L. Spiro

[ChaosControl]

Don't know how you would make an image.

Google is a start

[M0T]

I had this problem a few times before, and I tried a myriad of different tools to get rid of it.

In the end the only one that worked was HijackThis.