Nov 5, 2010 10:15 PM
I have been reading threads here and following links to try to figure what to do. A few weeks ago I picked up this epoclick virus somewhere. McAfee would not update, I couldn't log into antivirus help sites or download programs or anything. Luckily I still had a CD copy of my Webroot Spy Sweeper I had purchased for my previous computer when it got swamped by a virus and had a three computer license that had not expired.
I installed it and called their tech service, getting a hold of someone who was able to help me get to a point to be able to log in to their online tech service where they tried to help me. They had me download GMER, Wlogs,regbak, Sophos, and Combofix and run the programs and send logs and so forth.
It seemed to work for all of a day. No sooner had I told them things were running better did my (what i thought) internet start freezing randomly. It would lock up completely sometimes, sometimes let the mouse scroll, sometimes let task manager come up but nothing could be clicked on. I also started getting blue screens of death implying problems with drivers. I emailed them back and they told me they didn't work with hardware issues. Then I had the computer completely lockup with no internet windows open, so I started digging. This is when I realized that my webpages were taking forever to load (on a DSL) and discovered the search engine redirect. I started searching for help sites, and I saw that my searches were being redirected. This was using Bing and Yahoo. I did find out two things though. If you clicked on the cached page, it worked. I also discovered if you went back to the search page using the back button, the site names still showed but the websites below the description were for screwy websites (probably the redirects) and the cached pages were gone. I started using new tabs with the cached pages to save the original search page and cached results.
I downloaded Malwarebytes, SuperAntiSpyware, and a registry fixer called Frontline Registry Cleaner (which I am not sure of and I had to buy to actually clean the registry which was not quite implied when I looked into it). I scanned with Malwarebytes and SAS and the blue screens and lockups have slowed but not stopped. Its every few days instead of every few hours. But the search engines still redirect, and none of the scanning programs detect anything now, even in safe mode. McAfee and the others all seem to be updating ok as well.
Another thing I noticed, and this is what makes it potentially very dangerous in my opinion, is that it also redirects from certain secure sites. My online banking has dual entry screens, id, then password on new screen, and if it doesn't recognize you at first, it has an intermediary screen that asks one of a number of security questions. I wanted to test this so I logged my id into the main screen. Instead of going to either of those screens, I got new screen that said the site does not recognize your computer and to please enter specific account info into the following boxes. I didn't do that. I backed up and found that trying the demo also led to the same screen. I have checked my account from a safe computer since and it is fine. But people should be aware it tries to trick you at some secure websites with a redirect.
I am about to try a couple of more attempts with ideas from these threads. However, in one of the threads a link to google redirect remover at review-buddy provided some manual fixes. There is no TDSSserv.sys in my hidden non-plug-and-play devices (and this is the second website I found saying to look for this), nothing in my host program in the etc subfolder of Systems32, and Obtain DNS server automatically is already checked. Another potential bad program in my System32 folders is not there either.
I will try the tdsskiller, another spyware scanner, and am downloading an assistance program from my ISP with supposedly live tech support. I need to get this fixed quickly because I have to get into my bank account and I need to get some presents on Amazon, and I need to feel secure with my remote access to my work computer so I can work from home.
I know this was lengthy, but I hope someone can help because I am running out of options.
Thank you .