Redirect Malware

By theignorant1
in Microsoft (Windows)

 Share

Recommended Posts

Rookie

theignorant1

Posted
Posted

Before you ask, I've already searched and tried all of the possible solutions I could find...

In general, I try to take good care of my system. I used Norton 360 as my main virus protection, falling back on Malware Bytes if all else fails. This usually works, but lately I've been having a serious problem, and neither of them are finding anything. Basically, I've got some sort of malware that's causing IE9 to redirect me to 'livesearchnnow.com,' and god knows what else. It doesn't affect any other browsers on my system, but it still concerns me, not only because IE9 is my browser of choice, but because I don't know what else it's doing.

Besides Norton, I've ran Malware Bytes, SpyBot, and TDSS Killer (someone suggested that) to no avail. It's still hapenning, and none of them are finding anything out of the ordinary. Does anyone have any suggestions of what else I can try, I really hate to do a full system restore if I can avoid it, even if it does take a little more time.

Link to comment
Share on other sites
Grand Master

TPreston

Posted
Posted

Its probably a browser add-on go to manage add-ons and disable it there (you can get its file path from the more information button)

Cloud also be a hosts file or dns redirect

Link to comment
Share on other sites
Rookie

theignorant1

Posted
  • Author
Posted

Read here on the details of the virus and removal instructions...

http://blog.teesuppo...com-completely/

Regards

Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else.

Link to comment
Share on other sites
Grand Master

Marshall Veteran

Posted
  • Veteran
Posted

Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else.

Try the removal tool designed for this specific piece of malware...

http://cleanspywaren...val-how-to.html

Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's?

Edit: Also try removing via Superantispyware

Link to comment
Share on other sites
Rookie

theignorant1

Posted
  • Author
Posted

Try the removal tool designed for this specific piece of malware...

http://cleanspywaren...val-how-to.html

Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's?

Edit: Also try removing via Superantispyware

Yeah, I'm sorry, that's a typo :blush:

But anyways, I'll try the spyware link you sent me. And just to clarify, I'm not having any of the scareware effects the links mention, like the fake AV. Just the redirects, and even then only in IE, and only in search engines. If I do a search and click on a link, about 50% of the time I get sent to a random IP address (they're different most of the time, or I would try blocking them), and then redirected to the LiveSearchNow site. This doesn't happen outside of a search engine, and I've checked and I have no unusual plugins or toolbars :(

I really hope I can get this straightened out, I really appreciate that you're trying to help, it's just that I'm trying everything and nothing can find it.

Link to comment
Share on other sites
Rookie

theignorant1

Posted
  • Author
Posted

This might go without saying but, have you checked under Addons if livesearchnow.com didn't add an entry into Search Providers?

Edit: Have you also ran Ccleaner?

Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient!

Link to comment
Share on other sites
Grand Master

Marshall Veteran

Posted
  • Veteran
Posted

Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient!

I'm far from the most savvy computer user here, but I can hold my own. Hopefully @BudMan or @sc302 will get you in the right direction, considering they're security experts.

Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Have you tried running IE with addons disabled? Also make sure your DNS servers haven't been tampered with. You might also want to try a scan with hitman pro.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.