virus problems

[moonrose]

so i had a computer with some viruses and removed them, yet one of them still remains.

what happens is, in my browser i will be redirected a a site http://ibmblacklist.com/block.php?url=(then the website i wanted)

and there are some buttons that say fix the problem, but do nothing of course.

what i have done:
run spybot search and destroy, malware bytes and removed everything with those, clean install of chrome and firefox, neither one worked, reset IE, and nothing changed.

ran both scans in safe mode to see if there were anymore virus's, and there are not.

there are no restores point and i dont have the OS disc.

but
what else should i do before getting disc and reformatting.

 

[Winterherz]

• what security programs u have
• what were you doing before you noticed a virus..e.g: install..download
• Other than browser, what else is affecting your pc

 

[moonrose]

what security programs u have
what were you doing before you noticed a virus..e.g: install..download
Other than browser, what else is affecting your pc

-no security problems, had to put avg on here,

-and let me state the laptop was given to me in this condition so i have no idea what was being used for, but obviously who owned before didnt know how to internet correctly ;P

-no other problems

 

[Slapshot136]

if the only problem is a website being re-directed to somewhere else, maybe it's just a dns problem - try changing your dns server to something like opendns

 

[moonrose]

what if i flushed dns? shoudlnt that have cleared that out. and the computers set to default router DNS.

 

[Samuraid]

Step 1: Check your computer's registry to make sure the virus isn't being loaded still. Check these registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Look for exe files with weird names (random characters, like "xkjjmufbd.exe") being loaded from any temp directories.

Step 2: Check your hosts file (C:\WINDOWS\system32\drivers\etc\hosts) to ensure there are no static DNS rules there that might be hijacking some of the sites you visit.

Ideally, there should only be an entry for 127.0.0.1 localhost, nothing else.

Step 3: Check your browser settings to ensure that it is not using a proxy. Viruses and trojans often configure the browser to proxy all web traffic through a local port on which the virus is listening.

In combination with using a good anti-virus program, doing the above may help solve the problem.

 

[staind25]

If you happen to find a virus using the above recommendation (Great suggestions, by the way), I can help you fix it:

Write down the registry path of the virus. Go to Start > Run. Type in "Regedit" and press OK. Now, carefully navigate to that path. Find the specific key(s) (It may have affected multiple keys). Double-click the key, and add or remove some arbitrary character to the key. This will "break" the virus. Simply deleting the key will most likely not work, as it will be recreated when you reboot...but CHANGING the key should get rid of it next time you reboot.

Hope that helps I've had a browser hijacker before and this is what I ended up doing, and it fixed it. I used Malwarebytes to find out where the virus was.

 

[DDRtists]

I had one like this, and what it did (and this part would work even after I cleaned the "virus" part of it), was change my DNS entries in my network card settings to their "DNS Servers" IPs. Those "DNS Servers" would then redirect my requests to their sites when they wanted to, and not the actual sites.

Make sure your DNS settings in your network card are the way they're supposed to be. Lol