So I have a little problem that’s been ongoing for a while.
I appear to ge viruses often.
Here’s how it happens.
I go to google.com in Mozilla Firefox. I search for something. Anything. It brings me a list of results. So far so good. Then I click on a link to one of the results, and it brings me to a different location than promised. Just weird one page sites, often selling something, that have nothing to do with my search. I can’t click back. I have to retype google.com and search again. Then the second time I click on the same link, it always takes me to the place I want to go.
But it seems that in the .5 seconds I spend on this fake site is enough for some sort of virus to be installed on my computer, even though I only click “X” to get off the page every time.
Then this happens:
A new program’s icon is automatically on my little dashboard thing in the bottom right near the clock, battery power, etc. It’s always a different icon. Right now it’s called “Antivirus.NET”. The “Antivirus.NET” shit automatically pops up on my screen saying it’s doing a “scan” of my system, and of course it’s detecting mad trojans, yo. If I exit that, the Antivirus.NET icon remains on my dashboard, and intermittently a “Windows Security Alert” bubble pops up from it saying:
“Windows reports that your computer is infected. Antivirus software helps protect your computer against viruses and other security threats. Click here for the scan your computer. Your system may be at risk now.”
Shortly after this poorly worded bubble, a box will pop up saying:
Antivirus software alert. Virus attack!
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Attack from: 188.8.131.52, port 5597 (different every time it pops up)
Attacked port: 1246 (different every time it pops up)
Threat: Win32/Nuqel.E (either this or BankerFox.A)
Do you want to block this attack?
And of course I click “No” because I’m not an idiot.
Also, a box will pop up:
X Application cannot be executed. The file “taskeng.exe” (different every time) is infected. Do you want to activate your antivirus software now?
And of course I click “No”, because, to reiterate, I’m not an idiot.
But wait! There’s more! A box:
Antivirus software alert
Attention! Spyware Alert!
Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate a realtime secure protection against future intrusions.
Why do you need realtime spyware protection? (this is a link I never click)
Upgrade to a full version of antivirus software to clean your computer and prevent new security and privacy attacks. You will be able to download daily updates and get online protection against Internet attacks.
And of course I click “Stay unprotected.”
It also will randomly open Internet Explorer and take me to such well-regarded sites as porno.com, viagra.com, and porno.org.
And so, what I do every time this starts to happen is run my McAfee full scan, as well as an Ad-Aware full scan, and a Malware-bytes full scan, simultaneously.
And once those scans are done, between the three I assume the “Antivirus.NET” virus has been found and eliminated. And I restart my computer, and all seems to be righted.
Then I google something and IT HAPPENS AGAIN. Not every time, but probably once every couple weeks lately. And it’s really annoying.
WHAT DO I DO TO MAKE THIS STOP? UNINSTALL AND RESINSTALL FIREFOX? IS IT SOMETHING WITH THE BROWSER ITSELF?
Any help would be much appreciated.
Solved! Go to Solution.
Sounds like you have a nasty redirector,
Can you try doing this:
1. Please open Internet Explorer and click Tools -> Internet options.
2. Please click on Connections tab.
3. Click LAN Settings… and a window named LAN Settings will open.
4. Please uncheck all options and click on Ok.
5. Please close Internet Explorer window.
See if this works.
If not, I will have to recommend you to some Malware Experts.
Paulg83, As conner said check the lan settings.Then down load malwarebytes if you can.If not see if you can load a copy off a clean computer and run.You can also try this from mcafee
Unfortunately, Malwarebytes cannot stop redirectors,
Only stop nasty proxy settings..
(Although it will get rid of leftovers from the fake anti virus.)
I understand.Although it looks like he has fake av also.Just trying to give him a starting point.To possibly get back some control of computer Until somebody with a bit more knowledge has a better answer.
Conor, Newjack, thanks so much for the replies...
I've run malwarebytes, ad-aware, and mcafee and did a system restore. So my Antivirus.NET issues are gone (for the time being).
Conor, I did what you asked, and all the boxes in LAN were already unchecked on Internet Explorer.
However, I do use Firefox more than Internet Explorer and so tried to do the equivalent of what you said in that browser (not sure if this makes a difference). I went to Tools, Options, Advanced, Network tab, and under Connection there was a Settings tab, clicked it and a Proxy box came up, it was checked to No Proxy which I feel like was right. However, I do remember changing this at some point in the past, could this be a problem?
Anyway, a "redirector" sounds exactly like what I have with this google search issue, described above. Any advice on how to get rid of it? Or who I can talk to that may be of assistance?
Again, much appreciated.
Can you please try doing this:
See what happens after that.
paulg83, You probably should open a post at bleepingcomputer.com.That would be my advice.Although they may not get back to you for a few days.If this is google redirect virus you will need some extra help.Unless you want to pay then try here.
http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR Good luck newjack
You could have a rootkit infection, which would need specialist tools to remove it - and someone to help you through the process.
Or, you could be picking up the infection repeatedly from a particular website. If you're using Firefox, I suggest you download the following add-ons :
- BetterPrivacy (cookie handler)