1 2 Previous Next 17 Replies Latest reply on Jan 28, 2011 6:52 PM by newjack

    Please help.

      So I have a little problem that’s been ongoing for a while.

       

      I appear to ge viruses often.

       

      Here’s how it happens.

       

      I go to google.com in Mozilla Firefox. I search for something.  Anything. It brings me a list of results. So far so good. Then I click  on a link to one of the results, and it brings me to a different  location than promised. Just weird one page sites, often selling  something, that have nothing to do with my search. I can’t click back. I  have to retype google.com and search again. Then the second time I  click on the same link, it always takes me to the place I want to go.

       

      But it seems that in the .5 seconds I spend on this fake site is  enough for some sort of virus to be installed on my computer, even  though I only click “X” to get off the page every time.

       

      Then this happens:

       

      A new program’s icon is automatically on my little dashboard thing in  the bottom right near the clock, battery power, etc. It’s always a  different icon. Right now it’s called “Antivirus.NET”. The  “Antivirus.NET” **** automatically pops up on my screen saying it’s  doing a “scan” of my system, and of course it’s detecting mad trojans,  yo. If I exit that, the Antivirus.NET icon remains on my dashboard, and  intermittently a “Windows Security Alert” bubble pops up from it saying:

       

      “Windows reports that your computer is infected. Antivirus  software helps protect your computer against viruses and other security  threats. Click here for the scan your computer. Your system may be at  risk now.”

       

      Shortly after this poorly worded bubble, a box will pop up saying:

       

      Antivirus software alert. Virus attack!

      Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

      DETAILS

      Attack from: 123.37.54.5, port 5597 (different every time it pops up)

      Attacked port: 1246 (different every time it pops up)

      Threat: Win32/Nuqel.E (either this or BankerFox.A)

      Do you want to block this attack?

       

      And of course I click “No” because I’m not an idiot.

       

      Also, a box will pop up:

       

      Security Warning

      X  Application cannot be executed. The file “taskeng.exe” (different every time) is infected. Do you want to activate your antivirus software now?

       

      And of course I click “No”, because, to reiterate, I’m not an idiot.

       

      But wait! There’s more! A box:

       

      Antivirus software alert

       

      Attention! Spyware Alert!

       

      Vulnerabilities found.

       

      Your computer is infected by spyware - 34 serious threats  have been found while scanning your files and registry. It is strongly  recommended that you disinfect your computer and activate a realtime  secure protection against future intrusions.

       

      Why do you need realtime spyware protection? (this is a link I never click)

       

      Upgrade to a full version of antivirus software to  clean your computer and prevent new security and privacy attacks. You  will be able to download daily updates and get online protection against  Internet attacks.

       

      And of course I click “Stay unprotected.”

       

      It also will randomly open Internet Explorer and take me to such well-regarded sites as porno.com, viagra.com, and porno.org.

       

      And so, what I do every time this starts to happen is run my McAfee full scan, as well as an Ad-Aware full scan, and a  Malware-bytes full scan, simultaneously.

       

      And once those scans are done, between the three I assume the  “Antivirus.NET” virus has been found and eliminated. And I restart my  computer, and all seems to be righted.

       

      Then I google something and IT HAPPENS AGAIN. Not every time, but  probably once every couple weeks lately. And it’s really  annoying.

       

      WHAT DO I DO TO MAKE THIS STOP? UNINSTALL AND RESINSTALL FIREFOX? IS IT SOMETHING WITH THE BROWSER ITSELF?

       

      Any help would be much appreciated.

        • 1. Re: Please help.
          ConorD62

          Hi Paulg83,


          Sounds like you have a nasty redirector,


          Can you try doing this:


          1.    Please  open Internet Explorer and click Tools -> Internet options.

           

          2.    Please  click on Connections tab.

           

          3.    Click LAN Settings… and a window named LAN Settings will open.

           

          4.    Please  uncheck all options and click on Ok.

           

          5.    Please  close Internet Explorer window.


          See if this works.


           


          If not, I will have to recommend you to some Malware Experts.


           

          1 of 1 people found this helpful
          • 2. Re: Please help.

            Paulg83, As conner said check the lan settings.Then down load malwarebytes if you can.If not see if you can load a copy off a clean computer and run.You can also try this from mcafee

            https://community.mcafee.com/docs/DOC-1294

            • 3. Re: Please help.
              ConorD62

              Hi,


              Unfortunately, Malwarebytes cannot stop redirectors,


              Only stop nasty proxy settings..


              Thanks.


               

               

              (Although it will get rid of leftovers from the fake anti virus.)

              1 of 1 people found this helpful
              • 4. Re: Please help.

                I understand.Although it looks like he has fake av also.Just trying to give him a starting point.To possibly get back some control of computer Until somebody with a bit more knowledge has a better answer.

                • 5. Re: Please help.

                  Conor, Newjack, thanks so much for the replies...

                   

                  I've run malwarebytes, ad-aware, and mcafee and did a system restore. So my Antivirus.NET issues are gone (for the time being).

                   

                  Conor, I did what you asked, and all the boxes in LAN were already unchecked on Internet Explorer.

                   

                  However, I do use Firefox more than Internet Explorer and so tried to do the equivalent of what you said in that browser (not sure if this makes a difference). I went to Tools, Options, Advanced, Network tab, and under Connection there was a Settings tab, clicked it and a Proxy box came up, it was checked to No Proxy which I feel like was right. However, I do remember changing this at some point in the past, could this be a problem?

                   

                  Anyway, a "redirector" sounds exactly like what I have with this google search issue, described above. Any advice on how to get rid of it? Or who I can talk to that may be of assistance?

                   

                  Again, much appreciated.

                  • 6. Re: Please help.
                    ConorD62

                    Hi Paulg83,


                    Can you please try doing this:


                    • Flush your dns cache from your computer
                    • Start > All Programs > Accessories > Command Prompt
                    • Type ipconfig /flushdns and enter.


                    See what happens after that.


                     

                    • 7. Re: Please help.

                      paulg83, You probably should open a post at bleepingcomputer.com.That would be my advice.Although they may not get back to you for a few days.If this is google redirect virus you will need some extra help.Unless you want to pay then try here.

                      http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR                                                                                                                                        Good luck newjack

                      1 of 1 people found this helpful
                      • 8. Re: Please help.
                        Hayton

                        You could have a rootkit infection, which would need specialist tools to remove it - and someone to help you through the process.

                         

                        Or, you could be picking up the infection repeatedly from a particular website. If you're using Firefox, I suggest you download the following add-ons :

                        - NoRedirect

                        - NoScript

                        - BetterPrivacy (cookie handler)

                        • 9. Re: Please help.

                          Gave it a shot. It says "The requested operation requires elevation." Whatever that means.

                          1 2 Previous Next