Hello Bleeping! I've lurked for a while, and this is my first post. Fortunately/unfortunately, this is quite an absurd virus to 1st time post with, so I thank anyone in advance with any help.
In short, it seems a virus has "hijacked" my Google.com within Fire Fox, as well as disabling Captchas and various other features on other websites. When I do a google search, legit results are delived, but every link is a redirect of some sort. Also, general PC performance is reduced to varying degrees.
For reference, this
topic is all I could about this problem.
I guess I'll give a more detailed rundown. FYI I'm making this post from my laptop which is NOT infected with this virus. This virus infects my desktop.
Desktop Computer Specs:
Win XP Home Edition (5.1, Build 2600)
AMD Athlon 64 Processor @ 1.8 Ghz
1 gig of ram
GeForce 7800GS AGP w/ 256mb ram
I certainly have Service pack 2, not entirely sure about SP3
Two nights ago I'm using my computer, all is well, and I must have visited some website only for a split second (as i cannot remember anything out of the ordinary) and my computer just slows to an absolute crawl. I am forced to shut down. Next day, computer seems to be running better, but it starts lagging too much, so I run a full chkdsk (with repair bad sectors) at start-up on my main drive -- drive is totally clean. I update Malwarebytes anti-malware, and perform a quick scan, which takes about 5x longer than normal. Zero objects infected, no issues found.
I open Firefox / Google to do a search, and I'm getting redirected... a bit of relief as at least i know it's a virus and not a problem with any of my hardware or software. But since I'm getting constantly redirected, I realize this virus is unlike the last redirect virus that infected my machine for a few weeks last year. Here's what I've discovered:
-when loading Google.com, status bar indicates a connection to the IP of 22.214.171.124. Obviously, this is not normal. Also, when I hover over the "Sign in" link at the top right, an abnormal link appears -- https://accounts.google.com/ServiceLogin?hl=en&continue=http://126.96.36.199.
What the hell is that second IP? Also, please dont visit these links... i dont want anyone else to get this.
-When doing a search, normal results appear (wikipedia, etc.) but every link is worthless redirect.
-Captchas seem to be universally disabled. For example, I could not register for BleepingComputer on the infected computer because the qustion / answer verification captcha was instead an ad for Pizza Hut. Captchas are also just non-existant on other sites, like depositfiles.com -- when i try to download something, the usual captcha just doesnt show up there the 60 second delay. I'm not sure about general Java / Flash when browsing, the computer runs almost too sluggishly to really experiment with that stuff.
Yesterday, I try to do a system restore within the normal XP environment. It simply will not perform the restore. I shut down and go to bed.
This morning, I start in safe-mode and do the restore to about a week earlier. System restarts, all is well -- computer runs at normal speed, the real Google page is back, captcas are present, I think I'm home free. But after about 15 minutes, i notice a missing captcha on a website. Virus has reinstalled itself, computer back to running at a crawl.
As I type this, I'm doing a full-scan on drive C: in an up-to-date malwarebytes anti-malware, which is sure will not find any problems. I also plan on running Crap Cleaner after this is done, with a registry cleanup... not sure if that's a mistake, but it's never hurt me in the past.
Please help Bleeping, this virus is from hell. Thank you!!