Jump to content



Photo

Redirect Malware


  • Please log in to reply
10 replies to this topic

#1 theignorant1

theignorant1

    Neowinian

  • Joined: 07-July 12

Posted 08 October 2012 - 00:20

Before you ask, I've already searched and tried all of the possible solutions I could find...

In general, I try to take good care of my system. I used Norton 360 as my main virus protection, falling back on Malware Bytes if all else fails. This usually works, but lately I've been having a serious problem, and neither of them are finding anything. Basically, I've got some sort of malware that's causing IE9 to redirect me to 'livesearchnnow.com,' and god knows what else. It doesn't affect any other browsers on my system, but it still concerns me, not only because IE9 is my browser of choice, but because I don't know what else it's doing.

Besides Norton, I've ran Malware Bytes, SpyBot, and TDSS Killer (someone suggested that) to no avail. It's still hapenning, and none of them are finding anything out of the ordinary. Does anyone have any suggestions of what else I can try, I really hate to do a full system restore if I can avoid it, even if it does take a little more time.


#2 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 08 October 2012 - 00:24

Its probably a browser add-on go to manage add-ons and disable it there (you can get its file path from the more information button)

Cloud also be a hosts file or dns redirect

#3 Marshall

Marshall

    ▇ ▂ ▃ ▁ ▁ ▅

  • Tech Issues Solved: 7
  • Joined: 22-June 03
  • Location: USA

Posted 08 October 2012 - 00:36

Read here on the details of the virus and removal instructions...

http://blog.teesuppo...com-completely/

Regards

#4 OP theignorant1

theignorant1

    Neowinian

  • Joined: 07-July 12

Posted 08 October 2012 - 01:56

Read here on the details of the virus and removal instructions...

http://blog.teesuppo...com-completely/

Regards


Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else.

#5 Marshall

Marshall

    ▇ ▂ ▃ ▁ ▁ ▅

  • Tech Issues Solved: 7
  • Joined: 22-June 03
  • Location: USA

Posted 08 October 2012 - 02:32

Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else.


Try the removal tool designed for this specific piece of malware...

http://cleanspywaren...val-how-to.html

Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's?

Edit: Also try removing via Superantispyware

#6 OP theignorant1

theignorant1

    Neowinian

  • Joined: 07-July 12

Posted 08 October 2012 - 02:53

Try the removal tool designed for this specific piece of malware...

http://cleanspywaren...val-how-to.html

Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's?

Edit: Also try removing via Superantispyware


Yeah, I'm sorry, that's a typo :blush:

But anyways, I'll try the spyware link you sent me. And just to clarify, I'm not having any of the scareware effects the links mention, like the fake AV. Just the redirects, and even then only in IE, and only in search engines. If I do a search and click on a link, about 50% of the time I get sent to a random IP address (they're different most of the time, or I would try blocking them), and then redirected to the LiveSearchNow site. This doesn't happen outside of a search engine, and I've checked and I have no unusual plugins or toolbars :(

I really hope I can get this straightened out, I really appreciate that you're trying to help, it's just that I'm trying everything and nothing can find it.

#7 Marshall

Marshall

    ▇ ▂ ▃ ▁ ▁ ▅

  • Tech Issues Solved: 7
  • Joined: 22-June 03
  • Location: USA

Posted 08 October 2012 - 03:38

This might go without saying but, have you checked under Addons if livesearchnow.com didn't add an entry into Search Providers?

Edit: Have you also ran Ccleaner?

#8 OP theignorant1

theignorant1

    Neowinian

  • Joined: 07-July 12

Posted 08 October 2012 - 04:15

This might go without saying but, have you checked under Addons if livesearchnow.com didn't add an entry into Search Providers?

Edit: Have you also ran Ccleaner?


Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient!

#9 Marshall

Marshall

    ▇ ▂ ▃ ▁ ▁ ▅

  • Tech Issues Solved: 7
  • Joined: 22-June 03
  • Location: USA

Posted 08 October 2012 - 04:36

Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient!


I'm far from the most savvy computer user here, but I can hold my own. Hopefully +BudMan or sc302 will get you in the right direction, considering they're security experts.

#10 Az.mak

Az.mak

    Mark

  • Joined: 05-October 12

Posted 12 October 2012 - 04:01

Have you tried HiJack This and see what it finds for you? You can get it at SourceForge http://sourceforge.net/projects/hjt/

#11 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 October 2012 - 04:04

Have you tried running IE with addons disabled? Also make sure your DNS servers haven't been tampered with. You might also want to try a scan with hitman pro.