I have got an annoying virus

Page may contain affiliate links. Please see terms for details.
jay clock

jay clock

Massive member
Location
Hampshire UK
I have a desktop with McAfee from BT but have still managed to get a some sort of virus. The symptoms are that I search in Google for something, and this gives a list of results. So if I search for cycling for example, the number one on the list is a page from britishcyling.org. What would then happen is that I click on the result for britishcylcing.org and it diverts me off to an ad page or direct onto something like Monster.com ( recruitment site)

if i re-run the search it generally doesn't happen again

other sites that I get diverted to are generic lists of various services.

ANy suggestions?

Jay
 
PaulSB

PaulSB

Squire
Location
Chorley, Lancashire
Presumably you've tried running McAfee and the problem returns? If this is the case my next step would be to create a Restore Point, boot up in Safe Mode and then run McAfee.

Personally I prefer AVG.
 
2Loose

2Loose

Guru
Location
Loughborough, Leicestershire.
It isn't a virus.

It sounds like some kind of Ad-ware...or perhaps even a trojan.

Try "SpyBot Search and Destroy" which can look for things that affect your browser in this way. Another thing to try would be "Avira AntiVir" which not only kills virus' but also a lot of this kind of thing.

Neither costs anything so give 'em a go.
 
ian turner

ian turner

Guru
Location
Leicestershire
Try malwarebytes to shift this rather than the antivirus packages.
Spybot S&D is best for realtime protection with the teatimer add on and worth installing.
 
gbb

gbb

Squire
Location
Peterborough
Look in ...
C:\Windows\System32\drivers\etc

I had a similar problem the other month. My host files had added locations that were re-directing me. Removed the offending files...job done.
Trouble is, i cant remember which files should be there...and which shouldnt.
 
SavageHoutkop

SavageHoutkop

Veteran
Location
South Manchester-ish
jay clock said:
I have a desktop with McAfee from BT but have still managed to get a some sort of virus. The symptoms are that I search in Google for something, and this gives a list of results. So if I search for cycling for example, the number one on the list is a page from britishcyling.org. What would then happen is that I click on the result for britishcylcing.org and it diverts me off to an ad page or direct onto something like Monster.com ( recruitment site)

if i re-run the search it generally doesn't happen again

other sites that I get diverted to are generic lists of various services.

ANy suggestions?

Jay
Click to expand...

Agree with what 2Loose said. Also possible that if you change browser it might go away - try it and see. I saw this recently and it had set 'hosts' in windows to be all sorts of other crud. Try spybot first, if that doesn't help see if there is a file in this directory (windows xp I presume) c:\windows\system32\drivers\etc\hosts

If there is a file there backup the one that's there and make a new one with most of the entries deleted.
 
OP
OP
jay clock

jay clock

Massive member
Location
Hampshire UK
great stuff. I ran Spybot and it found three nasties of some type, but the problem came back again tonight.

I looked in C:\WINDOWS\system32\drivers\etc and there are half a dozen items

hosts
hosts...........backup file
lmhosts.sam
networks
protocol
services

what if anything should be deleted from here?

I am reluctant to have to change browser to remove the problem. I use Firefox, but changing is a bit like turning up the radio to stop ominous car engine sounds!
 
OP
OP
jay clock

jay clock

Massive member
Location
Hampshire UK
will try malwarebytes now too
 
ian turner

ian turner

Guru
Location
Leicestershire
You don't delete any of those files, you edit the hosts file and remove anything aside from localhost 127.0.0.1 but malware has gone beyond simple host file redirections and malwarebytes should remove this stuff anyway.
When you've cleaned this thing out go into spybot tools hosts file and select add spybot s&d hosts list which will redirect away from known dodgy addresses, go into ie tweaks and select lock hosts file(malwarebytes flags this as a browser hijack which it isn't), go into resident and select sd helper and teatimer and every once in a while right click the teatimer icon on the right of the task bar select update and afterwards run immunize in spybot.
 
OP
OP
jay clock

jay clock

Massive member
Location
Hampshire UK
Thanks Ian. Thats sounds of possible use although on the margins of my technical skills! I also found an interesting article here http://www.google.co.uk/support/forum/p/Webmasters/thread?tid=071bc806ca454e5c&hl=en

The Kaspersky tool did not help me, but the second to last comment about proxy settings MAY have done it. Since changing this in Firefox to no proxy (was set to system settings proxy) the problem has not happened. I am away for a couple of days but will monitor it and if not working will try Ian's suggestions

Jay
 
You must log in or register to reply here.

Similar threads

Drago
How Long Have You Got Left.
Replies
91
C R
Have you got brain rot?
Replies
24
postman
Flippin fiddly friday frolics,wasted day when i could have been busy.
Replies
5
Dave7
Anyone got false teeth ? How are you coping with them ?
Replies
1
Top Bottom