Posted 17 January 2010 - 01:56 PM
Below is how I got rid of the virus that redirects your browser when you click on a search result, and then some questions.
The most important removal parts are BOLD.
First of all, I had been on my pc (WinXP, IE8), and then left it on while doing other things around the house. When I came back, I noticed it was slow to respond, and acting funny. Then, my McAfee (provided by AT&T, with their DSL service) asked if I wanted to allow a registry change. I said "no", and had to block these changes several times. Then I got several messages saying McAfee had blocked and removed a Trojan. Well, no. I saw the red circle with the "x" in the lower right corner, and a message appeared from it. I immediately recognized it as a fake error message (One way to tell is that these almost always have typos - this one had "you" where it should have had "your".) I minimized my browser windows, and saw that I had a bright green wallpaper, instead of the photo I used to have. So I ran Malware Bytes and Super Anti Spy. Both found things and removed them (no problem removing anything). Suspecting this was a nasty virus, I even deleted every cookie that SAS found, rather than leaving ones from sites I visit often. While these scans were running, I did other things around the house. Once, while checking on the status of the scans, I saw that 2 browser windows had opened, and gone to sites that I never heard of (not porn, just odd sites). After the scans were complete, and I had restarted, I opened a browser window, and looked at my history. I had visited 20-30 sites w/o my knowledge. I picked one site, and searched it. When I saw a search result that was from bleepingcomputer or symantec, I clicked on it. It took me somewhere else. I tried searching for something simple, like "dogs". It allowed me to go to the AKC site, but only after briefly stopping at some other plane or boat site.
Also, at one point, I made the mistake of right-clicking on the "warning" window that had popped up, and selecting "close".
This caused the warning to change, and changed my wallpaper from bright green to dark blue.
So I knew I still had something wrong. I came to bleepingcomputer, and saw a link for ATF Cleaner. I downloaded ATF, saving it to my desktop (You have to save it, not just run it). After downloading it, I ran it, restarted my pc, and now everything seems fine. I never started my pc in safe mode, by the way.
Ok, so now my questions.
How did I get this?
I have a 2Wire modem/router from AT&T. I have a wireless network in my home, and my wife's laptop, my Wii, & my Xbox 360 are connected to it. Also, I recently upgraded the speed of my DSL (a few days ago), if that matters.
I recently got Xbox Live Gold, and had been playing games on-line on my 360 before I got the virus.
Could that be the cause?
If so, and my PC had been off, would that have prevented my pc from getting the virus?
Can my 360 get a virus? If so, how to get rid of it?
Also, earlier in the day, I had hooked up my new Samsung Blu-Ray player, which has internet access for Netflix, Pandora, and YouTube. So it was now also on my wireless network.
Could my Blu-Ray player have been the source of the virus? Again, if the pc had been off, would that have prevented the problem?
Can it get a virus? If so, how to get rid of it?
Is it safe to use my 360 or my Blu-Ray player on-line?
Ok, well I hope this helps people with the same virus, and maybe someone can answer some of my questions. Thanks, bleepingcomputer, for all you do.