Thursday, 1 September 2011

Anti-Virus Removal – Browser Redirection (Solved)

The virus was in a pop-up entitled “PC Repair”. The user was scared by the pop-up which looked like a very genuine Anti-Virus scan. It showed numerous infections and the easy way out was to click the repair button. The virus disabled Task Manager, Hid all the Desktop Icons, the Start Menu items, the Taskbar, and said that my remote control software, CentraStage, had been disabled. It also cleared all valid Restore Points and set some invalid Restore Points.

I could see from the history that MSSE did catch the initial infection but the user was confused by the believable PC Repair notice. I booted to safe mode and MSSE was able to remove parts of the virus but I was left with Browser Redirection to random advertising and sales sites. Turns out that this was caused by a TDSS RootKit which I was able to remove with TDSSKiller from Kapersky.

I failed to find the rootkit with the following spyware / AV programs:-

1. SpyBot
2. SpyDoctor
3. MalwareBytes
4. HijackThis
5. ComboFix

I found and removed the virus with TDSSKiller from Kapersky. I also found the virus with Hit Man Pro but they wanted a subscription in exchange for virus removal. Hit Man Pro would have been worth it but TDSSKiller is free.

No comments:

Post a Comment