New virus redirector 209.85.171.79

[Nodscene]

Just wondering if anyone else has come across this yet. I have a clients computer that get's redirected when clicking on a google link. Usually only happens every 3rd or 4th time. Doesn't seem all that harmful right now (although it doesn't let you run regedit), but it's hidden so well that nothing is picking it up right now. So far I've used....

Superantispyware
Combofix (and other like it)
Windows Live One Care
Malwarebytes
Hijackthis

Programs like combofix will not even run, even in safe mode. All antispyware/virus programs will not download their virus definitions (either it can't establish connection or will outright crash.), so I've had to download them from another computer to usb stick and then install the definitions that way. Not one program has picked up anything. I hope this doesn't become prevalent as there doesn't seem to be any solutions right now.

I'm basically stuck reformatting and reinstalling their computer. Not too good for the clients as that usually involves a few hours at least.

So for those who have clients in a business establishment you might want to tell them to be extra carefull!

[sswilson]

Where are they being redirected to?

[Squeetard]

That's not a virus, that's malware/spyware. Try the f-secure online scan tool.

F-Secure Support pages: F-Secure Online Virus Scanner

That gets all the stuff others miss.

[Nodscene]

I know it's technically not a virus but it's just easier referring to it like that :)

Yeah, I might try F-Secure. Nothing to lose at this point.

It's being redirected to random sites. It almost feels like it's a test run before the big one drops.

[Squeetard]

Antivurus will never have an andidote for spyware like that. Gotta look to the adaware and search and destroy apps. That scan tool does both, very handy. I also like to boot into linux via cd and look around in windows, you can find the hidden stuff and delete it.

[enaberif]

Quote:

Originally Posted by Nodscene

I know it's technically not a virus but it's just easier referring to it like that :)

Yeah, I might try F-Secure. Nothing to lose at this point.

It's being redirected to random sites. It almost feels like it's a test run before the big one drops.

Referring to something that its not is bad practice if you commonly work on peoples computers.

Either install MalwareBytes or Super Antispyware and it'll fix it.

[gingerbee]

spybot yes has always work for me

[enaberif]

Quote:

Originally Posted by gingerbee

spybot yes has always work for me

Spybot and Ad Aware are gone of the days of the dodo since Malwarebytes and Super Antispyware have come out.

Both of those do a better job than Spybot ever could.

[element291]

Quote:

Originally Posted by enaberif

Spybot and Ad Aware are gone of the days of the dodo since Malwarebytes and Super Antispyware have come out.

Both of those do a better job than Spybot ever could.

I'd say Malwarebytes would do the trick as well.

Hehe yesterday at work, I got a popup saying that my computer may have serious virus's and i need to download their spyware tool... then it took me to one of those fake pages.

I found it quite funny that our citrix network has spyware/adware on it.

[Nodscene]

Quote:

Originally Posted by enaberif

Referring to something that its not is bad practice if you commonly work on peoples computers.

Either install MalwareBytes or Super Antispyware and it'll fix it.

Speaking of bad practice, if you would have read the original post you would have seen that I've already tried those and came up with nothing. Or did you just come on this thread to complain?

So anyways, even F-Secure came up blank. Looks like I'll have to image another comp put it on the infected computer.