Epoclick, Scour, Smartshop etc. redirect

Levers, pulleys, widgets, computers, and other gearhead talk.

Moderators: happywaffle, arclight

Epoclick, Scour, Smartshop etc. redirect

Postby mpbrockman » May 12th, 2011, 12:30 am

Yay! Killed the google redirect virus.

Now I've got something else, it's got to be malware in my XP machine. It redirects me to shopping/malware sites like those mentioned in the subject line. It does this on and off but it definitely does it every time I log in here.

Nevertheless, it is not the AIC server. It has to be in this particular machine. It's an insanely smart virus that will not allow me to access sites like malwarebytes that might help (page loading error), it keeps re-infecting my router (a hard reset lets me back into it - but changing the router password doesn't seem to help), it actually laughs at me when I try to look up solutions on the web (I mean this literally - I hear a laugh, the words "Oh, no" and then the sound of a car crash as it redirects me away from anti-malware sites). Cleaning up the router stops the sfx, but only temporarily. It's backed up my Kaspersky malware database to 11.18.10 and won't let me update manually or automatically, and AVG doesn't see it. I've scoured my registry and host file, I've turned every browser extension on/off and everything else I could think of.

That all said, it hasn't seemed to have done any serious damage. My system and apps all run correctly and at normal speed - but I am about to tear my effing hair out. The annoyance factor is insanely high.

Anybody else hit and/or solved this?
"He who is not a misanthrope at age forty can never have loved mankind" -Nicolas de Chamfort
www.perfectlyreasonabledreams.com
http://www.facebook.com/mpbrockman
User avatar
mpbrockman
 
Posts: 2734
Joined: April 12th, 2007, 6:26 pm
Location: ATX

Postby mpbrockman » May 15th, 2011, 2:37 am

Computer fixed!

Malwarebytes free removed the virus, but took several integral components along with it (since that's where they were buried). If I'd been thinking a little more clearly I would have simply copied the registry entries with the bad code, deleted the bad code and reinserted the clean entries into their proper spot rather than deleting the whole mess. I've just never deleted a bad registry entry that didn't regenerate cleanly on restart before - so that was out of my experience.

Instead, I used the system restore to back everything up to April 1st (before all this nonsense started). Since the viruses had been wiped out it appears I got back clean versions of all the bad (DNS redirect) registry entries and other assorted bits of infected code. The only issue now is updating all my software again - a little time consuming (there were 18 separate XP security updates and I had to go find a clean version of Adobe Reader 8.0 and install that before I could update to Reader X - actually all my Adobe stuff needed updating), but that's a small price to pay. I'm sure I'll discover a few more programs that need updating as I go.

Anyway, near as I can tell - computer is clean and so is the router.

So if anybody hits this little bastard. I think I can cure it now. I hope none of you do, tho'. It's the "smartest" and most annoying virus I've ever had to root out.
"He who is not a misanthrope at age forty can never have loved mankind" -Nicolas de Chamfort
www.perfectlyreasonabledreams.com
http://www.facebook.com/mpbrockman
User avatar
mpbrockman
 
Posts: 2734
Joined: April 12th, 2007, 6:26 pm
Location: ATX


Return to Tech Talk

Who is online

Users browsing this forum: No registered users and 1 guest