You are most kind.
Let me look into that for you and I will see what we can do to get rid of it.
I have a few things to finish up, but it shouldn't take me more than an hour or two at the most to get back to you.
You were absolutely correct about it being an infection like a virus known as a browser hijacker. It is considered a malware.
I am just now installing and testing a removal tool for you. Not that I have a hijacker to remove, just to see if it is a legitimate product.
Thanks. I've got Superantispyware and I'm currently running it to see what I can find. I may not be around for another hour or two, but never mind, I can take it up tomorrow night.
I too have several spyware removal tools, but they claim that this one is hard to locate and requires this spyhunter to remove it.
Spyhunter, is that the name of a particular program?
I am running it now and it has found two that my others have not found.
I must admit that my firefox just started allowing popup when it shouldn't and I hadn't started to address the problem. I guess this Spyhunter just did.
You just might want to try this. Here is a link to the page with the virus/malware description and a link for the software is there.http://www.2-viruses.com/remove-linkbucks-redirect
I am going to get to those things that I put off to get this info to you first. I will be back in a little over an hour if you need me.
Just to let you know, that Spyhunter will locate the problems and tell you what they are and where, but you remove them yourself or pay for the program for it to remove them for you.
I am looking into other ways to locate and remove this manually. Let me know if your malware antispyware was able to remove it so I don't keep researching this thing. Thanks, Ron.
I think I have a pretty good idea now of how to remove file alterations that this thing has made. I can see why you would want some guidance with this mess. I think we should do this together so I can walk you through the steps.
I honestly don't think the spyware programs can remove this. I will keep an eye out for you so we can continue together, Ron.
Tony, try disabling any unverified add ons in your browsers. What I mean by that is if you look at your list of add ons for each browser, check the properties of each one. If any are not verified by microsoft, disable them and see if the problem corrects itself. Let me know if you have any good results.
Hello, Ron, Superantispyware removed a few things, so I'm having a look to see whether the problem reoccurs. If it does, clearly I haven't succeeded, and as Big Arnie said - AH'LL BE BACK...
I'll be waiting. If it didn't kill it, we can look at your host file and see if the thing has added entries to it that would redirect your browsers.
I just thought I would check in and see how things are. Have you eliminated the hijacker?
Put it this way, Ron, I haven't had any problems (so far) this evening, but then I've not been on the computer a lot.
I did like the look of your spyware program, so I bought it - do you get a commission for that?
No, I just suggested that as my recommendation. Glad you approved! I am only compensated for ratings of o.k. or better on this site.
I hope this is just a visit, not a relapse.
Well, you'll certainly get that. Let me try a little longer and see if it returns, and I'll get back to you tomorrow night.
Great, I do have the host we can check if it returns.
Hello, Ron, I noticed that I still have the problem on my work computer. I put Spyhunter on the job and it found 4 ATLAS DMT infections. Which it got rid of - it said. However, when I relaunched and reran the scan, I found that they're still there! Now I don't know whether they have anything to do with my problem, but it's disturbing that things allegedly removed aren't - or is this whateveritis particularly virulent?
Tony, that Spyhunter is almost too good. I am not sure where it tells you, I think it is mentioned in the description of the infection, but that thing finds infected cookies that once removed the system may replace them and it just tells you that once they pop back up, let the Spyhunter remove them again. I have three or four that keep showing up, but it seems to protect me from them even though they return. I will look up that particular one and let you know what is up with it, Ron.
OK, Ron, I still have problems. The LinkBucks came back again and I couldn't get into Hotmail via Google, because it came up every time (I had to resort to writing this via Microsoft Outlook). At least McAfee now recognises it as dubious and blocks it, but that doesn't get rid of it.
No, no random.exe visible. Anyway, my wife has been doing some editing of documents tonight, so I've only just got on, and I'm off to bed. Till tomorrow night!
Let's start with what I first mentioned. I need you to look at the host file. Here is where it is located, Hosts file resides on C:\Windows\System32\Drivers\etc\hosts. Open the file using the notepad. It should ask what to open it with. Select use a program loaded on your system and pick the notepad. When it opens, there will be an example followed by the address of 127.0.0.1 if you have any entries after that, let me know what they are and I will let you know if they need to be removed. I was going to give you other steps, but I would rather just start with this.
If you see nothing after that entry, you can check the registry for the following entries and delete them.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\randomHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ Linkbucks.com
To edit the registry you need to select start and type regedit.exe and in the list you will see that entry. Right click and run as administrator.
Hello, Ron, quick note before I disappear until later in the afternoon (our time). I got to the "hosts", but it wouldn't open. It also says that it was last modified on September 18, 2006. I presume that means that we can discount it?
Hello, Ron, found it! (It was hidden behind the e-mail window). Here's what it said:
This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## XXXXX file contains the mappings of IP addresses to host names. Each# XXXXX should be kept on an individual line. The IP address should# XXXXX placed in the first column followed by the corresponding host name.# XXXXX IP address and the host name should be separated by at least one# XXXXX## XXXXX comments (such as these) may be inserted on individual# XXXXX or following the machine name denoted by a '#' symbol.## XXXXX example:## XXXXX rhino.acme.com # XXXXX server# XXXXX x.acme.com # XXXXX client host
Hello, Ron, further info:
1. There was no "random" entry
2. There was no "Linkbucks" entry in current version\run
Told you! Computers and I don't interface very well - if there's a thorny problem, I will find it. I offered my services to the IT department of my company, but, no, they'd rather do it the old-fashioned way.
Well, so far we're not having much joy, are we? I haven't been able to find any of these things you mention, which to me suggests monumental incompetence on my part. What am I missing? - apart from brains, of course (can't do anything about that, I'm afraid).
OK, ol' bean, i look forward to your further ideas. If nothing else, this may enable you to help some other poor sod!
Hello, Ron, my IT department is me! (Now, if that isn't a worry, I don't know what is). The IT Department to which I refer is that of a major company in Switzerland for which I worked until recent retirement and for which I am now a consultant in my field (patent attorney). The computer systems affected are not the Company's but my home system (Vista) and my office system (7).
Sorry to be confusing, ol' bean (I confuse myself at times, and I'm frightened to ask the family what I do to them). Well, whatever happened, today, I've been completely LinksBuck-free. Certainly I've been on and off the Internet all day down at the office, and not a single LinksBuck. So perhaps all the assaulting with your Spy detector program has worked (It certainly does dig out a few things). Here at home, all quiet on the Western Front. So, if it remains thus until tomorrow night, I think (hope) we can draw a line under this one. Your patience and fortitude in the face of overwhelming odds are much appreciated!
Hello, Ron, well, it seems to have taken itself off somewhere else, so I think we can tentatively draw a line under this one and pay you some money! So, bring up the smileys!
Aha, so you've actually been paid for all this mucking about then? Good stuff! And until the next time (with total lame-brain computer illiterates such as myself, next times have a certain inevitability...)
Yes Tony, it goes into this months earnings. Until we meet again.
Hey, Ron, ready for your next Mission Impossible? I'm being driven mad (actually the truth is that I'm within easy walking distance) by Flash Player crashing on Firefox. It's version 11.4.402.265. There's a later version, but when I try to download this, I get a message "The user does not have sufficient privileges to install Adobe Flash Player". Eh? Since when does one need privileges to download Flash Player, for goodness' sake? And how did I lose these mythological principles? (And how do I get them back?)