7 Replies Latest reply on Jan 13, 2011 5:37 PM by Hayton

    Redirecting virus ... McAfee is not finding it!

      Hi, I'm new here, sorry if this is in the wrong place.

       

      My laptop is infected with a redirecting virus, in both IE9 and Firefox, every google & Bing search I get redirected to a page with:

      categoriesonline.com

       

      Why does McAfee not find it, what can I do to get rid of it please?

       

      I pay for McAfee through a monthly AOL subscription, I have done for years, I am now thinking of canceling it as I cannot use my laptop as I should be able, something must be able to be done?

       

      Thanks in advance if you can help me?

       

       

      Message was edited by: Paddi on 13/01/11 05:44:21 CST

       

       

      Message was edited by: Hayton - fix weird formatting of message on 14/01/11 01:56:43 GMT
        • 1. Re: Redirecting virus ... McAfee is not finding it!
          Peter M

          First of all IE9 is beta and McAfee SecurityCenter malfunctions because of that, please uninstall and use IE8.   See THIS.

           

          Secondly no antivirus on Earth is 100% guaranteed to catch 100% of what's out there.

           

          Follow the guidelines in this Required Reading.

           

          If that doesn't help then download, install and update (important) the FREE version of THIS tool, run a full scan and let it remove anything it finds.

           

          Reboot immediately if asked to.

           

          If the infection prevents you from doing the latter in regular mode, try doing it in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up.

          • 2. Re: Redirecting virus ... McAfee is not finding it!

            Hey, download Malwarebytes , install, update then run a scan , see what it finds

            • 3. Re: Redirecting virus ... McAfee is not finding it!
              Peter M

              Thanks DoZe - already suggested above.  (see THIS tool)

              • 4. Re: Redirecting virus ... McAfee is not finding it!

                Hi thanks for your replies.

                 

                I have used Malwarebytes (I think I have tried everything there is on the market/free!) it found and removed a trojan but I am still getting the redirecting on EVERY search

                 

                Could you explain why this would find Trojans etc when McAfee doesn't? sorry I'm not technical - but I trusted McAfee to keep my laptop safe!

                 

                I will uninstall IE9

                 

                I have had a reply to an email I sent to the people at UnHack me, this is what they say below:

                 

                Yes. I see the problem.
                But I found no  malware on your computer.

                 

                We will check further more.

                 

                I  found that in the IE you have proxy server option is on.
                Do you use  proxy server?

                Let me know your local network configuration.

                I see that you use  DNS servers: 192..... and 192.........
                Probably it is your ADSL  router or something like this.
                Can you check it?
                Do you have  default password on a router?

                Newest malware can infects several home router devices if the  default password is used.

                They simply change the DNS server settings  on the router to the malicous settings and you will be always  redirected.


                Thank you for your assistance.


                Best regards,


                Dmitry  Sokolov


                Manager of Security Team


                Greatis Software                

                 

                I am not technical at all, I will ask a more technical person that I know  to help me check the above, should I change my router or the password? any ideas what should I do?

                • 5. Re: Redirecting virus ... McAfee is not finding it!
                  Peter M

                  I'm afraid I'm not that technical either, best ask someone who is.  Removing IE9 should help greatly and will only take a few seconds.

                   

                  Maybe you just need to delete cookies.  When IE8 is up and running, as it should be immediately after you have removed IE9 (if it's IE7 then install IE8 - again should only take minutes) go to Tools/Internet Options/Advanced and click Reset, Apply and OK any prompts.

                   

                  Close and reopen the browser and then go to Tools/Manage Add-ons and re-enable the add-ons you need.

                   

                  As I said, there is no such thing as a 100% infection-proof anti-virus.

                   

                  By the way McAfee has a submission process for perceived threats that aren't detected (or wrongly detected):  http://vil.nai.com/vil/submit-sample.aspx

                   

                   

                  Message was edited by: Ex_Brit on 13/01/11 10:07:26 EST AM
                  • 6. Re: Redirecting virus ... McAfee is not finding it!
                    ConorD62

                    I think you should read THIS,


                    Then post here.

                    • 7. Re: Redirecting virus ... McAfee is not finding it!
                      Hayton

                      Malwarebytes picks up a lot - perhaps not all - of the malware that causes browser redirection. It is always worth running another of the malware-detection programs as a double-check : I keep Spybot and SuperAntiSpyware on hand just in case. If you use Spybot, make sure that you disable the TeaTimer (realtime scanning) option, since that will conflict with McAfee.

                       

                      The problem may well be in your router, as the email from UnHackMe suggests. You should have some documentation somewhere that tells you how to reset the password; if it's still on the default setting then you are wide open to a hack from outside changing your settings. Unplug it from the internet, change the password, then flush the dns cache using ipconfig.

                       

                      If you have a Hosts file, find it (in c:\windows\system32\drivers\etc\hosts) and have a look to see what's in it. A redirect to the site you mention could be caused by having that site inserted into that file as the default.

                       

                      Let's hope your problem is not the result of a rootkit infection : there is a much improved McAfee Stinger tool coming soon which will tackle those, but it's not ready yet. And getting rid of a rootkit is not an easy process.

                       

                      Finally, it's always worth looking to see what URLs are set in your browsers as defaults. For Internet Explorer I use Glary Utilities - you can download the free version from here. See the screenshots below for an example of what the IE Assistant option displays. With Firefox I've installed the NoRedirect addon, which might be worth having. I can't say how well it works, because I've never been redirected while using it - if you see what I mean.