Redirect virus, backups and networks

I hope this is the correct section of the forum to post this.

To get out from under this nasty redirect virus that bunches of people here seem to have, I formatted my hard drive and reinstalled Windows XP Pro. I had backed up my important files in a single folder and transferred it to my wife's computer, which also runs XP Pro, via our home network which uses a D-Link DIR-615 router. After the formatting and the reinstall, I brought the stuff I had backed up onto my computer, again via the network. I went on line to download Mozilla Firefox from download.com so that I could download antivirus software and similar cleaning programs without having to use IE. Once I had Firefox installed and ran it, I discovered that I either still have the virus or I got it again. I installed the NoScript add-on in Foxfire and while it keeps the redirections a bay, it can be difficult for a lay person like me to understand. Plus, I still have the virus and I still may be infecting others without my knowledge.

My questions are, can this virus be lurking on the network or in my backup folder? If so, is there any way of backing things up while preventing the virus from becoming active? Is the format going deep enough? I was quite surprised to find that my audio drivers were already installed when the computer booted for the first time after the format. I have an older sound card that I dearly love and I had to locate and install the drivers for it the first time the computer ran but not after the format and reinstall. Oddly enough, I did have to reinstall the network drivers. Anyway, and and all help would be greatly appreciated. I've been here so much these last few weeks, I feel like I should pitch a tent.

An editorial comment: It's a shame that Firefox seems to have become a victim of its own popularity. I dislike IE and Google Chrome has a long way to go before it's my every day browser.

Hello, reinfection is possible from the back ups.

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Hello boopme. You've helped me in the past. I only backed up mp3s, docs, txts, jpgs and bmps. From the evidence I provided, could the format be at fault? Might it not go deep enough? I was really concerned when I realized that I still had the virus and my drivers were already in place after the format.

Hello again, Yes that is also possible.
The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

Thank you again boopme for the help and suggestions. A low level format it is. I've already downloaded Darik's Boot And Nuke, (love the name. I also loved the reviews I read on line), and I'm in the process of backing things up again. I have the day off tomorrow so here goes. Do you want to close this thread or do you want me to report back on the outcome?

Not to butt in but is there a way to get rid of this virus without reinstalling the OS

I am running XP and Winddows 7

Rob

Edited by robert1957, 04 October 2010 - 07:14 PM.

We'd like to know all is good It help me get byond insanity

I'm back, but not without problems. Sorry it took as long as it did. As they say, God laughs while man makes plans. I downloaded Boot and Nuke 2.2.6 but it would not run after twelve failed attempts, ("configuration file not found". Their forums said to just keep trying and that it would eventually work. Wrong!). I found an older version, 1.07, at Downlaod.com and was able to run it successfully. I chose the "Autonuke" method and ran it. That may have been a mistake. When my computer booted for the first time, my drivers and other settings were in place. Not good. Plus, I'm still being redirected. This virus, malware or what ever you want to call it is just NASTY! I'm going to do the whole thing again, only this time I'll see if there's a deeper format to choose from. Maybe there's a flamethrower or sandpaper setting. I'll report back with the results of attempt #2. Explain to me if you would; just how does someone get beyond insanity?

The IT guy where my wife works suggested wiping out the personal profiles and setting up new user accounts. Have ever you heard of this method? It sure seems entirely too simple to me.

You must admit, the person who created this virus is quite good at what he does. I'd like to shake his hand and congratulate him while they're strapping him to the table for his lethal injection.

Edited by straightupwv, 10 October 2010 - 06:59 AM.

Explain to me if you would; just how does someone get beyond insanity?

Well we had a meeting and the other 3 insige my head said we should keep it a secret

The IT suggestion could be a possibility but if the MBR (master boot record) is what's infected it won't help. Probably the best thing to do now is post a DDS log and see wher the infection is and get it out safely.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

You must admit, the person who created this virus is quite good at what he does. I'd like to shake his hand and congratulate him while they're strapping him to the table for his lethal injection.

I agrre ,just be certain they didn't get the electric chair.

I've successfully run DDS and Gmer and posted the logs at the Virus, Trojan, Spyware and Malware Removal Logs section as you suggested under the title "DDS and gmer logs as instructed by boopme". I do have another question before we close this thread. The Windows Repair Console has a FIXMBR command to rewrite the master boot record. Would doing that help at all or am I just now thinking of something that others have unsuccessfully tried in the past? I'm very good at that. I've also registered at the Boot and Nuke forum to see if I somehow messed that up or if there's a better way to run it.

On a personal note, I want to thank you for all of your help. I don't know if you'll be the person who will help me in the other section or not but I wanted to let you know how appreciative I am. I've been in the customer service industry for 26 years. You've done your best to get me out of a situation I probably put myself into and you've treated me with respect. It doesn't get any better.

That is a possibilty ,but we have not yet confirmed an MBR infection. The DDS log review will tell you.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Edited by boopme, 11 October 2010 - 09:26 AM.