Hi I'm Ham, new to this forum but fairly well experienced with PC's and their software and hardware repairs.I like to help people with their PC's and enjoy the challenge of fixing their problems. Lately I'm really stumped though. A friend has given me the task of cleaning up the software on his PC.
First I saw it was infected with "Internet Security 2010". My longtime faithful friend Malwarebytes was able to be updated so I did a full scan and was able to remove this insidious malware. But still I found the browser settings had been hijacked as I was being redirected as showing in the address bar to anywhere but my target.
I then ran Malwarebytes in Safe Mode but found no more. I ran A Squared free(Emisoft) in Deep scan mode over the entire HD and it found 2 Trojan downloaders(which I removed) in Limewire downloads which the owner said had been downloaded last October!!
I've also used Advanced Spyware Scanner from Iobit and it detected and removed cookies I could see had been associated with malicious internet browser redirections. I performed a lot of scans with free trusted software I use from Major geeks website and removed a lot of crap but still the browser malicious redirections occur. I even downloaded I.E. from Major geeks. Removed completely the internet explorer we had been using - saving no settings and then installed the fresh I.E. I had downloaded but still the false internet redirections occurred! I am thinking a setting within the XP registry has been hijacked, so that instead of my friend being able to go to his proper server they have overwritten that setting to redirect his internet through a proxy server which then can steer him in any direction he doesn't want. I am no expert in playing with the registry and prefer programmes that can detect for me if something is not normal within the registry. I have also tried fresh downloads of Firefox and Google Chrome from Major Geeks (which was bookmarked & never hijacked). I never imported any settings to make sure the new browser was clean but still they were hijacked as I was misdirected when browsing.
I would be interested to know if their is a fix to this problem that is not horribly complicated, or maybe it will be easier just to reformat his hard drive and start completely afresh - a clean slate with nothing hiding in the registry. I would appreciate a fix if their is one, but I know I may have to reformat unless an expert comes up with one in time. Thank you for any help anyone can offer