theignorant1 Posted October 8, 2012 Share Posted October 8, 2012 Before you ask, I've already searched and tried all of the possible solutions I could find... In general, I try to take good care of my system. I used Norton 360 as my main virus protection, falling back on Malware Bytes if all else fails. This usually works, but lately I've been having a serious problem, and neither of them are finding anything. Basically, I've got some sort of malware that's causing IE9 to redirect me to 'livesearchnnow.com,' and god knows what else. It doesn't affect any other browsers on my system, but it still concerns me, not only because IE9 is my browser of choice, but because I don't know what else it's doing. Besides Norton, I've ran Malware Bytes, SpyBot, and TDSS Killer (someone suggested that) to no avail. It's still hapenning, and none of them are finding anything out of the ordinary. Does anyone have any suggestions of what else I can try, I really hate to do a full system restore if I can avoid it, even if it does take a little more time. Link to comment Share on other sites More sharing options...
TPreston Posted October 8, 2012 Share Posted October 8, 2012 Its probably a browser add-on go to manage add-ons and disable it there (you can get its file path from the more information button) Cloud also be a hosts file or dns redirect Link to comment Share on other sites More sharing options...
Marshall Veteran Posted October 8, 2012 Veteran Share Posted October 8, 2012 Read here on the details of the virus and removal instructions... http://blog.teesuppo...com-completely/ Regards Link to comment Share on other sites More sharing options...
theignorant1 Posted October 8, 2012 Author Share Posted October 8, 2012 Read here on the details of the virus and removal instructions... http://blog.teesuppo...com-completely/ Regards Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else. Link to comment Share on other sites More sharing options...
Marshall Veteran Posted October 8, 2012 Veteran Share Posted October 8, 2012 Thanks for trying to help, but all of the file names it mentions are just [random]. They could be anything - how do I pick those out from normal system files (digging into the guts of software tends to reveal a lot of gibberish filenames)? I tried the video on that site, but it's talking about something else. Try the removal tool designed for this specific piece of malware... http://cleanspywaren...val-how-to.html Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's? Edit: Also try removing via Superantispyware Link to comment Share on other sites More sharing options...
theignorant1 Posted October 8, 2012 Author Share Posted October 8, 2012 Try the removal tool designed for this specific piece of malware... http://cleanspywaren...val-how-to.html Btw, is this a typo "livesearchnnow.com" or does your malware have this exact name, with two N's? Edit: Also try removing via Superantispyware Yeah, I'm sorry, that's a typo :blush: But anyways, I'll try the spyware link you sent me. And just to clarify, I'm not having any of the scareware effects the links mention, like the fake AV. Just the redirects, and even then only in IE, and only in search engines. If I do a search and click on a link, about 50% of the time I get sent to a random IP address (they're different most of the time, or I would try blocking them), and then redirected to the LiveSearchNow site. This doesn't happen outside of a search engine, and I've checked and I have no unusual plugins or toolbars :( I really hope I can get this straightened out, I really appreciate that you're trying to help, it's just that I'm trying everything and nothing can find it. Link to comment Share on other sites More sharing options...
Marshall Veteran Posted October 8, 2012 Veteran Share Posted October 8, 2012 This might go without saying but, have you checked under Addons if livesearchnow.com didn't add an entry into Search Providers? Edit: Have you also ran Ccleaner? Link to comment Share on other sites More sharing options...
theignorant1 Posted October 8, 2012 Author Share Posted October 8, 2012 This might go without saying but, have you checked under Addons if livesearchnow.com didn't add an entry into Search Providers? Edit: Have you also ran Ccleaner? Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient! Link to comment Share on other sites More sharing options...
Marshall Veteran Posted October 8, 2012 Veteran Share Posted October 8, 2012 Yep, done and done :( I'm in the process of running some of the spyware software you sent me, I'm doing full scans so it'll take a whole, and it's getting late here, so I'll let you know how it goes in the morning. I kind of wonder if its just a partly functional remnant from a larger infection (this started last night, but I was certain I had removed it until this afternoon). Do you think that only the redirect part could still be running? On the other hand, the sites it redirects to are full of ads, so maybe it's just a scam to get ad views, since there's no ransom ware going on here. Thanks so much for trying to help me and being patient! I'm far from the most savvy computer user here, but I can hold my own. Hopefully @BudMan or @sc302 will get you in the right direction, considering they're security experts. Link to comment Share on other sites More sharing options...
Az.mak Posted October 12, 2012 Share Posted October 12, 2012 Have you tried HiJack This and see what it finds for you? You can get it at SourceForge http://sourceforge.net/projects/hjt/ Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted October 12, 2012 MVC Share Posted October 12, 2012 Have you tried running IE with addons disabled? Also make sure your DNS servers haven't been tampered with. You might also want to try a scan with hitman pro. Link to comment Share on other sites More sharing options...
Recommended Posts