# HELP!! Anyone who can read HIJACKTHIS log



## Supramom2000 (Jun 21, 2007)

Hey everyone,

My teenage son's computer is massively infected. He is 18 1/2 years old so this is all on him! I set up many security/malware/adware programs, but somehow he got some terrible viruses and trojans. I managed to get rid of everything but a google redirect.

I have run HIJACKTHIS and have a log file that I posted on a tech forum. No reply. I am tired of working on this (3 days) so I know there are many, many awesome computer people on this site. If anyone can help me interpret the log file I would greatly appreciate it!! I don't want to delete or "fix" something that I will regret later!

Shannon


----------



## matt (Jan 12, 2010)

Supramom2000 said:


> ... but somehow he got some terrible viruses and trojans ...


How would a teenage boy get his computer filled with viruses and malware?


----------



## LarryFlowers (Sep 22, 2006)

I had to deal with this once last year on someone's PC...

This was the solution I found that worked:

http://www.geekstogo.com/forum/topic/267407-how-to-fix-google-redirects/


----------



## Supramom2000 (Jun 21, 2007)

matt said:


> How would a teenage boy get his computer filled with viruses and malware?


Believe me, I told him to his face:

You either got this from porn, World of Warcraft or downloading music from suspect websites!


----------



## harsh (Jun 15, 2003)

Depending on the version of Windows, I've sometimes been able to fix these problems with a System Restore. I had to use this recently when a coworker was looking for "cooktops" on Google and found a trojan website. Note that the System Restore can be rendered useless if you install any Microsoft software after the restore point.

Malwarebytes has also pulled some backsides from the fire but you may have to do some quick renaming of the installation directory to prevent it from getting defiled.


----------



## Earl Bonovich (Nov 15, 2005)

Supramom2000 said:


> Believe me, I told him to his face:
> 
> You either got this from porn, World of Warcraft or downloading music from suspect websites!


Not necessarily...

Our TKD School computer got hit pretty bad two weeks ago, as did my Brother-In-Laws system.

I've gotten everythign out, except a randomly appearing Google ReDirect.
Also the DNSCaching mechanisms is all messed up, I had to turn it off.

(I am going to format and rebuild the system next month).

Check your HOSTS file... it is possible they filled a bunch of garbage in there.

I ultimately had to use an unbutu boot disk, to get access to the C drive, to delete that HOSTS file.


----------



## Supramom2000 (Jun 21, 2007)

harsh said:


> Depending on the version of Windows, I've sometimes been able to fix these problems with a System Restore. I had to use this recently when a coworker was looking for "cooktops" on Google and found a trojan website. Note that the System Restore can be rendered useless if you install any Microsoft software after the restore point.
> 
> Malwarebytes has also pulled some backsides from the fire but you may have to do some quick renaming of the installation directory to prevent it from getting defiled.


Harsh, this virus and whatever the others were turned off system restore, Security Essentials, Security Center, Windows Defender, McAfee, etc. I cannot turn any of them on yet. I have tried to reset them etc. But those are my last priorities.

I ran Malwarebytes and it found and deleted several big things. But the redirect keeps happening. I read that you have to run something like Hijackthis first as this insidious trojan resets itself after a reboot.


----------



## Supramom2000 (Jun 21, 2007)

LarryFlowers said:


> I had to deal with this once last year on someone's PC...
> 
> This was the solution I found that worked:
> 
> http://www.geekstogo.com/forum/topic/267407-how-to-fix-google-redirects/


Larry this is working great so far, except one step "gooredfix" is for firefox only. My son uses IE. Any ideas?


----------



## dpeters11 (May 30, 2007)

I've stopped blaming the users when they get infected for going somewhere they shouldn't have. There was even a point where the New York Times site had a bad ad.

There likely is another way of fixing this, but there is a point where I usually just reload Windows or use the restore CD. At least on my systems, it's sometimes faster and I don't have to worry about missing something. You've hit the point that would happen for me.

Though you say you can't turn on Security Essentials or McAfee. You shouldn't have both on a system, two Antiviruses running is a bad idea. That isn't causing your issue, but keep that in mind for the future.


----------



## bsprague (Feb 24, 2007)

I paid $200 to Best Buy to fix my daughter's computer. It came back good as, and just like, new with none of her stuff on it. She got to reload what she wanted. Depending on what you do, it might be easier to earn $200 than spend time fixing your kid's computer!


----------



## sigma1914 (Sep 5, 2006)

bsprague said:


> I paid $200 to Best Buy to fix my daughter's computer. It came back good as, and just like, new with none of her stuff on it. She got to reload what she wanted. Depending on what you do, it might be easier to earn $200 than spend time fixing your kid's computer!


No offense, but you got ripped off if all they did was what sounds like a clean reinstall.


----------



## LarryFlowers (Sep 22, 2006)

Sorry, Having been around here for a while I thought I was the only user of Internet Explorer. I'll see if I can find an IE solution for you.. which version? and what OS?

Today's environment has become more difficult to deal with. While certain sources are as active as ever... illegal downloads, adult web sites, "free" game downloads, etc., you are a lot more likely to get hit just by simply going to a favorite web site. New York Times, MSNBC, CNN even CNET can all infect you through the ads on their pages.

As Windows and Internet Explorer got harder to break and antivirus apps putting a stop to email attachments, Adobe Flash & Java became vectors of choice for delivering nasty payloads.

You old timers will have noticed that the frequency of "updates" for Adobe Flash, Reader and Java have increased 10 fold as they try to deal with these issues.

If you run Windows 7, the tool of choice should be Malware Bytes. Download a copy of the free version once a month and keep it on a thumb drive. Dont sweat the definition updates as long as you get a fresh copy once a month.

An infected PC with Malware Bytes installed and running the quick scan will generally restore a system to usability. Not necessarily fixed, but usable. After a reboot you can usually download the latest Malware Bytes updates and run another quick scan. This should take care of most issues. 

After I have done this I will usually run a full scan by Microsoft Security Essentials followed by a FULL scan by Maleware bytes.

This process will blow an entire afternoon but 99.9 times out of 100 will return a system to normal ops.

Of course if you are dumb enoug to open the attachment on that email about that package that UPS has for you... all bets are off! :lol:


----------



## dpeters11 (May 30, 2007)

sigma1914 said:


> No offense, but you got ripped off if all they did was what sounds like a clean reinstall.


That's their standard price for viruses. Backing up data costs an extra $100. I bet they do this more than actually cleaning the system. It is pretty much guaranteed to remove the virus after all.


----------



## Supramom2000 (Jun 21, 2007)

Larry, I have done ALL THAT! My son's computer uses IE, I use Firefox. I was going to download Firefox when this was all resolved.

I ran Malwarebytes and it found several things and quarantined them. Then I went in and deleted them. One of the fixes from the website you suggested did clean out all the temp files and did something to the hosts file as Earl suggested. I had already run TDSSkiller, VipreRescue, Windows Live Onecare, Comodo Internet Security, etc.

Everything except the darn redirect appears to be fixed. I ran through the steps in the website you suggested but I could not do the red... one. It is for Firefox. They say that is the main fix!! According to their website, I must still have a virus. I am running malwarebytes and comodo again!

But I do have that log from Hijackthis and a new one from OTL if anyone can read them and tell me what to do from there.

The computer is a laptop Dell Inspiron 1525. Running Vista Home Premium 32 bit, SP2. I had uninstalled IE down to IE6 to see if that would help. Something did help because the computer finally found new Windows Updates, which it wasn't doing before. With the new updates, it is back to IE7.

Thanks!


----------



## Marlin Guy (Apr 8, 2009)

sigma1914 said:


> No offense, but you got ripped off if all they did was what sounds like a clean reinstall.


No kidding. Especially if it had a restore partition on it, which it probably did.


----------



## Marlin Guy (Apr 8, 2009)

The redirects can come from a couple of different sources.
HOSTS file changes, bogus DNS servers, or bogus Winsocks Providers.

Each should be addressed after an infection like this.

http://www.dslreports.com/faq/10131
http://microments.com/fix-the-dns-hijack-or-dns-spoofing-tutorial/200
http://www.mydigitallife.info/2007/...ndows-vista-tcpip-winsock-catalog-corruption/


----------



## Marlin Guy (Apr 8, 2009)

I'd run Combofix on that box too.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


----------



## Supramom2000 (Jun 21, 2007)

Marlin, the Highjackthis program found several Winsock errors, but I am afraid to delete anything without expert advice. I posted the log in that Bleepingcomputer forum yesterday. No answer yet. Also, their website says DO NOT RUN COMBOFIX until a mod responds to your log posting.

I will check out the other links you posted. Do you think I should run Combofix anyway?


----------



## Earl Bonovich (Nov 15, 2005)

Supramom2000 said:


> Larry, I have done ALL THAT! My son's computer uses IE, I use Firefox. I was going to download Firefox when this was all resolved.


For the record... the systems in my TKD school are Firefox... they were infected (and still are).

I had to use IE, to get the tools down to do the cleanup (at least to the part I am at now).

I still have no clue on where the latest issue is comming form on The systems.
Malware, SuperAntiSpyware, Mcafee, and a few other tools continue to report the system as clean.


----------



## Supramom2000 (Jun 21, 2007)

Earl Bonovich said:


> For the record... the systems in my TKD school are Firefox... they were infected (and still are).
> 
> I had to use IE, to get the tools down to do the cleanup (at least to the part I am at now).
> 
> ...


Any suggestions Earl?


----------



## Earl Bonovich (Nov 15, 2005)

Supramom2000 said:


> Any suggestions Earl?


Sadly...

No... As I have been trying for about three weeks, to eliminate the last piece of this virus/spyware in the system....

Nuking the HOST file did help, cut it down a lot.
I also had to shut off DNSCache service (because something damaged it, and nothing will work if I leave it on).

I have already resigned to the point that I will have to format the system (most likely will replace it, as it is a 6 year old system that I have nursed for 2 years now).

But we have a tournament in three weeks, so I can't wipe out the system yet... just dealing with the pop-ups ever so often.

Also using OpenDNS did help too, as they have been catching a lot of them for me...


----------



## bsprague (Feb 24, 2007)

sigma1914 said:


> No offense, but you got ripped off if all they did was what sounds like a clean reinstall.


No offense taken. I know I got ripped off. But it was way better than listening to my computer dumb daughter whining about it. She got the message too! She knows if she is computer stupid again, it will cost her $200!


----------



## Marlin Guy (Apr 8, 2009)

Supramom2000 said:


> Marlin, the Highjackthis program found several Winsock errors, but I am afraid to delete anything without expert advice. I posted the log in that Bleepingcomputer forum yesterday. No answer yet. Also, their website says DO NOT RUN COMBOFIX until a mod responds to your log posting.
> 
> I will check out the other links you posted. Do you think I should run Combofix anyway?


Running the commands in the third link will do no harm, nor will running Combofix.
I always do all of the work from Safe Mode w/ Networking.
If the infection tries to block the Combofix process, then try renaming it to 123.exe or something like that, and run it again.


----------



## Marlin Guy (Apr 8, 2009)

Earl,
Have you reset the winsock catalog as described in my third link above?
I've seen that fix a bunch of them lately.

Have you run Combofix on the system?


----------



## klang (Oct 14, 2003)

Instead of spending days fighting this why not just reinstall Windows and the other software? It will run better afterward anyway.


----------



## sigma1914 (Sep 5, 2006)

bsprague said:


> No offense taken. I know I got ripped off. But it was way better than listening to my computer dumb daughter whining about it. She got the message too! She knows if she is computer stupid again, it will cost her $200!


:lol: I understand.


----------



## Marlin Guy (Apr 8, 2009)

bsprague said:


> She knows if she is computer stupid again, it will cost her $200!


These latest infections are through little to no wrong-doing on the part of the user.
They are cleverly engineered and they appear in legitimate search results, not just "bad" sites. Unless someone REALLY knows how to get out of it when it hits the screen, they're burned.

Another useful protective tool is Norton's Safe Web lite.
They also have a facebook plug-in.
http://safeweb.norton.com/lite


----------



## Earl Bonovich (Nov 15, 2005)

Marlin Guy said:


> Earl,
> Have you reset the winsock catalog as described in my third link above?
> I've seen that fix a bunch of them lately.
> 
> Have you run Combofix on the system?


I have not, have that on my list to try tonight when I am at the school.

As for Combofix... I had a bad experience with it the first time I ran it... trying to avoid it, if possible.


----------



## Marlin Guy (Apr 8, 2009)

Another concern with rootkit infections is that they can and do infect flash memory devices like thumb drives, and then jump to the next system.
Ask me how I found that one out.


----------



## Earl Bonovich (Nov 15, 2005)

klang said:


> Instead of spending days fighting this why not just reinstall Windows and the other software? It will run better afterward anyway.


In my case... 6+ year old system.
With several pieces of software installed, that are used... that would take a while to track down the original disks.

Plus this system was original installed and built in Korea, so I am concerned about loosing some of the components that were installed to support Korean fonts and displays.

Typically though, I completely agree with that concept.
I usually only spend about 10 hours max on a system trying to clean it, if not... rebuild time.

But there are cases, especially with WindowsXP being pretty much phased out (from a driver level), that it would be hard to get drivers again for older equipment.


----------



## TBoneit (Jul 27, 2006)

When they get to bad it becomes time to blow them away and start over.

Once you are sure there is no MBR virus you can just install a new copy without wiping out the drive. Vista & Win7 OEM and retail versions will move all the old windows files to a new directory and install clean copies of themselves. Then once the new install is properly fortified with Anti-Virus and security updates. You just scan the whole drive and first. Then you can go to the old windows folder and the Users folder for all your data files. That's sort of what I did when I went from 32bit to 64bit Windows7.


----------



## Earl Bonovich (Nov 15, 2005)

Marlin Guy said:


> Another concern with rootkit infections is that they can and do infect flash memory devices like thumb drives, and then jump to the next system.
> Ask me how I found that one out.


That's how I got hit on my personal system.
First infection in well over 10 years.


----------



## Marlin Guy (Apr 8, 2009)

Earl Bonovich said:


> I have not, have that on my list to try tonight when I am at the school.
> 
> As for Combofix... I had a bad experience with it the first time I ran it... trying to avoid it, if possible.


Given the quoted symptoms, I'd do the catalog reset in safe mode, reboot back into safe mode, and then run another full scan with Mawarebytes.
Running the free rootkit killer from Kaspersky linked earlier couldn't hurt.

Sophos also has a nice free rootkit discovery and removal tool, but you have to be careful with it. It will show some legitimate files as suspicious. It's up to the user to determine their validity. Sophos just holds the light for you. 

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html


----------



## Marlin Guy (Apr 8, 2009)

Earl Bonovich said:


> That's how I got hit on my personal system.
> First infection in well over 10 years.


That's why I now carry all of my virus removal tools on separate secured and write-lockable flash drive.
https://www.kanguru.com/index.php/flash-drives/secure-storage


----------



## TBoneit (Jul 27, 2006)

bsprague said:


> I paid $200 to Best Buy to fix my daughter's computer. It came back good as, and just like, new with none of her stuff on it. She got to reload what she wanted. Depending on what you do, it might be easier to earn $200 than spend time fixing your kid's computer!


Next time look around for a local computer shop. For example we charge $99 to reload from scratch. Some places could be cheaper & of course some could be more expensive as you found out. BTW our typical turn around time with no data backup is 24 hours. What was Best Buys? Our most expensive repair for labor is $149 for replacing the DC input jack on laptops.


----------



## TBoneit (Jul 27, 2006)

Earl Bonovich said:


> Sadly...
> 
> No... As I have been trying for about three weeks, to eliminate the last piece of this virus/spyware in the system....
> 
> ...


Keep in mind that some of the Viruses can make changes to your router which can lead to pop-up advertising even on a clean computer.

Dial-a-fix can do some repairs on XP systems.
SuperAntiSpyware also has repair functionality under preferences.

between them they can help a lot.


----------



## Earl Bonovich (Nov 15, 2005)

TBoneit said:


> Keep in mind that some of the Viruses can make changes to your router which can lead to pop-up advertising even on a clean computer.
> 
> Dial-a-fix can do some repairs on XP systems.
> SuperAntiSpyware also has repair functionality under preferences.
> ...


Yep... know about those fun router based ones...

The pop-ups were comming out regardless if I was on the school's router, my home router, or my MiFi... pretty sure it is in the computer.


----------



## Earl Bonovich (Nov 15, 2005)

Marlin Guy said:


> That's why I now carry all of my virus removal tools on separate secured and write-lockable flash drive.
> https://www.kanguru.com/index.php/flash-drives/secure-storage


This was a case of not knowing that the system was infected, and I was moving image files from the school to my home system for editing.


----------



## klang (Oct 14, 2003)

Earl Bonovich said:


> In my case... 6+ year old system.
> With several pieces of software installed, that are used... that would take a while to track down the original disks.
> 
> Plus this system was original installed and built in Korea, so I am concerned about loosing some of the components that were installed to support Korean fonts and displays.
> ...


oops, my comment was aimed at Supramom2000. Her Dell should have come with the means to reload it.


----------



## richall01 (Sep 30, 2007)

Try Norton, it's done the job for me for ten years. Also no antiviris is no good if you don't keep it up to date.


----------



## Earl Bonovich (Nov 15, 2005)

richall01 said:


> Try Norton, it's done the job for me for ten years. Also no antiviris is no good if you don't keep it up to date.


And that last part is one of the reasons why I have abandoned Norton.
They are the ones that started the aggressive "1 year and rebuy" that is very common in all the commercial anti-virus products now.

Had a few systems that got infected, because Norton expired and stopped updating.

But that is a discussion for another thread.


----------



## wilbur_the_goose (Aug 16, 2006)

MS Security Essentials is darn good and it's free.


----------



## dpeters11 (May 30, 2007)

Earl Bonovich said:


> And that last part is one of the reasons why I have abandoned Norton.
> They are the ones that started the aggressive "1 year and rebuy" that is very common in all the commercial anti-virus products now.
> 
> Had a few systems that got infected, because Norton expired and stopped updating.
> ...


I'll consider Norton again when Peter Norton himself rewrites it from scratch. Same with McAfee. These products just get more bloated and having to rebuy. I agree with Wilbur, the one that Microsoft gives is pretty good and is what i use on my Windows systems.


----------



## Earl Bonovich (Nov 15, 2005)

dpeters11 said:


> I'll consider Norton again when Peter Norton himself rewrites it from scratch. Same with McAfee. These products just get more bloated and having to rebuy. I agree with Wilbur, the one that Microsoft gives is pretty good and is what i use on my Windows systems.


I moved on to Micro Trend, mostly because they had a 3-system license for $30 a few years ago.

But since they are now, the "Best Buy" favorite... It was $70 to renew this year.... so 2012... I will be evaluating the options.

I got spoiled for 5+ years.
I purchased Norton 7 Corporate edition, with 5 licenses for $100.
Was able to run it on all my systems to Windows 7 (no client for Vista / Win 7)... and it just now finally reached end of life on the updates for Win2K3 Server.

Oh well...

Back to the point on hand...

Good Luck Super Mom.
Honestly though, at this point... if none of the suggestions work...

Back the data up to a flash drive (or another hard drive).
And rebuild the system.


----------



## LarryFlowers (Sep 22, 2006)

A general caution for everyone when dealing with older equipment:

If you resort to restoring the system from a system restore partition that the manufacturer put on the hard drive, be careful if it is an older system.

The restore partition may have a copy of Windows XP/SP1/SP2. If it does the Microsoft Update site will no longer update the system. Windows XP SP3 is the only version of XP still allowed.

I ran into this recently when prepping some client computers to donate to a charity. Akward.


----------



## bsprague (Feb 24, 2007)

TBoneit said:


> Next time look around for a local computer shop. For example we charge $99 to reload from scratch. Some places could be cheaper & of course some could be more expensive as you found out. BTW our typical turn around time with no data backup is 24 hours. What was Best Buys? Our most expensive repair for labor is $149 for replacing the DC input jack on laptops.


You are right. I should know where a local shop is. Since an Osborne and CP/M, I've been my own computer shop!

But, again, this is my daughter! I bought the computer for her when she decided to return to college a couple years ago. She had no idea where the disks were that came with it or the software I bought her. Best Buy's turn around was several days because she had to get Microsoft to send her new disks! I didn't mention that my daughter is 38 did I?

To the point of this thread, rather than spend 10 hours like Earl said he would do, I chose to keep my ten hours and part with the $200.

It was very easy!


----------



## harsh (Jun 15, 2003)

Supramom2000 said:


> I ran Malwarebytes and it found and deleted several big things. But the redirect keeps happening. I read that you have to run something like Hijackthis first as this insidious trojan resets itself after a reboot.


Be absolutely certain to update the Malwarebytes database before you run the scan.

I did a full scan with Microsoft Security Essentials recently and it didn't find the trojan until after Malwarebytes detected it.

I've never been hurt by running Combofix but I was ready to throw in the towel when I ran it. Again, make sure you have the most recent version.


----------



## harsh (Jun 15, 2003)

LarryFlowers said:


> The restore partition may have a copy of Windows XP/SP1/SP2. If it does the Microsoft Update site will no longer update the system. Windows XP SP3 is the only version of XP still allowed.


I've recently (in the last two weeks) restored XP (no service packs) from a recovery partition and had no trouble updating. The memory requirements for SP3 are high enough that I can't recommend going there unless you're using a newer machine.

I've also had success in the last couple months running Windows Update on a fresh install of Windows 98SE. You will need a copy of IE6 to pull it off and you may need to manually grab the latest version of the installer. It sure was nice not having to download 200+Mb of patches and go through all of those reboots.


----------



## Marlin Guy (Apr 8, 2009)

I keep a copy of SP3 on my USB flash drive.
http://www.microsoft.com/downloads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

Also Vista SP1, SP2, Office service packs, and I have the DVD for Windows 7 SP1


----------



## Mustang Dave (Oct 13, 2006)

The Malware Bytes program is a staple in our IT Tool Bag. Our sales team likes to test our spyware removal skills frequently. More often than not running a scan booted into Safe Mode removes all spyware. Good recommendation from the members on that program.

A few times an infected computer has had some registry settings changed that affected Windows services or programs that had be to undone even after the computer was cleaned. Some quick Google searches have always pointed to the quick repair of those items. 

Bugs can get saved in the System Restore backups so undoing an infection with that method is pretty much not an option. Most antivirus vendors have disabling System Restore one of the first steps in cleaning an infected computer anyway.

Reloading the entire OS is overkill and could result in permanent data loss if someone doesn't know what they are doing making that potentially more destructive than the actual spyware or virus. Better to undo what has been done in my opinion.


----------



## Mustang Dave (Oct 13, 2006)

Oh yeah forgot we have seen some spyware only infect the user profile so logging on as a different user has allowed us to clean an infected computer without a bunch of other hurdles to go through.


----------



## TBoneit (Jul 27, 2006)

Mustang Dave said:


> The Malware Bytes program is a staple in our IT Tool Bag. Our sales team likes to test our spyware removal skills frequently. More often than not running a scan booted into Safe Mode removes all spyware. Good recommendation from the members on that program.
> 
> A few times an infected computer has had some registry settings changed that affected Windows services or programs that had be to undone even after the computer was cleaned. Some quick Google searches have always pointed to the quick repair of those items.
> 
> ...


Some of the time there have been so many changes it just doesn't pay to try and fix it when it means days of work.

Backup, Backup, backup!

If the data is that important it should be backed up. Otherwise what happens when the hard drive dies?


----------



## Supramom2000 (Jun 21, 2007)

I just want to thank everyone for their most helpful advice and give you an update.

Nothing suggested ended up working. I did use Malwarebytes (updated) over and over. Ran Combofix several times and then again with some text added per the Bleeping Computer techie who was advising me. The redirects continued unabated regardless of what I did. The Bleeping Computer forum people stopped responding to my posts of the logfile results, so I gave up.

I did have everything backed up already, via an on-line service. And I did another back up to a thumb drive just prior. Then I used Dell's restore to factory software settings. This way I did not have to re-install the OS or network drivers, etc.

The first thing I did was download Firefox 4 and from there, downloaded Avira, Malwarebytes, MSEssentials, and several others. Avira found another trojan on the first scan - ATRAP or something similar. After I deleted that, I disabled ActiveX on IE and told my son to only use Firefox. I kept doing Windows Update (it did not find all the updates/patches on one shot. It kept finding more and more and more every time I had it search.)

Lastly, I ensured that every program, especially Flash and Java were on the latest versions with all available patches.

So far, so good.

Thanks again everyone.


----------



## mashandhogan (Dec 21, 2010)

klang said:


> Instead of spending days fighting this why not just reinstall Windows and the other software? It will run better afterward anyway.


agreed. get what you need off of it and do a clean install


----------



## jerry downing (Mar 7, 2004)

Norton Power Eraser will usually get rid of viruses. It is a free download. It worked when my son's computer got infected.


----------



## whizkid7 (Mar 13, 2011)

IMHO, a really good forum where the users will actively help you clean up a PC, is http://www.broadbandreports.com .

Specifically, the forum to use is:
http://www.dslreports.com/forum/cleanup

Good luck.


----------



## dirtyblueshirt (Dec 7, 2008)

klang said:


> Instead of spending days fighting this why not just reinstall Windows and the other software? It will run better afterward anyway.


+1

Without a hands-on by someone who has extensive knowledge of this level of infection (Geek Squad DOES NOT count) it's simply easier to reformat and reinstall Windows. After that, I would suggest a good antivirus program, NOT the free trials they include with the computer. Look for AVG Free edition, it's one of the best out there. Then be sure to upgrade to the latest browser versions. Firefox 4 and Internet Explorer 9 do well in containing these problems when used in conjunction with a good antivirus program.

I do network security for the Navy, and I see a lot. Honestly, this is the best option when dealing with the whole-computer hijack malware. Even when I remove all the stuff manually, it's only long enough to backup critical data before I reformat the machine altogether.


----------



## armophob (Nov 13, 2006)

Supramom2000 said:


> ....and told my son to only use Firefox.


and magazines. Just sayin'.

I know Brott does not want this to become a war of virus company thread, but I pay nothing for Norton every year. Just keep up with the ads to find the rebates that equal the price.


----------

