1st post newby here with virus question...
I hope I am posting this in the correct place...
Last Wednesday it started... I kept getting redirected to non wanted websites. (I pay for Verizon who bundles the McAfee security suite). Current on updates etc but full scans did not detect anything. Thursday night, contacted McAfee support tech who said it was an issue with the security suite so he removed the SS but could not get the new SS installed on my computer. Friday, played phone ping pong for 10 hours with various MST and premium MST who all scanned, rescanned and told me they couldn't find anything wrong. At 11:00 pm I was finally told that McAfee doesn't support winxp2 anymore and that they would not fix any problems on my computer... not a good christmas. Last night when I got home from Christmas traveling, I installed AVG and Stinger and they both told me I had C:\WINDOWS\system32\drivers\serial.sys Trojan horse BackDoor.Generic14.CBWP.
Anyway, here I sit with no MSS on my computer evidently on my own to fix my computer. I tried McAfee's virus removal methods with scans and recovery console and can get all trojan files deleted except serial.sys. I've tried calling tech support but they are experiencing heavy calls. I cut my Christmas travels short in order to see if this infection could be fixed and because Friday's complimentary premuim tech support runs out today. I work with 3d computer modeling so I have some expensive softwares which are a few years old but I understand that I will need to purchase new expensive softwares because upgrades won't work. My goal is to get rid of this infection and keep win sp2. Can anyone help? Thanks everyone.
I am running Windows professional Build 2600, version 2002, Service Pack 2, Pentium(R) 4 CPU 2.80 GHz 2.79 GHz, 3.0 GB RAM, nVIDIA Geforce FX 5900
Unfortunately some infections will get past any antivirus application.
Firstly you need to get rid of whatever it was and did you think of trying System Restore to take you back to before all this started?
It can be initiated in Safe Mode if you can't do anything in regular mode. Go to Start/All Programs/Accessories/System Tools or Start/Run and type in rstrui.exe. Safe Mode is reached by tapping F8 repeatedly while booting up.
If it works make sure you update the system and your virus protection immediately afterwards.
If it doesn't try using the FREE version of THIS software but update it first before running a full scan.
If it wont do it in regular mode you can do all of that in 'Safe Mode with Networking' which is number 2 on the menu that you get when you tap F8 repeatedly while booting up. That particular software works in that mode.
Apart from an antivirus and a good antimalware software, one previously mentioned, it is essential that you take care where you surf, what you click on and what you download, and extremely important that you keep Windows totally up to date.
XP SP2 has not been supported since July 13, 2010. To install SP3 disable your antivirus. There are some hints and links here: https://community.mcafee.com/thread/2007 including the standalone SP3 download which is usually the best way to install it.
Thank you Ex_Brit...
We used Malwarebytes to scan throughout last thursday and friday but it never found the sys issue. It did find a whole list of restore files during the technician's scan which the tech said would get fixed. I was told to turn off system restore to try and keep the infection to one file and since it was redirecting me on the internet, that I should scan for infections after every use.
Yesterday, I tried your suggestion of system restore but it only gave me a restore point for yesterday. I did not have nor could get a clean serial.sys file to use as a replacement. I had read a posting or two saying that if you delete this serial.sys file and reboot, that win will make a new file to replace it. I did a complete computer scan and it only found the serial.sys file as a threat. So, with nothing to lose, I unplugged my internet cable, found the serial.sys file, renamed it to serialinfected.sys, drug it to my desktop (just in case it didn't work, I would still have it on my machine), rebooted and it worked! I left clicked on the infected serialinfected.sys file on my desktop after rebooting and the security suite automatically quarantined it. A complete computer scan both last night and this morning found no threats and all of my software works great so far! Too simple? It works so far.
I commend you on your quick response and great suggestions toward fixing my issue! Very helpful!
Thank You!! Thank You!! Have a happy (and not so cold) New Year!
Google Redirect virus or fix Search Engine Redirect problem.
Check Local Area Network (LAN) settings
Make sure that DNS settings are not changed
Check Windows HOSTS file
Manage Internet Explorer add-ons. Remove unknown or suspicious add-ons
Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS
Scan your computer with legitimate anti-malware software (ComboFix)
Use CCleaner to remove unnecessary system/temp files and browser cache
Reset your Router back to the factory default settings
Download and Run the fixtdss Tool
If you are trying to remove this, there are full instructions on how to do
that manually at the link :