We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
laptop virus
Options

tower
Posts: 264 Forumite


in Techie Stuff
hi, hope someone can help. i think i have a virus on my laptop, when i do a search and click on s result i keep getting redirected to various un-related sites. i have done a scan using mcafee and also superantispyware which picked up some viruses which i removed, i also did a system restore. none of which seem to work.
What shall i do now?
thanks
What shall i do now?
thanks
0
Comments
-
Have you read the stick at the top of the forum called Malware Removal? If not, have a read and download the software "Malwarebytes", update it and run a scan. Then follow the rest of the instructions and report back.0
-
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD THIS VERSION')
http://www.filehippo.com/download_hijackthis/2894/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
What happened to the malwarebytes log?:idea:0
-
hi, just re scanning now, will post shortly0
-
log after removal.Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4486
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/08/2010 11:28:19
mbam-log-2010-08-27 (11-28-19).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 288136
Time elapsed: 1 hour(s), 57 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Ah, now I see the problem; you have a smiley stuck inside it!0
-
Haven't looked at the HJT logs in any detail, but my first guess is that some application / crapware has foisted some proxy server on you that keeps redirecting you to Viagra sites etc. etc.
Just check something for me quickly - open IE. Check Tools / Internet Options / connections / LAN settings. Now see if a proxy server has been specified.0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\Ndozuzacufo.bin
c:\windows\Tcedixuqo.dat
c:\program files\wt3d.ini
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
(If SNAPSHOT is stupidly large, leave that part out)
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards