How I Fixed The Computer Virus That Hijacked My Web Browser
DISCLAIMER:
This hub describes a recent problem I had with malicious code that hijacks your web browser and redirects your searches to unwanted web sites. I was able to fix the problem due to the generosity of several web pages that provided information and links to software. I am using a home built system running Windows XP as the OS and AVG Premium as my anti-virus software. I do not guarantee that this will work on your system. I assume no responsibility for the success or failure of this information. I strongly suggest you do your own research on your specific problem and system. This is simply, my story.
The Internet has become a staple in all our lives. We use it for everything from keeping in touch with friends and family to scientific research. Like most things in life, the Internet also has it's problems. Actually, the problem isn't the Internet; it's people who write code to spread viruses through the Internet. Once infected, we can spend days (and lots of money too), trying to restore our computers and recover important files. This is the story of my most recent attack and how I resolved it without spending a dime.
A few days ago, I started having problems with Google searches. I would type a phrase in a Google search box and the expected list of links would appear. When I chose the appropriate link and clicked on it, I was re-directed to a web page other than the one I was expecting. At first I thought I had just selected the wrong link so I repeated the search with the same outcome. But, I was re-directed to a different web page.
In the beginning I thought Google had a problem so I switched to Bing for my search. The result was the same. That's when I realized that something was wrong. Very wrong. A quick try at Yahoo confirmed that my search engines had been hijacked. Now, I had to figure out how it happened and how to fix it.
I should probably mention another phenomenon that occurred during this time. My audio system that is attached to my computer (separate speakers and sub-woofer) began intermittently playing radio, complete with commentary and advertisements and, sometimes in Spanish. For those that might wonder, I too thought that I might have left the setting for wireless radio enabled on my router. I checked that first and it was not enabled.
Security
I am currently using a paid subscription for AVG as my Internet security protection. I started using the paid version a couple of years ago when I was hit with a virus. AVG Tech Support was awesome and helped me clean my computer up at no charge. Well, it's a new day and there is a new sheriff at AVG.
I ran a full scan with AVG and discovered that I had acquired a root-kit virus with a hidden file. AVG was able to tell me I had a virus but it could not fix it because of the hidden file. Being somewhat computer savvy, I started my hunt for this bug. I poured through each and every file in my Registry. Nothing. I checked msconfig and my windows system files. Nothing. At least nothing I could see. The image below shows the result of my AVG scan. It showed:
- file name: <unknown>
- infections: IRP hook, \Driver]atapi DriverStartIo -> 0x8ABB22E2
- result: Object is inaccessible
AVG could not quarantine or remove the file.
Hardware Links
Other Factors
I had recently set up a new wireless network, with a new Netgear WNR2000v3 router and a Roku infrared device to stream my new Netflix subscription.
My first thought was that I had not secured my wireless router somehow so I called Netgear Tech Support. The router documentation claimed a lifetime warranty with free support for one year. It's all in your interpretation I guess. The Netgear tech was incredibly friendly and assured me that by the end of the call, I would be smiling again. Ha! It did not happen. After spending four hours on the telephone, I was informed that Netgear could fix my problem at a cost of $169.00. That wasn't going to happen. Next, I was offered a software package that could be downloaded to my computer for a cost of $39.00. It would allow me to clean up my Registry files. After explaining that I wasn't paying for support, I disconnected the call.
My next call was to AVG. I figured I was paying for the better version and tech support. Surely they would help me fix this. Same story; different call. The AVG support tech informed me that AVG would charge me $199.00 to remove the virus. I just laughed and told her I would not renew the paid subscription and would simply start using the free version, since paying did not get me any support.
It was at this point that I realized I would have to solve this on my own. So, it's back to Google where I discovered that I could copy and paste links into the address bar and not get re-directed. It took a few hours but I finally found the answer. A relatively unknown web site, Bleepingcomputer.com provided the answer. A quick search of their forum instructed me to download and save the following programs (all free) to my computer:
- Rkill
- SDFix
- TDSSkiller
- Malwarebytes
The instructions were to run each of these programs in the order listed. I ran each one and was impressed at how quickly they all ran. In less than an hour, the IRP Hook virus was gone and no longer found on a new AVG scan. I am now virus free.
Follow Up
I am now slightly more paranoid than before but I've been here before too. Those days or weeks immediately following a virus attack always seem to keep us a little sharper, more aware of the sites we click on. I am incapable of understanding the satisfaction that hackers or coders get from writing malicious code. What I am though is extraordinarily grateful for those that share their knowledge and software at no cost. They are the unsung heroes. Thanks guys !
Software Links
- Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and t
- Anti-rootkit utility TDSSKiller
Anti-rootkit utility TDSSKiller - Free Download: SDFIX.EXE Virus Removal Tool
SDFix is a free utility to remove thousands of known viruses such as trojans and worms. Just download it and run sdfix.exe and it will scan your system and remove any infections that it finds and will produce a detailed report describing it's actions - RKill Download
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes
Need a back up?
© 2012 Linda Crist