Hello, Ron, it's a site called LinksBuck and it pops up all over the place where it's not wanted. I'd never even heard of it, but it seems almost like a virus, popping up when you are trying to get something else. There seem to be quite a few entries on Google on how to get rid of the thing, but they all look very computerish, and I felt the need of a reliable hand to hold!
Computer OS: Windows VistaBrowser: ChromeWhat have you tried so far?: Checking Google to see whther there was an easy way to get rid of the thing. It even popped up in the middle of McAfee when I was trying to see whether it was on its list of viruses.
You are most kind.
Let me look into that for you and I will see what we can do to get rid of it.
I have a few things to finish up, but it shouldn't take me more than an hour or two at the most to get back to you.
You were absolutely correct about it being an infection like a virus known as a browser hijacker. It is considered a malware.
I am just now installing and testing a removal tool for you. Not that I have a hijacker to remove, just to see if it is a legitimate product.
Thanks. I've got Superantispyware and I'm currently running it to see what I can find. I may not be around for another hour or two, but never mind, I can take it up tomorrow night.
I too have several spyware removal tools, but they claim that this one is hard to locate and requires this spyhunter to remove it.
Spyhunter, is that the name of a particular program?
I am running it now and it has found two that my others have not found.
I must admit that my firefox just started allowing popup when it shouldn't and I hadn't started to address the problem. I guess this Spyhunter just did.
You just might want to try this. Here is a link to the page with the virus/malware description and a link for the software is there.http://www.2-viruses.com/remove-linkbucks-redirect
I am going to get to those things that I put off to get this info to you first. I will be back in a little over an hour if you need me.
Just to let you know, that Spyhunter will locate the problems and tell you what they are and where, but you remove them yourself or pay for the program for it to remove them for you.
I am looking into other ways to locate and remove this manually. Let me know if your malware antispyware was able to remove it so I don't keep researching this thing. Thanks, Ron.
I think I have a pretty good idea now of how to remove file alterations that this thing has made. I can see why you would want some guidance with this mess. I think we should do this together so I can walk you through the steps.
I honestly don't think the spyware programs can remove this. I will keep an eye out for you so we can continue together, Ron.
Tony, try disabling any unverified add ons in your browsers. What I mean by that is if you look at your list of add ons for each browser, check the properties of each one. If any are not verified by microsoft, disable them and see if the problem corrects itself. Let me know if you have any good results.
Hello, Ron, Superantispyware removed a few things, so I'm having a look to see whether the problem reoccurs. If it does, clearly I haven't succeeded, and as Big Arnie said - AH'LL BE BACK...
I'll be waiting. If it didn't kill it, we can look at your host file and see if the thing has added entries to it that would redirect your browsers.
I just thought I would check in and see how things are. Have you eliminated the hijacker?
Put it this way, Ron, I haven't had any problems (so far) this evening, but then I've not been on the computer a lot.
I did like the look of your spyware program, so I bought it - do you get a commission for that?
No, I just suggested that as my recommendation. Glad you approved! I am only compensated for ratings of o.k. or better on this site.
I hope this is just a visit, not a relapse.
Well, you'll certainly get that. Let me try a little longer and see if it returns, and I'll get back to you tomorrow night.
Great, I do have the host we can check if it returns.
CompTIA A+ Certified IT Technician
Hello, Ron, I noticed that I still have the problem on my work computer. I put Spyhunter on the job and it found 4 ATLAS DMT infections. Which it got rid of - it said. However, when I relaunched and reran the scan, I found that they're still there! Now I don't know whether they have anything to do with my problem, but it's disturbing that things allegedly removed aren't - or is this whateveritis particularly virulent?
Tony, that Spyhunter is almost too good. I am not sure where it tells you, I think it is mentioned in the description of the infection, but that thing finds infected cookies that once removed the system may replace them and it just tells you that once they pop back up, let the Spyhunter remove them again. I have three or four that keep showing up, but it seems to protect me from them even though they return. I will look up that particular one and let you know what is up with it, Ron.
OK, Ron, I still have problems. The LinkBucks came back again and I couldn't get into Hotmail via Google, because it came up every time (I had to resort to writing this via Microsoft Outlook). At least McAfee now recognises it as dubious and blocks it, but that doesn't get rid of it.
I had a late night again and just woke up. I think I told you that I didn't think that it could be removed by a program. I mentioned that we can look at your host file, there are registry entries that this thing makes also. I need a little time to type up a list of things to check and remove. I will get on it now and will send an update shortly. I want to give you a couple things at one time to save us sending notes back and fourth for each process.
I had to eat something, I haven't forgot you. I seem to be the international technician. In a way it is an ego boost that nearly all of my customers are not located in the USA, but it makes for some strange hours. I am taking the day off to concentrate on this for you and I need a break. I just finished breakfast and will start on your list.Thanks, Ron.
This thing has several things involved that it uses, first look at the task manager and if you see a process called random.exe, end it. That should disable it for the moment and allow access for you while I continue to write up the manual removal procedures.
No, no random.exe visible. Anyway, my wife has been doing some editing of documents tonight, so I've only just got on, and I'm off to bed. Till tomorrow night!
I had my system go down and had to restore everything. I lost my bookmarks to my sources that had the information I needed for you. No worries though, by the time you wake I will have everything for you. Just wanted to leave a note in case you couldn't sleep and wanted to check you email for my message.
Let's start with what I first mentioned. I need you to look at the host file. Here is where it is located, Hosts file resides on C:\Windows\System32\Drivers\etc\hosts. Open the file using the notepad. It should ask what to open it with. Select use a program loaded on your system and pick the notepad. When it opens, there will be an example followed by the address of 127.0.0.1 if you have any entries after that, let me know what they are and I will let you know if they need to be removed. I was going to give you other steps, but I would rather just start with this.
If you see nothing after that entry, you can check the registry for the following entries and delete them.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\randomHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ Linkbucks.com
To edit the registry you need to select start and type regedit.exe and in the list you will see that entry. Right click and run as administrator.
If you have entries after the 127.0.0.1 they should be removed. Some spyware will put entries also, but they all need to be removed. I told you in an earlier message to let me know and I would advise, but if you can't wait, as I stated above they all should be removed after the first entry.
Hello, Ron, quick note before I disappear until later in the afternoon (our time). I got to the "hosts", but it wouldn't open. It also says that it was last modified on September 18, 2006. I presume that means that we can discount it?
Hello, Ron, found it! (It was hidden behind the e-mail window). Here's what it said:
This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## XXXXX file contains the mappings of IP addresses to host names. Each# XXXXX should be kept on an individual line. The IP address should# XXXXX placed in the first column followed by the corresponding host name.# XXXXX IP address and the host name should be separated by at least one# XXXXX## XXXXX comments (such as these) may be inserted on individual# XXXXX or following the machine name denoted by a '#' symbol.## XXXXX example:## XXXXX rhino.acme.com # XXXXX server# XXXXX x.acme.com # XXXXX client host
Hello, Ron, further info:
1. There was no "random" entry
2. There was no "Linkbucks" entry in current version\run
Hello Tony, it sounds like your not having much luck. Is any of this information helping you?
Told you! Computers and I don't interface very well - if there's a thorny problem, I will find it. I offered my services to the IT department of my company, but, no, they'd rather do it the old-fashioned way.
Well, so far we're not having much joy, are we? I haven't been able to find any of these things you mention, which to me suggests monumental incompetence on my part. What am I missing? - apart from brains, of course (can't do anything about that, I'm afraid).
My friend, you aren't missing brains what so ever! This this just is a bitch. When I first started to look at it, as you indicated, there is a great deal of info. out there. I know I commented that this thing doesn't look like it could be easily removed. If you want to put the IT department in their place, let them try and figure this one out. The things I asked you to look for are the possibilities of where it would hide. The host file gives that example followed by the 127.0.0.1. Anything after that could be put there by the hijacker. I wouldn't consider the date myself. I would remove it and make note to be able and put it back if it was something useful. If you didn't have the random.exe running, you wouldn't have that in the registry either. I will continue to research this thing for other possibilities. I would love to know what your IT department can do about this thing. Again, don't beat yourself up over this. You just happened to get a really tough one to get rid of.
OK, ol' bean, i look forward to your further ideas. If nothing else, this may enable you to help some other poor sod!
Don't take this wrong, but I don't care about some poor sod, I am concerned about you. I won't give up. I love a good challenge.
I haven't had much luck yet finding another solution, but if you are part of a network it could be hiding within that network. Clearly you had it removed at one point, and its return makes me wonder if it is hiding elsewhere. Have you let the IT department try to find a solution?
Hello, Ron, my IT department is me! (Now, if that isn't a worry, I don't know what is). The IT Department to which I refer is that of a major company in Switzerland for which I worked until recent retirement and for which I am now a consultant in my field (patent attorney). The computer systems affected are not the Company's but my home system (Vista) and my office system (7).
You nut, so both are your systems. Please explain what is happening. I know it seemed like it was gone and came back. Perhaps some details could lead me to a solution.
Sorry to be confusing, ol' bean (I confuse myself at times, and I'm frightened to ask the family what I do to them). Well, whatever happened, today, I've been completely LinksBuck-free. Certainly I've been on and off the Internet all day down at the office, and not a single LinksBuck. So perhaps all the assaulting with your Spy detector program has worked (It certainly does dig out a few things). Here at home, all quiet on the Western Front. So, if it remains thus until tomorrow night, I think (hope) we can draw a line under this one. Your patience and fortitude in the face of overwhelming odds are much appreciated!
You certainly make my day every time we chat or email in this case. Always a pleasure, so I will await hearing from you in the future. I have to laugh, I haven't even purchased that program. I use the free version and remove things myself. I must admit, it does find things that don't pose a threat, it just lets you know they are there. If you read some of the notes, it will tell you that there are cookies that are used to track your preferences, like for netflix for the movies you are watching to give you choices based on your likes and dislikes. They are no threat and are only used by that site.Anyway, best of luck and enjoy your night.Ron.
Hello, Ron, well, it seems to have taken itself off somewhere else, so I think we can tentatively draw a line under this one and pay you some money! So, bring up the smileys!
You make me laugh every time I hear from you!!! You are too kind, but that was done when you accepted. I don't know why this question didn't have the same rating system unless it is because it was a direct question to myself. If you feel I deserve a bonus, you should be able to add that. It certainly is not necessary. Just working with you is a bonus.
Aha, so you've actually been paid for all this mucking about then? Good stuff! And until the next time (with total lame-brain computer illiterates such as myself, next times have a certain inevitability...)
Yes Tony, it goes into this months earnings. Until we meet again.
Hey, Ron, ready for your next Mission Impossible? I'm being driven mad (actually the truth is that I'm within easy walking distance) by Flash Player crashing on Firefox. It's version 11.4.402.265. There's a later version, but when I try to download this, I get a message "The user does not have sufficient privileges to install Adobe Flash Player". Eh? Since when does one need privileges to download Flash Player, for goodness' sake? And how did I lose these mythological principles? (And how do I get them back?)
Tony, I have missed you. Remember, each time you have a next question for me you need to enter it in that question box in my feedback area where it is then directed to me as before. Here is that link again if you need it...http://www.justanswer.com/computer/expert-pc-rbrown1233/.Thanks, Ron