Yep this also happened to me. While at work. AT WORK !!! sorry had to say it like it is supposed to be said, yelling.
Now at my job, I am not “The Tech Guy”. I am the drawings and images guy. I mean I know plenty, but they already have a “resident nerd” and well, he is pretty good at it. So by my wandering around on the internet doing things “my way” and stumbling into an ” Oh dang!” moment isn’t the best thing for my career. First warning was ” Microsoft is ready to install Explorer 8″ Yep you guessed it, I installed it . Not thinking one time that I was on Firefox the whole time.
Ok I started with the on board Symantec end point. It caught either 8 viruses , or the same virus kept trying to rescue it’s self. lol I have no idea, I was panicking and hurrying , I saw the word ” Trojan” in the pop up warning from Symantec, and freaked out. I decide I better go check Windows update site and see if I ever downloaded Internet Explorer 8, The page would not load, I run to another computer on the network and all is fine, I head back to mine, still nothing. So I headed to the first place I could think of. Bitdefender’s online malware scan. It never lets me down. Well this time it surely did. I take it up a notch and head to “Malware Bytes” and start doing a search in Google and search the term “windows update takes me to Google” and started reading all the people praying and begging for help. The ever so faithful “tech guy forums” turned up an unanswered request for help, wow that was surprising. After about 45 minutes of reading, I find nothing (well I actually found the right thing but over looked it like 10 times) and malware bytes is done scanning, It found nothing, nothing at all, I try and update it, will not let me, along with anything else I tried to scan with.
So now I break out A-squared, not the worst thing in the line up for sure, but it did not find anything either. Ok now I am feeling like I am losing my mind. Well as this is going on I am still reading threads in forums about the issue. I go back to this thread . The first link in the first and only response, well tried that. Second link I click it it takes me to Super AntiSpyware. First thought is ” Well crap, this place looks like it’s just going to make the issue worse. I figured that it really couldn’t get much worse if I scan the file first. So I wander off to the download area for the free version. All was fine until I get to the point that I actually try and download it. Another dead link.. “hmmm, the link is dead, it is blocked, it must be what I need” is exactly what I thought. Ok also another thing about that name, just kept making me think about power rangers. It really sounded like the slogan from some kid’s show “super anti-spyware free trial go team action go!!!” is what I kept saying and giggling.
I walked over to another one of the computers in the office and download the file and slip it onto an open space on the server.
Walk back to my computer and here comes the I.T. guy, just in time. I let him fumble through it like I did. He made a lot of the assumptions I did at first, I walked away to the store next to the office and get a soda while he does exactly what I did. I get back into the office and there he is, lol just like me.. Reading the forum posts for a second time. We agreed that super action malware scanner was the way to go. Well we install it while Spybot S&D or something was finishing it’s scan.
We reboot to safe mode administration by pressing F8 after the bios scan, just before the windows logo. Yes I was just sitting there hitting the F8 button repeatedly till I got the boot menu.
In administration mode we ran the quick scan. Within seconds it finds 3 Trojans and a dns changer, by the end of the scan Super AntiSpyware found two root-kits and two registry key modifications.
We rebooted after the scan and checked to see if Microsoft Windows Update worked, all was fine but still could not update any of the virus scanners. So we reboot to safe mode administrator, and do the full scan. Nothing came up.
So far not all of the issues are resolved, I will go through my “hosts” file and see if there are any changes there. Probably not but hopefully there are. I know how to change that. and I will add the link that I got the file from in the first place to the list of blocked sites. I may even email a heads up to the guys from mvp’s hosts file website (google it).
This is the help I have for you. I hope it works for you. Heck I’m going to run that goofy named program on my home pc now and see what it finds. http://www.superantispyware.com/
Hope it helps you get un-hijacked. I promise that program actually works, just the name is stupid and their web designer is cheesy.
Also that “Google” page I kept getting redirected to was not regular google. it was an affiliate page. Google English. So the freak was making money off of each search we did while we tried to resolve the issue. Google needs to ban that account.
feel free to respond to this and explain your issue, if there is any variation to this issue or resolution, please post it here. there ar lots of people who read this every day and I would much appreciate it if we can help them all. Even if your response is ” yep worked for me” please help assure people the issue is/can be fixed with this.
okay…so…i’ve been looking for a answer to this for a while, and no one seems to have it so i figured i’d ask you! :)
anyway, this first started with only myspace but it has spread to almost every site i go to. when i go to certain places it’ll let me see them for about 30 sec. and then it will redirect me to a google images page with a link in the search bar, and then under it it will say that [enter link here] did not match any documents.and if i click on back to get back to my origninal page that i wanted, it will continue to do that.
i am running windows vista, and windows explorer 8…i did the same as you, when the window popped up saying mircrosoft is ready to install windows explorer 8 i clicked on it, but i already was using windows explorer 7, not firefox. i have done a virus scan, (using mcafee) and it showed that nothying was wrong…
please help :)
Oh hey, sorry for the late response, you almost got lost in spam filter.
But ok, you clearly are Hijacked. but I have few questions.
When you go to myspace, does it show up normal? I mean like the front page of myspace changes everyday, does the page you see as “myspace” change every day? or does it always stay the same? If it stays the same then you are going through a fake dns, so he ( the hacker) has a fake myspace. If it changes each day then you just have an adsense gamer. Means he uses google’s advertisement company and figured out how to cheat the system and turn everything you do on your computer, into $$ for him.
If it’s the ladder then you can cross your fingers and hope I am right in saying that he is not going for your personal info he just wants you to see the advertisements he gets paid for displaying. but don’t bet your soul on it. Some people are sick . Sorry to inform you of that. That’s just the most likely. So still do not use your credit card on that machine, and do not use your social security number on it either.
If it is the first one I mentioned, then he sees everything you do and everything you type. Passwords credit card numbers and so on. Everything.
but here is what I am going to do to try and help you on this issue.
First things first http://www.mvps.org/winhelp2002/hosts.htm go to that page. No it is not the be all end all, but boy it sure blocks your computer from connecting to many many bad websites. Scroll down the page until you see the folder that looks like files being dropped into it. click on the “Download: hosts.zip ” download that take all files out of that zip folder and save them to the desktop, they have to be outside of the zip folder for them to function properly. double click on the “mvps” file. two seconds will pass and the pop up window will turn blue, hit your space bar, you are done. Close all web browsers so the hosts file can reset it’s self and get a fresh new read of banned websites.
now that the bad sites are blocked (so you do not get further infected). Let’s go get that thing scanned for a virus or malware of any sort. Bitdefender
http://www.bitdefender.com/scanner/online/free.html twice during the process of the scan, you have to click that stupid bar that explorer has so you can authorize the activeX file (web browser software to act like an actual program)to run. run the full scan. If it does not run, then you do not have administrator rights.
Either way, next move is
a-squared Free 4.5 or greater from http://www.emsisoft.com/en/software/download/
Free just go to that page and scroll down, download that program and scan with it. full scan, go to the store, it will take a few minutes. after the first scan, click on “update” you will get new update list , scan again.
There re a few programs on the asquared site that have trial versions, can’t hurt to try them, but wait till we go through the hitlist of tools that are a must first.
http://www.malwarebytes.org/ click on “download free version” get it run it.
bow that http://www.superantispyware.com/ I hate that name, but man it actually worked. If found what was called a “rootkit” when you get rooted, well… you are screwed most virus scanners will not find it. super ant spyware actually found it. If it will not let you download as if the link is dead, then the dns trick he is pulling blocks that download, message me I will download it and put it on a free server site that he himself is probably using (so he can’t block that place, or he will block himself) to make it better available for you. if you are infected, it can’t get much worse unless you use/used your credit card or social security or gave home address information etc etc etc …..
good chance you may have Vundo, http://majorgeeks.com/VundoFix_d4954.html would not kill you to scan with that.
If you have Norton or any other virus scanner I am sorry to inform you that they lead you into a false sense of security. Most people who write malware, write it to specifically attach it’s self to the virus scanner. Why? because the virus scanner will not remove it’s self or delete any of it’s own files, this leaves the virus in control of the virus scanner. The virus commands the door open for all sorts of junk the virus scanner or blocker would be blocking, and it just goes crazy without you seeing much of any pop ups. It’s all automatic and happens 900000 times a day to millions of computers.
Your best protection, is safe surfing. If you see a pop up saying that you have a virus and need to scan, but the pop up looks nothing like your virus scanner, or you have no virus scanner yet get a notification that you have a virus, well DON’T CLICK THE NOTIFICATION. Go to your taskbar and right click every little window button and tell it to “close” do not save anything. It’s better to lose your 7 hours of hard work than to lose your identity.
You get an Email that says you have won something that you did not enter, delete delete delete. or an email about some dude in a far away country with a lot more money than you can imagine wants to wire it to your bank account and he will pinch you off a bit of money once you wire it to his new account. yeah delete that email that is trash. that scam works every single day 100 times a day. You give him your bank info, and then you hear nothing from him. You use your credit card the next day and it is refused, wiped out and in debt..
Truthfully, either way, your computer is compromised. There is no way to ever tell how much is installed on your computer and if you ever got it all.