ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How I Fixed The Computer Virus That Hijacked My Web Browser

Updated on October 17, 2014
Source

DISCLAIMER:

This hub describes a recent problem I had with malicious code that hijacks your web browser and redirects your searches to unwanted web sites. I was able to fix the problem due to the generosity of several web pages that provided information and links to software. I am using a home built system running Windows XP as the OS and AVG Premium as my anti-virus software. I do not guarantee that this will work on your system. I assume no responsibility for the success or failure of this information. I strongly suggest you do your own research on your specific problem and system. This is simply, my story.

The Internet has become a staple in all our lives. We use it for everything from keeping in touch with friends and family to scientific research. Like most things in life, the Internet also has it's problems. Actually, the problem isn't the Internet; it's people who write code to spread viruses through the Internet. Once infected, we can spend days (and lots of money too), trying to restore our computers and recover important files. This is the story of my most recent attack and how I resolved it without spending a dime.

A few days ago, I started having problems with Google searches. I would type a phrase in a Google search box and the expected list of links would appear. When I chose the appropriate link and clicked on it, I was re-directed to a web page other than the one I was expecting. At first I thought I had just selected the wrong link so I repeated the search with the same outcome. But, I was re-directed to a different web page.

In the beginning I thought Google had a problem so I switched to Bing for my search. The result was the same. That's when I realized that something was wrong. Very wrong. A quick try at Yahoo confirmed that my search engines had been hijacked. Now, I had to figure out how it happened and how to fix it.

I should probably mention another phenomenon that occurred during this time. My audio system that is attached to my computer (separate speakers and sub-woofer) began intermittently playing radio, complete with commentary and advertisements and, sometimes in Spanish. For those that might wonder, I too thought that I might have left the setting for wireless radio enabled on my router. I checked that first and it was not enabled.


Security

I am currently using a paid subscription for AVG as my Internet security protection. I started using the paid version a couple of years ago when I was hit with a virus. AVG Tech Support was awesome and helped me clean my computer up at no charge. Well, it's a new day and there is a new sheriff at AVG.

I ran a full scan with AVG and discovered that I had acquired a root-kit virus with a hidden file. AVG was able to tell me I had a virus but it could not fix it because of the hidden file. Being somewhat computer savvy, I started my hunt for this bug. I poured through each and every file in my Registry. Nothing. I checked msconfig and my windows system files. Nothing. At least nothing I could see. The image below shows the result of my AVG scan. It showed:

  • file name: <unknown>
  • infections: IRP hook, \Driver]atapi DriverStartIo -> 0x8ABB22E2
  • result: Object is inaccessible

AVG could not quarantine or remove the file.

Other Factors

I had recently set up a new wireless network, with a new Netgear WNR2000v3 router and a Roku infrared device to stream my new Netflix subscription.

My first thought was that I had not secured my wireless router somehow so I called Netgear Tech Support. The router documentation claimed a lifetime warranty with free support for one year. It's all in your interpretation I guess. The Netgear tech was incredibly friendly and assured me that by the end of the call, I would be smiling again. Ha! It did not happen. After spending four hours on the telephone, I was informed that Netgear could fix my problem at a cost of $169.00. That wasn't going to happen. Next, I was offered a software package that could be downloaded to my computer for a cost of $39.00. It would allow me to clean up my Registry files. After explaining that I wasn't paying for support, I disconnected the call.

My next call was to AVG. I figured I was paying for the better version and tech support. Surely they would help me fix this. Same story; different call. The AVG support tech informed me that AVG would charge me $199.00 to remove the virus. I just laughed and told her I would not renew the paid subscription and would simply start using the free version, since paying did not get me any support.

It was at this point that I realized I would have to solve this on my own. So, it's back to Google where I discovered that I could copy and paste links into the address bar and not get re-directed. It took a few hours but I finally found the answer. A relatively unknown web site, Bleepingcomputer.com provided the answer. A quick search of their forum instructed me to download and save the following programs (all free) to my computer:

  • Rkill
  • SDFix
  • TDSSkiller
  • Malwarebytes

The instructions were to run each of these programs in the order listed. I ran each one and was impressed at how quickly they all ran. In less than an hour, the IRP Hook virus was gone and no longer found on a new AVG scan. I am now virus free.

Follow Up

I am now slightly more paranoid than before but I've been here before too. Those days or weeks immediately following a virus attack always seem to keep us a little sharper, more aware of the sites we click on. I am incapable of understanding the satisfaction that hackers or coders get from writing malicious code. What I am though is extraordinarily grateful for those that share their knowledge and software at no cost. They are the unsung heroes. Thanks guys !

© 2012 Linda Crist

Comments

Submit a Comment

  • galleryofgrace profile image

    galleryofgrace 

    6 years ago from Virginia

    Not meaning to burst your bubble but AVG is absolutely the worst . The problems were probably placed there by AVG. AOL used to do the same thing when Iused them years ago. They place these in the hopes that you will contact tech support and they can make sales. AOL used to go in and slow down your system so then they would start sending you offers to speed up your system. Of course all they had to do was get out of your computer and make you pay for it.

    I will never ever trust AVG or AOL.

  • lrc7815 profile imageAUTHOR

    Linda Crist 

    6 years ago from Central Virginia

    Thank you ilcustompc3.

  • profile image

    jlcustompc 

    6 years ago

    you have a spelling error in your security section in the first line right after the link to AVG. "Security

    I am currently using a paid subscription for AVGf"

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)