How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask The A+ PCTech Your Own Question

The A+ PCTech
The A+ PCTech, PC Specialist
Category: Computer
Satisfied Customers: 443
Experience:  CompTIA A+ Certified IT Technician
Type Your Computer Question Here...
The A+ PCTech is online now
A new question is answered every 9 seconds

Hello, Ron, its a site called LinksBuck and it pops up all

Customer Question

Hello, Ron, it's a site called LinksBuck and it pops up all over the place where it's not wanted. I'd never even heard of it, but it seems almost like a virus, popping up when you are trying to get something else. There seem to be quite a few entries on Google on how to get rid of the thing, but they all look very computerish, and I felt the need of a reliable hand to hold!
Submitted: 1 year ago.
Category: Computer
Expert:  The A+ PCTech replied 1 year ago.

The A+ PCTech :

You are most kind.


 

The A+ PCTech :

Let me look into that for you and I will see what we can do to get rid of it.


 

The A+ PCTech :

I have a few things to finish up, but it shouldn't take me more than an hour or two at the most to get back to you.


 

The A+ PCTech :

You were absolutely correct about it being an infection like a virus known as a browser hijacker. It is considered a malware.


 

The A+ PCTech :

I am just now installing and testing a removal tool for you. Not that I have a hijacker to remove, just to see if it is a legitimate product.

Customer :

Thanks. I've got Superantispyware and I'm currently running it to see what I can find. I may not be around for another hour or two, but never mind, I can take it up tomorrow night.


 


Regards, Tony

The A+ PCTech :

I too have several spyware removal tools, but they claim that this one is hard to locate and requires this spyhunter to remove it.


 

Customer :

Spyhunter, is that the name of a particular program?

The A+ PCTech :

Yes.


 

The A+ PCTech :

I am running it now and it has found two that my others have not found.

The A+ PCTech :

I must admit that my firefox just started allowing popup when it shouldn't and I hadn't started to address the problem. I guess this Spyhunter just did.

The A+ PCTech :

You just might want to try this. Here is a link to the page with the virus/malware description and a link for the software is there.http://www.2-viruses.com/remove-linkbucks-redirect

The A+ PCTech :

I am going to get to those things that I put off to get this info to you first. I will be back in a little over an hour if you need me.

The A+ PCTech :

Just to let you know, that Spyhunter will locate the problems and tell you what they are and where, but you remove them yourself or pay for the program for it to remove them for you.

The A+ PCTech :

I am looking into other ways to locate and remove this manually. Let me know if your malware antispyware was able to remove it so I don't keep researching this thing. Thanks, Ron.


 

The A+ PCTech :

I think I have a pretty good idea now of how to remove file alterations that this thing has made. I can see why you would want some guidance with this mess. I think we should do this together so I can walk you through the steps.


 

The A+ PCTech :

I honestly don't think the spyware programs can remove this. I will keep an eye out for you so we can continue together, Ron.


 

The A+ PCTech :

Tony, try disabling any unverified add ons in your browsers. What I mean by that is if you look at your list of add ons for each browser, check the properties of each one. If any are not verified by microsoft, disable them and see if the problem corrects itself. Let me know if you have any good results.


 

Customer :

Hello, Ron, Superantispyware removed a few things, so I'm having a look to see whether the problem reoccurs. If it does, clearly I haven't succeeded, and as Big Arnie said - AH'LL BE BACK...

The A+ PCTech :

I'll be waiting. If it didn't kill it, we can look at your host file and see if the thing has added entries to it that would redirect your browsers.


 

The A+ PCTech :

I just thought I would check in and see how things are. Have you eliminated the hijacker?


 

Customer :

Put it this way, Ron, I haven't had any problems (so far) this evening, but then I've not been on the computer a lot.


I did like the look of your spyware program, so I bought it - do you get a commission for that?

Customer :

 


 

The A+ PCTech :

No, I just suggested that as my recommendation. Glad you approved! I am only compensated for ratings of o.k. or better on this site.


 

The A+ PCTech :

Hello.


 

The A+ PCTech :

I hope this is just a visit, not a relapse.


 

Customer :

Well, you'll certainly get that. Let me try a little longer and see if it returns, and I'll get back to you tomorrow night.

The A+ PCTech :

Great, I do have the host we can check if it returns.


 

The A+ PCTech, PC Specialist
Category: Computer
Satisfied Customers: 443
Experience: CompTIA A+ Certified IT Technician
The A+ PCTech and 20 other Computer Specialists are ready to help you
Customer: replied 1 year ago.

Hello, Ron, I noticed that I still have the problem on my work computer. I put Spyhunter on the job and it found 4 ATLAS DMT infections. Which it got rid of - it said. However, when I relaunched and reran the scan, I found that they're still there! Now I don't know whether they have anything to do with my problem, but it's disturbing that things allegedly removed aren't - or is this whateveritis particularly virulent?

Expert:  The A+ PCTech replied 1 year ago.

Tony, that Spyhunter is almost too good. I am not sure where it tells you, I think it is mentioned in the description of the infection, but that thing finds infected cookies that once removed the system may replace them and it just tells you that once they pop back up, let the Spyhunter remove them again. I have three or four that keep showing up, but it seems to protect me from them even though they return. I will look up that particular one and let you know what is up with it, Ron.

Customer: replied 1 year ago.

OK, Ron, I still have problems. The LinkBucks came back again and I couldn't get into Hotmail via Google, because it came up every time (I had to resort to writing this via Microsoft Outlook). At least McAfee now recognises it as dubious and blocks it, but that doesn't get rid of it.

Expert:  The A+ PCTech replied 1 year ago.
I had a late night again and just woke up. I think I told you that I didn't think that it could be removed by a program. I mentioned that we can look at your host file, there are registry entries that this thing makes also. I need a little time to type up a list of things to check and remove. I will get on it now and will send an update shortly. I want to give you a couple things at one time to save us sending notes back and fourth for each process.
Expert:  The A+ PCTech replied 1 year ago.
I had to eat something, I haven't forgot you. I seem to be the international technician. In a way it is an ego boost that nearly all of my customers are not located in the USA, but it makes for some strange hours. I am taking the day off to concentrate on this for you and I need a break. I just finished breakfast and will start on your list.

Thanks, Ron.
Expert:  The A+ PCTech replied 1 year ago.
This thing has several things involved that it uses, first look at the task manager and if you see a process called random.exe, end it. That should disable it for the moment and allow access for you while I continue to write up the manual removal procedures.
Customer: replied 1 year ago.

No, no random.exe visible. Anyway, my wife has been doing some editing of documents tonight, so I've only just got on, and I'm off to bed. Till tomorrow night!

Expert:  The A+ PCTech replied 1 year ago.
I had my system go down and had to restore everything. I lost my bookmarks to my sources that had the information I needed for you. No worries though, by the time you wake I will have everything for you. Just wanted to leave a note in case you couldn't sleep and wanted to check you email for my message.
Expert:  The A+ PCTech replied 1 year ago.

Let's start with what I first mentioned. I need you to look at the host file. Here is where it is located, Hosts file resides on C:\Windows\System32\Drivers\etc\hosts. Open the file using the notepad. It should ask what to open it with. Select use a program loaded on your system and pick the notepad. When it opens, there will be an example followed by the address of 127.0.0.1 if you have any entries after that, let me know what they are and I will let you know if they need to be removed. I was going to give you other steps, but I would rather just start with this.

 

If you see nothing after that entry, you can check the registry for the following entries and delete them.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ Linkbucks.com

 

To edit the registry you need to select start and type regedit.exe and in the list you will see that entry. Right click and run as administrator.

Expert:  The A+ PCTech replied 1 year ago.
If you have entries after the 127.0.0.1 they should be removed. Some spyware will put entries also, but they all need to be removed. I told you in an earlier message to let me know and I would advise, but if you can't wait, as I stated above they all should be removed after the first entry.
Customer: replied 1 year ago.

Hello, Ron, quick note before I disappear until later in the afternoon (our time). I got to the "hosts", but it wouldn't open. It also says that it was last modified on September 18, 2006. I presume that means that we can discount it?

Customer: replied 1 year ago.

Hello, Ron, found it! (It was hidden behind the e-mail window). Here's what it said:


 


This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# XXXXX file contains the mappings of IP addresses to host names. Each
# XXXXX should be kept on an individual line. The IP address should
# XXXXX placed in the first column followed by the corresponding host name.
# XXXXX IP address and the host name should be separated by at least one
# XXXXX
#
# XXXXX comments (such as these) may be inserted on individual
# XXXXX or following the machine name denoted by a '#' symbol.
#
# XXXXX example:
#
# XXXXX rhino.acme.com # XXXXX server
# XXXXX x.acme.com # XXXXX client host


 

Customer: replied 1 year ago.

Hello, Ron, further info:


 


1. There was no "random" entry


 


2. There was no "Linkbucks" entry in current version\run

Expert:  The A+ PCTech replied 1 year ago.
Hello Tony, it sounds like your not having much luck. Is any of this information helping you?
Customer: replied 1 year ago.

Told you! Computers and I don't interface very well - if there's a thorny problem, I will find it. I offered my services to the IT department of my company, but, no, they'd rather do it the old-fashioned way.


 


Well, so far we're not having much joy, are we? I haven't been able to find any of these things you mention, which to me suggests monumental incompetence on my part. What am I missing? - apart from brains, of course (can't do anything about that, I'm afraid).

Expert:  The A+ PCTech replied 1 year ago.
My friend, you aren't missing brains what so ever! This this just is a bitch. When I first started to look at it, as you indicated, there is a great deal of info. out there. I know I commented that this thing doesn't look like it could be easily removed. If you want to put the IT department in their place, let them try and figure this one out.

The things I asked you to look for are the possibilities of where it would hide. The host file gives that example followed by the 127.0.0.1. Anything after that could be put there by the hijacker. I wouldn't consider the date myself. I would remove it and make note to be able and put it back if it was something useful. If you didn't have the random.exe running, you wouldn't have that in the registry either.

I will continue to research this thing for other possibilities. I would love to know what your IT department can do about this thing. Again, don't beat yourself up over this. You just happened to get a really tough one to get rid of.
Customer: replied 1 year ago.

OK, ol' bean, i look forward to your further ideas. If nothing else, this may enable you to help some other poor sod!

Expert:  The A+ PCTech replied 1 year ago.
Don't take this wrong, but I don't care about some poor sod, I am concerned about you. I won't give up. I love a good challenge.
Expert:  The A+ PCTech replied 1 year ago.
I haven't had much luck yet finding another solution, but if you are part of a network it could be hiding within that network. Clearly you had it removed at one point, and its return makes me wonder if it is hiding elsewhere. Have you let the IT department try to find a solution?
Customer: replied 1 year ago.

Hello, Ron, my IT department is me! (Now, if that isn't a worry, I don't know what is). The IT Department to which I refer is that of a major company in Switzerland for which I worked until recent retirement and for which I am now a consultant in my field (patent attorney). The computer systems affected are not the Company's but my home system (Vista) and my office system (7).

Expert:  The A+ PCTech replied 1 year ago.
You nut, so both are your systems. Please explain what is happening. I know it seemed like it was gone and came back. Perhaps some details could lead me to a solution.
Customer: replied 1 year ago.

Sorry to be confusing, ol' bean (I confuse myself at times, and I'm frightened to ask the family what I do to them). Well, whatever happened, today, I've been completely LinksBuck-free. Certainly I've been on and off the Internet all day down at the office, and not a single LinksBuck. So perhaps all the assaulting with your Spy detector program has worked (It certainly does dig out a few things). Here at home, all quiet on the Western Front. So, if it remains thus until tomorrow night, I think (hope) we can draw a line under this one. Your patience and fortitude in the face of overwhelming odds are much appreciated!

Expert:  The A+ PCTech replied 1 year ago.
You certainly make my day every time we chat or email in this case. Always a pleasure, so I will await hearing from you in the future.

I have to laugh, I haven't even purchased that program. I use the free version and remove things myself. I must admit, it does find things that don't pose a threat, it just lets you know they are there. If you read some of the notes, it will tell you that there are cookies that are used to track your preferences, like for netflix for the movies you are watching to give you choices based on your likes and dislikes. They are no threat and are only used by that site.

Anyway, best of luck and enjoy your night.

Ron.
Customer: replied 1 year ago.

Hello, Ron, well, it seems to have taken itself off somewhere else, so I think we can tentatively draw a line under this one and pay you some money! So, bring up the smileys!

Expert:  The A+ PCTech replied 1 year ago.
You make me laugh every time I hear from you!!! You are too kind, but that was done when you accepted. I don't know why this question didn't have the same rating system unless it is because it was a direct question to myself. If you feel I deserve a bonus, you should be able to add that. It certainly is not necessary. Just working with you is a bonus.
Customer: replied 1 year ago.

Aha, so you've actually been paid for all this mucking about then? Good stuff! And until the next time (with total lame-brain computer illiterates such as myself, next times have a certain inevitability...)

Expert:  The A+ PCTech replied 1 year ago.

Yes Tony, it goes into this months earnings. Until we meet again.

Customer: replied 1 year ago.

Hey, Ron, ready for your next Mission Impossible? I'm being driven mad (actually the truth is that I'm within easy walking distance) by Flash Player crashing on Firefox. It's version 11.4.402.265. There's a later version, but when I try to download this, I get a message "The user does not have sufficient privileges to install Adobe Flash Player". Eh? Since when does one need privileges to download Flash Player, for goodness' sake? And how did I lose these mythological principles? (And how do I get them back?)

Expert:  The A+ PCTech replied 1 year ago.
Tony, I have missed you. Remember, each time you have a next question for me you need to enter it in that question box in my feedback area where it is then directed to me as before. Here is that link again if you need it...http://www.justanswer.com/computer/expert-pc-rbrown1233/.

Thanks,

Ron

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
< Last | Next >
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
  • I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you! RP Austin, TX
  • Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill Bill M. Schenectady, New York
  • The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you! Frank Canada
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
 
 
 

Meet The Experts:

 
 
 
  • Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
< Last | Next >
  • http://ww2.justanswer.com/uploads/EN/Engineer1010/2012-6-9_132423_jaj12a.64x64.jpg Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
  • http://ww2.justanswer.com/uploads/BA/barrenrock/2011-10-19_215925_JamesJAFinal.64x64.jpg James's Avatar

    James

    Sr. Computer Support Expert

    Satisfied Customers:

    8376
    20 years of experience building, fixing and servicing PCs and operating systems.
  • http://ww2.justanswer.com/uploads/zeyank/2009-09-26_154244_P8110079.png Ryan H.'s Avatar

    Ryan H.

    Computer Support Specialist

    Satisfied Customers:

    1741
    A+ Certified Technician - 10 Years experience working with all types of computer systems.
  • http://ww2.justanswer.com/uploads/JA/jadedangel57/2011-11-8_193134_janenewsm.64x64.jpg Jane Lefler's Avatar

    Jane Lefler

    Sr Prog Analyst / Technician

    Satisfied Customers:

    0
    Computer Programmer / Technician/ Consultant 16+ years
  • http://ww2.justanswer.com/uploads/RO/robmpreston/2013-9-23_233814_mijiFZm.64x64.jpg RPI Solutions's Avatar

    RPI Solutions

    Support Specialist

    Satisfied Customers:

    3476
    5+ Years in IT, BS in Computer Science
  • http://ww2.justanswer.com/uploads/BA/barunrath/2012-7-5_201954_Profilepic2.64x64.jpg B. Rath's Avatar

    B. Rath

    Computer Support Specialist

    Satisfied Customers:

    8671
    Certified Computer/Networking Support Specialist.
  • http://ww2.justanswer.com/uploads/FS/fszcze/2012-6-18_181848_500test.64x64.jpg Frederick S.'s Avatar

    Frederick S.

    Computer Specialist

    Satisfied Customers:

    7240
    Computer technician and founder of a home PC repair company.