Am I dealing with a virus here?

[biff]

Over at my sister-in-laws and she asked me to look at her toshiba lappy. It wasn't doing much of anything and they couldn't get it to boot. I muddled around with it and got it booting just fine but TBH I really never found the exact reason for the problem. Though I'm not sure if this is related to the problem I'm asking about or not.

They run IE and using the computer there was a bunch of junk an popups coming up but it doesn't look like popups should (if that makes sense). Wanting to do my own surfing without all the extra crap I wanted to install google chrome - since all my bookmarks will be there, etc.. According to IE everything 'google' is dead and I get a 404 error with a "nginx" signature below that. Finally found it from another site and got a clean chrome going and it still has the same popups and all google sites are still dead. Looking at the address bar where google appears to work in IE shows the is an extra bit, shows as "https://encrypted.google.com/". Never seen that before. FWIW google works just fine on any other device in the house.

I thought maybe AVG was acting up. I put in on here a while ago before it got all bloatty, so I uninstalled it and put on MSE. Its what I use for the time being as it seems fairly clean. Anyway, it shows it installed and does a scan and shows nothing but it also doesn't show in the taskbar on the lower right and TBH I cant find anything of it to show it ever really installed. I tried a free online malware scanner and it installed and scanned and showed there were about 6 instances of trojans and worms but when I go to clean it asks me to purchase it. So hard to say I trust it found anything real as it just may be a ploy to purchase their software. I downloaded an MS malware scanner and when I click on it to install it doesn't do anything.

So opinions? Is it some malware/virus or is there some other direction I should be looking?

[enaberif]

ComboFix that sucker. Sounds like you probably got something installed and it changed your proxy settings. So go into Control Panel -> Internet Options -> Connections -> LAN Settings

Make sure you proxies are set.

[Galcobar]

Check Task Manager -- bet you'll find processes running which shouldn't be there.

I would suggest to use another computer to download and install Malwarebytes to a USB drive, then take that USB drive to the seemingly infected computer. This way the malware, if there is any, can't block installation.

[sswilson]

First thing I'd look for would be what dns server is being used, and I sure wouldn't trust a "free" scanner that wanted me to pay money after it "found" some nasties.

[biff]

Thanks for all the responses! Makes me feel better that there is actually something going on and not just a DFU problem on my part. Now, this is kind of new territory for me. I tried googling the problem and found the suggestions for 'ComboFix' but googling that I got into that 'free' scanner which I dont trust as sswilson states. But I don't really know what ComboFix is specifically addressing. Do you have any links for me?

Also I've really not dealt with proxy or DNS settings directly so I'm not sure I would be able to tell if something is fishy or not. Also for services, again I've brushed by it a few times in the past but don\t really know what to look for. Starting to feel like a newb again. :-)

[edit]not sure I can check processes as task manager wont run[/edit]

Thanks again!

[Lpfan4ever]

Here's the link to downlaod ComboFix: ComboFix Download

And a more detailed list of instructions: ComboFix: A guide and tutorial on using ComboFix

[enaberif]

ComboFix is probably the one best free program to run in Safe Mode with Networking as they keep up to date on all the weird and strange crap out there.

Its my go to program whenever I suspect an infection of a system first.

[ilya]

Quote:

Originally Posted by biff

Also I've really not dealt with proxy or DNS settings directly so I'm not sure I would be able to tell if something is fishy or not. Also for services, again I've brushed by it a few times in the past but don\t really know what to look for. Starting to feel like a newb again. :-)

[edit]not sure I can check processes as task manager wont run[/edit]

Thanks again!

For checking DNS settings open up a command line and use "ipconfig /all"

If it's not the IP of their router/modem or their ISP's default something's probably wrong. If it's the router/modem check its DNS settings page.

Task manger not running is a bad sign though.

[biff]

Started reading the ComboFix instructions and got a couple pages in and gave up.... but that's pretty good for me. So I just ran it. It did it's thing and spit out a pretty big log file which appeared that it found a lot of stuff. I rebooted and now the browsers can actually load google.ca (or .com) and MSE is now showing in the taskbar on the lower right. Task manager works too. All good signs. Putting some stuff through it's paces now to make sure all is good but so far it looks good. So what's the cause here? was it a virus? Should I post the log file to diagnose it? Just trying to learn something so I can help prevent this kind of thing in the future.

Thanks for helping me fix this!

[Lpfan4ever]

If you posted the log I could probably get an idea of what it was.