Computer

For Online Computer Support, Ask a Computer Technician

Ask a Computer Expert,
Get an Answer ASAP!

This answer was rated:

I have a virus that is redirecting me from google to a variety…

I have a virus that...
I have a virus that is redirecting me from google to a variety of other sites (e.g. MosterMarketplace.com). I use Firefox, but this happens with IE as well. McAff is my virus protector but I have used ComboFix, Superantispyware and malwarebytes and they detect nothing. I use Windows XP . sp3.
Show More
Show Less
Ask Your Own Computer Question
Answered in 22 minutes by:
6/29/2010
DRobertson
DRobertson, Consultant / Technician
Category: Computer
Satisfied Customers: 730
Experience: MCTS, MCDST, MCP, A+, Network+, 20+ years in IT. Support for OEMs. Computer repair business owner.
Verified

Hi and thanks for writing us here at JustAnswer.com. Please know that to resolve your question may take some back and forth questions and answers. Help us to help you! We are here to help and will do our best to resolve your issue; we are not here to just make money. Also note that we do NOT work for any company and in no way represent them on their products and/or services.

 

I have heard there are some newer ones that will not allow you to even get to some sites, besides redirecting to others. These newer ones will not allow you sometimes to even go to AV sites, to try and get ride of them.

 

I am going to suggest we get the OS (with the virus) out of the picture. I need you - on another system that has a burner - to download and burn an .iso image file to a CD. You will then boot to it in the system infected and it will run without Windows ever booting up.

 

Here are the instructions:

 

Go to another PC and the go to the following link.


http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-3.11.23804.zip


This link will have a file that will automatically start to download when you click the link above.

 

Download it and unzip it, then burn the .iso (this is a disk image file and must be burned thru software that can use a disk image) file to a CD. This is an .iso file, so you do not do anything with the file at all. Your burner software will know how to use it.

If you need a .iso burning program, then download and install this free one:

 

http://download.cnet.com/Active-ISO-Burner/3000-2646_4-10602452.html?tag=mncol

 

You will then want to boot to the new CD on your original PC. You will put the CD in the tray then do a normal reboot. The CD will take over and it will first update itself (trys, but sometimes is not able to do so - not a problem if it can not) then it will do a total scan of your system for viruses and such. Let it run and take note of it finds any of them. When it is done take out the CD and "hard" reboot your system, using the power button.

 

Let me know how this does for you, and if still no joy, do not hesitate to get back to me so I can help more with this. God bless!

Ask Your Own Computer Question
Customer reply replied 8 years ago
I went to a second computer and got the file and ISO Burner and burned a disc. I booted up with it. Got 2 penguins, a welcome to REscue CD3.11 23804 then a D followed by 6 o's then a big O then 11 more o's -- then it stalled. I left it for an hour and nothing. I tried again -- same thing. I burned the CD again -- same result. I went to a third computer, burned it again. same result. What should I do?

Ok, so sounds like something is not loading right with that OS on your system. I apologize. There are some systems out there that sometimes cause an OS to crash when loading off a CD like that. Thats the downside of booting to a OS CD.

 

I am going to direct you to another CD. You will do the same of downloading and burning the .iso file has a disk image and then booting to the CD:

 

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

 

There is a link on the page - the only one - and that will start the download of the .iso file.

 

Let me know how things go for you.

Ask Your Own Computer Question
Customer reply replied 8 years ago
I did the kaspersky rescue disc. It took 17 and a half hours! (got pretty slow at the end). There were 66 items -- all from e-mail from past years and mainly to do with eBay. Once I rebooted and tried Google -- same results. I was redirected to some place called Juggle.com.

What now?

Ok, so what we may be with is just the "junk" of the "viruses" (used loosely) left over.

 

I want you to click the link below and install this cleanup program. It is free and I use it myself. It will ask the first time you use it, if you want to just run a simulation, make sure to answer no, so it will actually clean the system.

 

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2144_4-10727454&ontId=2144_4&spi=5f3bfd9299def382b44aa0a2a57eec14&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pi d=10727453&mfgId=6298450&merId=6298450&pguid=E4zDiwoPjF4AADcj-c0AAABK&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-2144_4-10727454.html%3Fspi%3D5f3bfd9299def382b44aa0a2a57eec14

 

Once done with all and rebooted. I want you to manual, in your Browser address bar, type the Google addy and try it.

 

Let me know how all goes.

Ask Your Own Computer Question
Customer reply replied 8 years ago
Still no joy. At first I thought typing Google.com in did the trick. When I tried it a second time it redirected me again. (this is what came up on the bar - seek.ind.in/dr.php?id=long string of numbers). By the way, when I have tried the system restore, it won't start and asks if I want to send a notice to Microsoft.

This one is a hair-puller!

Ok, another Expert helped me on this issue. Thanks to MoralT.

 

You have a particular kind of virus, called a rootkit. They are nasty because (layman's terms here) they can look and act like a normal file that the system needs, when they are not.

 

I am going to have you download and run a program. I need you to send me the results and I will help you determine what file has the rootkit.

 

Here is the web addy:

 

http://www.gmer.net/

 

About half way down the page, you will see a a link to click to download the GMER program:

 

"You can download GMER here" click on the "here".

 

Once downloaded and ran, send me the results. Also, the web page gives a lot of details about the virus and how GMER works. Also, it gives details about how to use GMER.

Ask Your Own Computer Question
Customer reply replied 8 years ago
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-02 13:26:55
Windows 5.1.2600 Service Pack 3
Running: lxm1m26i.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kftcifob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9DC978A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9DC9821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9DC9738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA9DC974C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9DC9835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9DC9861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA9DC98CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA9DC98B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9DC97CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9DC98FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA9DC980D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9DC9710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9DC9724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9DC979E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA9DC9937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9DC98A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA9DC988D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9DC984B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9DC9923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9DC990F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA9DC9776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA9DC9762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9DC9877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9DC97F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9DC98E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9DC97E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9DC97B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Customer reply replied 8 years ago
Hadn't heard from you in a while. are you off on vacation?

I have had an issue come up and I am going to opt-out to allow another Expert to finish helping you on this.

 

Thank you and God bless.

Ask Your Own Computer Question
hongkongpom
hongkongpom, Computer Support Specialist
Category: Computer
Satisfied Customers: 1,464
Experience: Microsoft Certified Desktop Support Technician since 2007
Verified

Hello and welcome to justanswers.com my name is XXXXX XXXXX I'm here to help you with your computer problem.

 

Please try these free tools in this order but first uninstall all anti-malware programmes that you have running.

 

After that start with these Microsoft tools

 

http://www.microsoft.com/security/malwareremove/default.aspx

 

http://www.microsoft.com/security_essentials

 

 

Hijack this from Trend Micro

http://www.bleepingcomputer.com/tutorials/tutorial42.html

 

If none of this works then download Dr.Web Cureit and put in on a CD. This is the best boot up CD anti-malware software

 

http://www.freedrweb.com/livecd/?lng=en

 

hongkongpom
hongkongpom, Computer Support Specialist
Category: Computer
Satisfied Customers: 1,464
Experience: Microsoft Certified Desktop Support Technician since 2007
Verified
hongkongpom and 87 other Computer Specialists are ready to help you
Ask your own question now
Was this answer helpful?

How JustAnswer works

step-image
Describe your issueThe assistant will guide you
step-image
Chat 1:1 with a tech support specialistLicensed Experts are available 24/7
step-image
100% satisfaction guaranteeGet all the answers you need
Ask hongkongpom Your Own Question
hongkongpom
hongkongpom
hongkongpom, Computer Support Specialist
Category: Computer
Satisfied Customers: 1,464
1,464 Satisfied Customers
Experience: Microsoft Certified Desktop Support Technician since 2007

hongkongpom is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed.

One Happy CustomerNew York

I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you!

RPAustin, TX

Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill

Bill M.Schenectady, New York

The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you!

FrankCanada

Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help.

Mary C.Freshfield, Liverpool, UK

This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!!

AlexLos Angeles, CA

Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult.

GPHesperia, CA

< Previous | Next >

Meet the Experts:

Andy

Andy

Computer Consultant

5,316 satisfied customers

11yr exp, Comp Engg, Internet expert, Web developer, SEO

Engineer John C.

Engineer John C.

Computer Science Engineer

3,229 satisfied customers

Computer Science Engineer with 10 years of experience in Computer Support, and Microsoft, A+ and Cisco certified

Ryan H.

Ryan H.

Computer Support Specialist

1,741 satisfied customers

A+ Certified Technician - 10 Years experience working with all types of computer systems.

Jane Lefler

Jane Lefler

Sr Prog Analyst / Technician

2 satisfied customers

Computer Programmer / Technician/ Consultant 16+ years

Frederick S.

Frederick S.

Computer Specialist

7,241 satisfied customers

Computer technician and founder of a home PC repair company.

lifesaver

lifesaver

Computer Software Engineer

4,288 satisfied customers

Engineering degree in Computer science,Microsoft Certified Professional.JA computer expert.

Sudipto

Sudipto

Hardware Engineer

4,260 satisfied customers

Certificate Course In Computer Maintenance

< Previous | Next >

Related Computer Questions
I have a redirect virus. I have tried some solutions I found
I have a redirect virus. I have tried some solutions I found on Google, but they didn't work.… read more
Cris
Cris
62 satisfied customers
I have windows XP internet explorer 8 and a virus or similar
I have windows XP internet explorer 8 and a virus or similar which I cannot get rid of.It shows up as %0 in the google search box on my home page and when I attempt to search it redirects me to other … read more
Frederick S.
Frederick S.
Computer Specialist
High School or GED
7,241 satisfied customers
WHEN i USE GOOGLE CHROME OR BING, I get my search references,
WHEN i USE GOOGLE CHROME OR BING, I get my search references, but when I clilck on the desired site I get redirected to Pebble or some other commercial site. This makes searching the web almost imposs… read more
Erik B.
Erik B.
Network Engineer
Associate Degree
4,134 satisfied customers
I have a virus on my computer (Redirect Virus) that redirects
I have a virus on my computer (Redirect Virus) that redirects my search whenever I use google search, yahoo search, or any other search engine to a bogus site. How can I remove it? I've tried maleware… read more
Matt
Matt
2nd Line IT Support / Administrator
Bachelor's Degree
289 satisfied customers
hi there got a problem when i go into control panel and press
hi there got a problem when i go into control panel and press add or remove i get the message app not found, this is only happened since i downloaded vuze a p2p host no internet anymore either, think … read more
Bob
Bob
Vocational, Technical or Trade Scho
103 satisfied customers
All of my google searches are being redirected. I have run my antivirus and spyware progra
All of my google searches are being redirected. I have run my antivirus and spyware program and malwarebytes and it is not detecting anything. I have seen a lot of posts re: hijackthis, so I ran that,… read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
After logging into Internet Explorer, the Google page appears
After logging into Internet Explorer, the Google page appears for a second and they another Tab page pops up called: http://www.argifocus.com/client/tradePPCorp_7..... I can't seem to get rid of this … read more
Cris
Cris
62 satisfied customers
When I click on a searched link in Google I get redirected
When I click on a searched link in Google I get redirected to off the wall search engines. I must have a virus or something but Ive tried all of my virus scans and still no help. Any help is appreciat… read more
Justin
Justin
Network Administrator
Associate Degree
2,187 satisfied customers
I have two sites that I frequently go to (coupons.com and smartsource.com)
I have two sites that I frequently go to (coupons.com and smartsource.com) that I cannot access now. They can be accessed from other computers so it is only specific to my computer. When I google the … read more
Santonu
Santonu
Hardware Engineer
PGDCA
3,434 satisfied customers
I have a problem with antivirus software alert that is coming
I have a problem with antivirus software alert that is coming up on comp but I already scanned with malware and AVG. Why wld this be occurring??… read more
Ansh P.
Ansh P.
System Analyst
Bachelor\u0027s Degree
6,393 satisfied customers
In the last 2 days, I have had several attempts to send unauthorized
In the last 2 days, I have had several attempts to send unauthorized emails to all my contacts in my yahoo mail account. It sends a link to a canadian pharmacy to all my contacts. I have microsoft sec… read more
Jeremy D
Jeremy D
Owner - Chief Technician
Bachelor
116 satisfied customers
My computer has been invaded by some sort of virus that causes
My computer has been invaded by some sort of virus that causes Google to malfunction. I have run Mcafee scan several times with niothing found. The problem continues. I even ran Mcafee Stinger with no… read more
Matt
Matt
2nd Line IT Support / Administrator
Bachelor's Degree
289 satisfied customers
I have a windows Xp lab top that has 36 viruses on it, I can
I have a windows Xp lab top that has 36 viruses on it, I can get on the internet. It does boot on to the dest top. Please help me to solve this problem.… read more
Jeremy D
Jeremy D
Owner - Chief Technician
Bachelor
116 satisfied customers
I am tryingh to see if it is possible for me to get a copy
I am tryingh to see if it is possible for me to get a copy of a Operating Systems Disc. The disc is Windows Vista Home Premium 32-Bit with SP1. I need to install the Windows program back onto my compu… read more
Jeremy D
Jeremy D
Owner - Chief Technician
Bachelor
116 satisfied customers
Hello, I am using google chrome and for a few months now whenever
Hello, I am using google chrome and for a few months now whenever I try to do a search or go to the google page it sends me to google netherlands. I am not sure how this happened but at least I was ab… read more
Matt
Matt
2nd Line IT Support / Administrator
Bachelor's Degree
289 satisfied customers
Need help with virus issue use Malwarebyte and macafee....
Need help with virus issue use Malwarebyte and macafee.... Malwarebyte was suggested by a technian from just answer. viruses removed but having trouble with IE. consistently not seaching says not conn… read more
Jordan H
Jordan H
Associate Degree
92 satisfied customers
I am running XP and have a second Internet Explorer running
I am running XP and have a second Internet Explorer running in the background. I can not see it or control it and only know it is there because it is listed in the Processes in Task Manager. I can sto… read more
Matt
Matt
2nd Line IT Support / Administrator
Bachelor's Degree
289 satisfied customers
I think my computer is infected with some kind of virus and
I think my computer is infected with some kind of virus and I need to know how to get rid of it. It seems to be a .gif extension but it's not a typical .gif graphics file. While poking around in "docu… read more
Sudipto
Sudipto
Hardware Engineer
High School or GED
4,260 satisfied customers
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Show MoreShow Less

Ask Your Question

x