Help please

[Howard]

This is a post I got. he is running vista. I tried him with mlleware
bytes etc , but now need someone with more brains than me. (not hard)
any positive input would be greatly appreciated.




well, earlier today i started getting redirected to websites such
as something called 7search, gomeo and even gumtree and the national
accident helpline. i have run malwarebytes, kaspersky, rkill and
superantispyware and after the first three it instead has started either
crashing or failing to load websites straight from the browser. however
if i click on cache that seems to work and also if the link appears in
my history that also means i can get on the website but not the normal
way. another odd thing is that it only happens half the time. if i
restart my computer and go on internet then it works fine but if i close
internet and open it again it just starts again and after a while
crashes. after it crashes it works again. after using super anti spyware
it found a couple of malware and 637 tracking cookies, i thought that
this may be it but after quarantining and removing them it still fails
to work properly? i have checked a couple of websites including this one
in the link bar which i think may be the problem im having but im not sure
Edit by user 26 Oct 19:04
http://answers.yahoo.com/question/index;_ylt=AnZBkWqp4kV9kxP.W0ArRSIjz ...

 

[Char Jackson]

This is a post I got. he is running vista. I tried him with mlleware
bytes etc , but now need someone with more brains than me. (not hard)
any positive input would be greatly appreciated.




well, earlier today i started getting redirected to websites such
as something called 7search, gomeo and even gumtree and the national
accident helpline. i have run malwarebytes, kaspersky, rkill and
superantispyware and after the first three it instead has started either
crashing or failing to load websites straight from the browser. however
if i click on cache that seems to work and also if the link appears in
my history that also means i can get on the website but not the normal
way. another odd thing is that it only happens half the time. if i
restart my computer and go on internet then it works fine but if i close
internet and open it again it just starts again and after a while
crashes. after it crashes it works again. after using super anti spyware
it found a couple of malware and 637 tracking cookies, i thought that
this may be it but after quarantining and removing them it still fails
to work properly? i have checked a couple of websites including this one
in the link bar which i think may be the problem im having but im not sure
Edit by user 26 Oct 19:04
http://answers.yahoo.com/question/index;_ylt=AnZBkWqp4kV9kxP.W0ArRSIjz ...

Check IE's proxy settings. It sounds like a bit of malware has
inserted its hook there. Remove the malicious proxy and remove the
rest of the malware.

 

[Jan Alter]

This is a post I got. he is running vista. I tried him with mlleware bytes
etc , but now need someone with more brains than me. (not hard)
any positive input would be greatly appreciated.




well, earlier today i started getting redirected to websites such as
something called 7search, gomeo and even gumtree and the national accident
helpline. i have run malwarebytes, kaspersky, rkill and superantispyware
and after the first three it instead has started either crashing or
failing to load websites straight from the browser. however if i click on
cache that seems to work and also if the link appears in my history that
also means i can get on the website but not the normal way. another odd
thing is that it only happens half the time. if i restart my computer and
go on internet then it works fine but if i close internet and open it
again it just starts again and after a while crashes. after it crashes it
works again. after using super anti spyware it found a couple of malware
and 637 tracking cookies, i thought that this may be it but after
quarantining and removing them it still fails to work properly? i have
checked a couple of websites including this one in the link bar which i
think may be the problem im having but im not sure
Edit by user 26 Oct 19:04
http://answers.yahoo.com/question/index;_ylt=AnZBkWqp4kV9kxP.W0ArRSIjz

It sounds from your description that the browser has been compromised by a
trojan or virus.
Running Malwarebytes in safe mode is the preferred way to look for spyware.
Lots of viral malware loads with the start-up files and cannot be found much
less deleted. So to have Malwarebytes be more effective, as the computer
starts start hitting the F8 key to bring up the Start up menu to allow you
to load Safe mode and then run Malwarebytes.
Everyone seems to have an opinion as to what virus program to run. I've
had good results using Webroot's Spysweeper. Webroot has an online scanner
that you can run free if you'd like to try it. I would temporarily shut down
Kaspersky while you run it as it might interfere with the scanning process.

http://www.webroot.com/En_US/consumer.html

Choose the free scan and see what comes up
I don't know if the scanner goes so far as to allow you to delete the stuff
but at least you'll have a better idea if the computer is infected.
If you can delete viruses restart the computer in Safe Mode and run
Malwarebytes again. I would run both a Quick and Full Scan.

 

[Fishface]

This is a post I got. he is running vista. I tried him with mlleware
bytes etc , but now need someone with more brains than me. (not hard)
any positive input would be greatly appreciated.

A couple months ago, the in-laws had a similar problem that kept coming
back. Guess what finally found it? Microsoft's Malicious Software Removal
Tool. When you run it manually, you can choose a quick scan or a more
thorough scan. The the more thorough scan turned up an infected serial.sys
file. Worth a try?

http://www.microsoft.com/security/malwareremove/default.aspx

Unfortunately, it installs itself into an obscure folder and the executable
has (I think) a three-letter file name which begins with an 'm.' The installation
didn't seem to create a shortcut to the program anywhere that I could find.

 

[Fishface]

Unfortunately, it installs itself into an obscure folder and the executable

has (I think) a three-letter file name which begins with an 'm.' The installation
didn't seem to create a shortcut to the program anywhere that I could find.

Mrt.exe in a folder on the system drive with a 26 hexadecimal digit filename.