Page 1 of 1

Epoclick, Scour, Smartshop etc. redirect

PostPosted: May 12th, 2011, 12:30 am
by mpbrockman
Yay! Killed the google redirect virus.

Now I've got something else, it's got to be malware in my XP machine. It redirects me to shopping/malware sites like those mentioned in the subject line. It does this on and off but it definitely does it every time I log in here.

Nevertheless, it is not the AIC server. It has to be in this particular machine. It's an insanely smart virus that will not allow me to access sites like malwarebytes that might help (page loading error), it keeps re-infecting my router (a hard reset lets me back into it - but changing the router password doesn't seem to help), it actually laughs at me when I try to look up solutions on the web (I mean this literally - I hear a laugh, the words "Oh, no" and then the sound of a car crash as it redirects me away from anti-malware sites). Cleaning up the router stops the sfx, but only temporarily. It's backed up my Kaspersky malware database to 11.18.10 and won't let me update manually or automatically, and AVG doesn't see it. I've scoured my registry and host file, I've turned every browser extension on/off and everything else I could think of.

That all said, it hasn't seemed to have done any serious damage. My system and apps all run correctly and at normal speed - but I am about to tear my effing hair out. The annoyance factor is insanely high.

Anybody else hit and/or solved this?

PostPosted: May 15th, 2011, 2:37 am
by mpbrockman
Computer fixed!

Malwarebytes free removed the virus, but took several integral components along with it (since that's where they were buried). If I'd been thinking a little more clearly I would have simply copied the registry entries with the bad code, deleted the bad code and reinserted the clean entries into their proper spot rather than deleting the whole mess. I've just never deleted a bad registry entry that didn't regenerate cleanly on restart before - so that was out of my experience.

Instead, I used the system restore to back everything up to April 1st (before all this nonsense started). Since the viruses had been wiped out it appears I got back clean versions of all the bad (DNS redirect) registry entries and other assorted bits of infected code. The only issue now is updating all my software again - a little time consuming (there were 18 separate XP security updates and I had to go find a clean version of Adobe Reader 8.0 and install that before I could update to Reader X - actually all my Adobe stuff needed updating), but that's a small price to pay. I'm sure I'll discover a few more programs that need updating as I go.

Anyway, near as I can tell - computer is clean and so is the router.

So if anybody hits this little bastard. I think I can cure it now. I hope none of you do, tho'. It's the "smartest" and most annoying virus I've ever had to root out.