The removal of the redirect virus can be extremely difficult and in some cases impossible.
The virus can infect different parts of the system; it can change system files, system libraries and replace programs. In some instances it has infected system firmware resulting in hardware having to be replaced.
The system once infected is unprotected from other malware which can just be an annoyance; however it can also lead to stolen data, such as passwords or credit card information.
Manual removal can indeed remove this virus but as you can see, not only can it hide anywhere on your PC, it can continually add more malware, and use more system resources for its own purposes. The infected PC can also act as a zombie computer sending out spam emails. Recently zombie computers have been used in denial-of-service attacks.
Denial of service attacks happen when the target machines are saturated with external communication requests, slowing the system down so much that the site crashes, this type of attack was used recently on large commercial sites such as Amazon.com, MasterCard, Visa and PayPal.
Remember you do this at your own risk
Begin by booting up your PC in safe mode this ensures that only windows basic processes will start.
Next you need to check your PC's Local Area Network (LAN) settings. This is to ensure that the redirect virus is not using a malicious proxy server.
Internet explorer.
1: Open internet explorer.
2: Tools, Internet options, connections.
3: Click on LAN settings.
4: Make sure that you use a proxy server for your LAN is unchecked.
Firefox.
1: Open Firefox.
2: Tools, options, advanced, networks, settings.
3: Make sure that no proxy radio button is selected.
if you are using other browsers the methods may vary slightly.
Next you need to check your Domain Named Server (DNS) settings.
(DNS basically acts as a database mapping domain names to IP addresses the redirect virus can change these settings sending you to malicious sites.)
1: Start.
2: Control panel.
3: Network connections.
4: Right click local network connection, select properties.
5: Highlight 'Internet Protocol. (TCP/IP)
6: Click 'Properties' in the next window ensure the option 'Obtain DNS server address automatically' is selected.
Next Windows Hosts files settings need checking.
Simply put, Windows Host files are a PCs local Domain Name Server (DNS) and settings can also be changed by the redirect virus.
Host files are standard text files and can be found in c:windowssystem32driversetchosts
When prompted as to which program you want to open this file use a text editor such as notepad or Word Pad.
The Host file should contain the IP address 127.0.0.1 local hosts. If there are other entries in the Hosts file remove those entries.
If you are nervous at this point you can always keep a copy of the text file and reinstate it should you have problems.
The redirect virus usually adds itself as a service so we need to disable it.
DO NOT DELETE IT
to do this go to Start, control panel, >System>Hardware>Device Manager>View>Show Hidden Devices
Look for Non-plug and Play Drivers' expand the option (the + sign) then look for 'TDSSserv.sys' and disable it. The reason you do not delete it, is simply that you will then have to reboot your system thus reinstalling it
Reboot and scan your system, with an anti-malware scanner. Such as Malwarebytes, And a final clean up with CC cleaner to remove any debris left by this rootkit virus.
Finally create a restore point in system restore.
I hope that these suggestions have worked and the virus has gone, if not the next options is to try a guaranteed fix, which is not free, but at least you get your money back if the fix does not work.
At this point your next course of action will probably be a complete reinstallation of your system.
Luke Clayhill is a writer who specializes in redirect viruses.
You can check out his latest website at googleredirectvirus
where he provides information on rootkit viruses including tips on avoiding the redirect virus
7 Tips to avoid redirect viruses
whereby the original author's information and copyright must be included.
No comments:
Post a Comment