Trying to sort out my grandfather's computer which he said has been acting slowly on the internet recently. Thought it was all fine at first but something isn't right with it.

 

When clickig links in Google/Bing most of the time it takes you to a random website with some advertising or iduplicate.us appears in the address bar then goes back to the search results. This is happening in IE and Chrome and it also has Firefox installed but that won't run at all.

 

So far I've run Spybot S&D and SuperAntiSpyware which found some stuff but hasn't fixed the problem.

 

Any ideas what else to look for or other software for removing crap?

Its still infected. I use malewarebytes usually. Sometimes its in the proxy settings that they mess with things. Id check there as well.

this guy seems to have fixed a similar problem ~

http://www.geekstogo.com/forum/topic/225299-browser-google-hijack-issue-solved-by-following-malware-removal-guide/

I'll try Malwarebytes and see what happens. That seems to be what John's link fixed a similar issue with too. Nothing in the proxy settings. It seemed ok yesterday when I was looking for Spybot and SAS but today it's not working well at all.

Aye, I've used malwarebytes in the past and it's always served well, that combined with spybot and CCleaner makes for a fairly tidy system.

Thanks all. Malwarebytes is scanning the computer at the moment so hopefully that will get things back to normal. If not I'll have a look at that malware removal guide.

If you can find the .exe name of the process (providing it's not disguising itself as iexplorer or something equally inncocuous) then you could try googling that, there's loads of removal kits available for specific malware.

Hmm. Malwarebytes didn't detect anything dodgy. I've looked in the task manager and not noticed anything out of the ordinary so there's ether something not running or hiding itself well. This could be fun to sort out :(

I haven't had much luck lately getting those things off, I usually just back up the data and reformat.

Anything strange in the msconfig startup?

A couple of things which I have disabled in the past, nothing new. I disabled all of the startup items yesterday just to be sure.

 

Running through a malware removal guide now and combofix.exe has found a .sys file patched with a rootkit. It's rebooting now so see if it helps.

 

I wish it was easier to switch between VGA and DVI on my monitor.

rootkits blow. Good luck!

Great things aren't they? This is the worst infection I've dealt with since my parents computer had XP Antivirus 2008 on it. I'm sure at some point I'll have to sort out Sian's grandfather's PC which is running sooooooooo slow for some reason. It's a Vista machine which used to work fine but literally takes about a minute to load IE and trying to browse websites is unbearably slow.

I think Combofix has sorted the problem. It found a few rootkit infected files and now links in Google/Bing go straight to the correct website. Wonder how me managed to bugger it up so well.

Good deal, glad you got it fixed!

Me too :D

Oh, FFFF!

 

I just sorted out my grandfather's PC and now my dad just rang to say his computer isn't letting him do anything. I've just remote desktoped into it (surprised it let me change the settings to do that) and it has Win 7 Antispyware 2012 (it's from the future) blocking most things from running and being a total nuisance.

 

This is the second time I've had to sort out this for them now. The last one was XP Antispyware 2008 which did a very similar thing and was a total nightmare to sort out.

 

Grrrrrr!

http://www.ubuntu.com/download/ubuntu/download

(Seriously, for anyone who doesn't play games and uses their PC for web/email/office stuff, you really may as well. Firefox/Chrome, Thunderbird, Libre Office and you're away)

:D Good idea. There can't be much/anything that they do that wouldn't work with that.

^___^

(Or maybe Mint if you think a more windowsy interface would be better: http://www.linuxmint.com/download.php )