Questions

Help Needed - "total safety"

+
0 Votes
Locked

Help Needed - "total safety"

rjkirk_50
I made the mistake of opening an email that contained a virus. It will not allow me to get to any web sites except "a total safety" and displays messages that my pc is infected and I need to buy special software to cleanse it.
My regular antivirus does not detect the problems. Is there any way I can cleanse the pc?
I would rahter not wipe the pc but will if necessary.
  • +
    0 Votes
    mjd420nova

    This sounds like a trojan infection, and the reason the anti-virus can't find the worm is because it has installed it self in the BIOS by flashing the BIOS. The first step would be to reset the BIOS to default and see if it goes away, then scan for virus again and it should get cleaned out then. Good luck

    +
    0 Votes
    scott_heath

    I saw a virus recently that basically "broke" internet access by putting entries for every major site (google, yahoo, msn, symantec, trendmicro) in the hosts file and directed it to an IP of their choice or just a dead ip. Check under C:\windows\system32\drivers\etc and open the hosts file just to double check. Could be one of your problems.

    +
    0 Votes
    neilb@uk

    This type of hijack works in a couple of ways. An executable file may be copied to the system32 folder and set to load at startup. Even if you fix the hijack, this file may reinstall it the next time it is loaded.

    It may have worked by installing a small web server - usually contained in a file named svchost32.exe. This usually adds all of the common addresses for Google and so on to your hosts file so, telling windows that the IP addresses for those sites is 127.0.0.1, and that's where it's webserver is listening on the localhost setting. Scott Heath's suggestion to check hosts is a good one.

    Other trojans hijack Internet Explorer's SearchHook setting with a file - sometimes named dnsrelay.dll. This redirects all search and start page settings to the webpage of choice!

    The trojan also lists the hijacker's web site in Internet Explorer's trusted security zone. Domains listed in the trusted security zone have no restrictions on what they can do. This allows that web site to have virtually unlimited access to the infected computer's file system. Check this.

    I can't be more specific for your system, unfortunately.

    Keep posting progress here and you'll find they're a helpful lot!

  • +
    0 Votes
    mjd420nova

    This sounds like a trojan infection, and the reason the anti-virus can't find the worm is because it has installed it self in the BIOS by flashing the BIOS. The first step would be to reset the BIOS to default and see if it goes away, then scan for virus again and it should get cleaned out then. Good luck

    +
    0 Votes
    scott_heath

    I saw a virus recently that basically "broke" internet access by putting entries for every major site (google, yahoo, msn, symantec, trendmicro) in the hosts file and directed it to an IP of their choice or just a dead ip. Check under C:\windows\system32\drivers\etc and open the hosts file just to double check. Could be one of your problems.

    +
    0 Votes
    neilb@uk

    This type of hijack works in a couple of ways. An executable file may be copied to the system32 folder and set to load at startup. Even if you fix the hijack, this file may reinstall it the next time it is loaded.

    It may have worked by installing a small web server - usually contained in a file named svchost32.exe. This usually adds all of the common addresses for Google and so on to your hosts file so, telling windows that the IP addresses for those sites is 127.0.0.1, and that's where it's webserver is listening on the localhost setting. Scott Heath's suggestion to check hosts is a good one.

    Other trojans hijack Internet Explorer's SearchHook setting with a file - sometimes named dnsrelay.dll. This redirects all search and start page settings to the webpage of choice!

    The trojan also lists the hijacker's web site in Internet Explorer's trusted security zone. Domains listed in the trusted security zone have no restrictions on what they can do. This allows that web site to have virtually unlimited access to the infected computer's file system. Check this.

    I can't be more specific for your system, unfortunately.

    Keep posting progress here and you'll find they're a helpful lot!