Redirect Virus

[cstahler92]

I've some how managed to get a redirect virus and I can't get it off with Malwarebytes and Microsoft Security. Any recommendations? I'm looking for the price range of: Free.

 

[ex_bubblehead]

Lots of malware can not be cleaned from an active drive (ie. you've booted into Windows). You should remove the drive and either install it in an external USB enclosure or install as a second drive on a known, proven clean, system.

There you can scan the entire contents of the disk without any of the files being "live". Best is to scan with multiple anti-virus (means multiple clean machines) and malware scanners.

This is the only way (short of wiping and reinstalling) to be reasonably certain of getting it all.

This is how I do it in my shop and I'm 99%+ successful.

 

[cstahler92]

This is probably because it is 2am but I'm kind of confused. What exactly would I be putting on my External? ALL of my files and then I would run scans on it?

 

[ex_bubblehead]

Nope. You remove the infected drive and scan it on a known clean system.

 

[cstahler92]

How big of an external will I need? i have a large one but still. Also what do I pull over there?

 

[ex_bubblehead]

You don't need an external. You don't copy anything to another drive. You remove the infected drive from your computer, attach it to a second, known clean computer and scan it there. It ain't rocket science.

 

[Dark Lord of Tech]

http://support.kaspersky.com/faq/?qid=208283363

 

[Dark Lord of Tech]

http://www.surfright.nl/en

 

[kawininjazx]

Download and run ComboFix and TDSSKiller.

http://www.bleepingcomputer.com/download/combofix/

http://support.kaspersky.com/faq/?qid=208280684

 

[cstahler92]

I decided to try another way I've heard about which was running Malwarebytes and other virus detectors in Safe Mode. I'm 85% sure that didn't work and since I don't have another computer available I'm not exactly sure what to do.

 

[Dark Lord of Tech]

Malwarebytes was designed to work in normal windows mode.

 

[cstahler92]

Also I tried the Device Manager way where you look for "TDSSserve.sys", disable, restart, and remove. But TDSSserve.sys does not exist in my Device Manager even when I show hidden ones.

 

[Dark Lord of Tech]

Did you try hitman pro?

 

[cstahler92]

I tried Hitman but I did not get pro and wasn't offered a trial for it either =/

 

[Dark Lord of Tech]

This topic has been closed by Area51reopened

 

[Dark Lord of Tech]

This topic has been reopen by Area51reopened

 

[Dark Lord of Tech]

They give you a key.

 

[cstahler92]

Where at? Also I used Norton Power Eraser and it did remove something so idk if it worked.

 

[cstahler92]

Alright so NPE did not work. I finally got the trial for Hitman and it removed a malicious virus so we'll see if that worked.

 

[Dark Lord of Tech]

This topic has been closed by Area51reopened

 

[Dark Lord of Tech]

This topic has been reopen by Area51reopened

 

[cstahler92]

And Hitman didn't work either.

 

[Dark Lord of Tech]

http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=355&regs=NABU&lang_loc=1#undefined

 

[cstahler92]

I'm going to grab my important things which are saves and a couple of projects, put them on my USB, and restore.

 

[Dark Lord of Tech]

At this point i agree that is the best choice.