Browser hijacked

[Shoki]

Did you look into the possibility of your router housing stealth malware? Before you go and wipe your hard drive, try using your computer on a different network and see if it still redirects you. If it works fine on another network, your router is to blame and at that point you should update the firmware, restore factory defaults and re-setup security or look into getting a newer router.

If you are bent on reinstalling windows, you'll need the OS disk that came with your computer. Boot from the disk and the installation should be fairly straight-forward. Keep in mind that the more sophisticated forms of malicious code can write themselves to USB flash drives, CD-Rws, and any other removable media so that that they'll end up right back on your HD.

 

[Bob W]

This is a Dell Inspiron B120...

I can't find the backup disk that came with the computer. I've got a couple discs for Windows and a few programs and backups of my documents.

Several possibilities at this point:

That computer model may not have come with a restore disk. Instead, many laptops, especially Dells, use a hidden partition on the hard drive for restore. Press a 'secret' key combination as the computer boots and you'll go to the recovery utility instead of booting normally. A Google search should turn up more information, including whether your model has such a partition and what the code is to access it.

If you have or can borrow a Windows XP disk, the same version of XP that came with your computer, you can use that to reinstall the operating system. There should be a sticker on the laptop with registration key. Then you'll have to manually install all of the pre-installed software and drivers.

You could call Dell and ask for a recovery CD for that particular model.

Continue your efforts to hunt down and remove the virus(es).

Cough up the $$ to pay the ridiculous Geek Squad price.

Best Wishes.
-Bob

 

[KuRUpTD]

You might want to give this a try:

Click on "Start-->Run". Type "devmgmt.msc" and Click on OK. This will run Device Manager. In Device Manager, click on "View-->Show Hidden Devices".

Expand all the devices by clicking on the "Plus" sign. Now try to find "TDSSserv.sys" right click Disable. Please make sure that you do not select the Un-Install option otherwise infection will be back once you reboot your computer.

After disabling the TDSSserv.sys, run Malwarebytes to remove the virus completely from your system.

You also might want to check to make sure your router isn't compromised where a DNS address was entered to causes the redirect.

 

[GWashington1732]

Dell might have a factory restore on the setup menu. Hit F8 when the computer first starts up. On that menu, find "repair your computer" hit enter, then log on as an administrator. Click "Dell Factory Image Restore" and follow the instructions on the screen for reformating and restoring software. That's paraphrased out of my computer's user manual so I hope it's clear. As I remember, it wasn't that hard to do when I did it. Both of my Dells have this so there's a good chance yours does too. Just remember that this wipes out everything it restores it to when it just came out of the box.

 

[tyr_shadowblade]

The other computers on the router seem fine.

I thought I'd fixed it and everything seemed back to normal, but then the next time I started it up it was FUBAR. Wouldn't even start in safe mode.

Wiping the drive was easy, as was reinstalling the programs. And I saved $200.

Apparently, someone in the former Soviet union was trying to remotely access my laptop. I had nothing stored on it though.

 

[untamed]

Apparently, someone in the former Soviet union was trying to remotely access my laptop. I had nothing stored on it though.

WTF!?

 

[Bob W]

Wiping the drive was easy, as was reinstalling the programs. And I saved $200.

Maybe you can convince dttomcat how easy it is: http://www.bladeforums.com/forums/showthread.php?t=804943

Glad you avoided the scammers.

Now to get it back up and running with a firewall, anti-virus program, and all of the Microsoft security updates. :thumbup:

 

[knarfeng]

Well, I was able to clean up most of it.

No more bogus error messages, mo more crashes, system running a lot quicker.

Problem seems to be a real nasty bug along the lines of a new generation TDSS rootkit.

I've been doing research, and it seems to be so difficult to fix most people end up wiping their hard drive and reinstalling Windows. No anitvirus or antimalware can detect it and it does not appear in a HijackThis Log.

As long as I click on the Google cache link, nothing is triggered and everything works fine. If I try clicking on the main link it redirects to scour.com or a random malware site.

Anyone know what can be done about this?

If the only problem you are having is with your browser, have you considered downloading a different browser? I had a virus problem one time that screwed up my Windows Internet Explore, but did not affect Firefox. There's half a dozen free browsers out there. Why not give one a shot. I like Firefox a lot and use it all the time. Here's a link so you need not Google for it.
http://www.mozilla.com/en-US/firefox/

I was finally able fix that virus problem with Spybot.
You might find that you have to try several different spyware products before you find one that works on a specific problem.

 

[tyr_shadowblade]

If the only problem you are having is with your browser, have you considered downloading a different browser? I had a virus problem one time that screwed up my Windows Internet Explore, but did not affect Firefox.

This was a newly developed rootkit trojan. Very nasty and no software can remove it yet. Unfixable -- at least all the cases I've heard of on the security forums ended up with the victim wiping the hard drive. Supposedly there is a tool that can remove it, but once you're infected it will not run, even if you change the name. Then your laptop becomes an EVIL SOVIET ZOMBIE ROBOT and steelz your bank account or something. I dunno tech stuff. Technology frightens and confuses me.