6 Replies Latest reply on Dec 19, 2012 7:53 PM by Hayton

    http://sftwred.info/redirect.cgi

      hxxp://sftwred.info/redirect.cgi

       

      Please help. Ann the anit virus software i have running didnt prevent my browser being hijacked by the above. I have tried everyth9ng I have to remove it,but it simply is not being picked up. An internet search of this revealed McAfee may have heard of this. Is anyone able to give me an idiots guide how to remove this?

       

      Thanks

       

      Message was edited by: Hayton - posting a clickable link may have been unwise - on 19/12/12 20:40:00 GMT

       

      Message was edited by: Hayton on 19/12/12 20:40:28 GMT
        • 1. Re: http://sftwred.info/redirect.cgi
          Peter M

          Moved this to Malware Discussion > Home User Assistance.

           

          As you don't mention what anti-virus you have installed I'll assume it's a McAfee home product.

           

          Try scanning with Stinger and Malwarebytes Free both linked in that last link in my signature below.

           

          Note that no antivirus is 100% guaranteed to protect you.  You have to be extra careful and make sure everything on your computer is totally up to date.

          • 2. Re: http://sftwred.info/redirect.cgi
            Hayton

            This seems to affect Firefox more than other browsers. is your browser Firefox?

            • 3. Re: http://sftwred.info/redirect.cgi

              Hi mods, yes it is Firefox,but also effecting Explorer. Can't do system restore,even in safe mode. Been on chat with Norton 2.5 hours with them telling me it aint a virus,only to say oh yes it is. then to say they will get their virus team to ring me if i pay 100 dollars to resolve the virus. Angry isn't in it because I have 4 licenses for family and we all have 6 months updates /membership left. When I asked why can't they be made aware of the virus/worm and issue a fix in next update or forthcoming updates. i WAS TOLD THEY WILL IF I PAY FOR IT!?!?. So in other words,everyone who has Norton, pays for membership, gets 6 months virus free surfing if your lucky, then if you get a virus, they want you to pay for their virus team to fix it, to then issue it in a release....so in other words everyone who has norton 360 is paying for their own updates....Norton I know is a swear word with McAfee.

               

              I have seen the above http mentioned in virus threats on McAfee with a dat fix 6568 I think, so if I buy McAfee I am wondering will your anti virus will fix it, if so then all 4 family members swapping for life to McAfee..I do hope someone out there can help this family. Thanks guys

              • 4. Re: http://sftwred.info/redirect.cgi

                Virus Profile: JS/Autorun.worm.aacz

                 

                                       
                                                   

                 

                       
                 

                 

                 

                                          Print                                  

                 

                                                            

                   

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     

                Risk Assessment:Home                                  Low | Corporate Low
                Date Discovered:21/09/2012
                Date Added:21/09/2012
                Origin:Unknown
                Length:varies
                Type:Virus
                Subtype:Worm
                DAT Required:6568
                Removal Instructions

                     

                 

                 

                 

                 

                 

                     

                All Users:
                Use current engine and DAT files for detection and removal.

                Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

                 

                 

                This is what McAfee say about it. I am slightly different in so much the http is http not hxx and the is no [removed]

                • 5. Re: http://sftwred.info/redirect.cgi
                  Peter M

                  All antivirus companies charge for professional virus removal, so don't be shocked by that.   McAfee has a similar service.   No antivirus is guaranteed and often with infections that are already known, new variants may appear which aren't known,  It's a constant uphill battle, but wise surfing and keeping ones system totally up to date, especially all the browsers, and their add-ons including Java, helps a lot.  Plus I find it's useful to keep around one or two extra anti-malware applications.

                  The last link in my signature has some suggestions.

                  • 6. Re: http://sftwred.info/redirect.cgi
                    Hayton

                    It seems that Mcafee detects it and can fix it, according to that Virus Profile document.  The McAfee DAT version changes often : we're well past 6568 now, and the latest one should still deal with this worm unless it's significantly changed (in which case it will have a different identifier).

                     

                    I looked to see if the free Stinger download tool would be appropriate, but that only deals with a subset of infections and this one isn't in the list.

                     

                    The "hxxp" in the McAfee document is an example of obfuscation. It's so you don't end up with a clickable link to anywhere suspect.

                     

                    If McAfee does clear this you should look to see where it's come from so you don't get re-infected. USB drives and peer-to-peer connections are two of the main culprits.