Posted 06 October 2011 - 01:43 PM
So here is the run down on what happened this week.
I attempted to download a plug in for photoshop...like an idiot, without ensuring a secure site, I got "trigger happy" and thus infected my computer with the Windows Recovery virus.
My first step was to use my COMODO Time machine and set myself back to prior to the download. This reinstated my desktop.
I then ran my Avira antivirus...found something called wheeloffortune which I removed as I know that to be a known virus and I have no such "game" on my computer.
I ran CCleaner and downloaded MalwareBytes and the SuperAntispyware portal...minimal infection...quarantined and deleted all files questionable.
I tried Hijack this and the only thing that popped up was my COMODO time machine which I read to be an issue with the preventative software. No other Roolkits were detected.
After multiple runs I thought I had rid myself of the issue. Then noticed a scripting error in iexplorer. This trojan is now enabling constant rerouting. Simply, I can place a legitimate inquiry in my search bar or address bar. The results that pop up are also legitimate, however, once clicked on, I am rerouted to an advertising site instead.
Further steps, obtained Spybot, restored my internet setting to default, wiping everything (all unneeded) out of my iexplorer...ran spybot...nothing.
Tried all this in safemode with networking as well and again upon restart with my internet off.
Downloaded Rkill, ran it...then dowloaded TDSSkiller and Kaspersky, ran both...one harddrive error to be fixed upon restart. Ran CCleaner, spybot, Avira and Malwarebytes again...restarted.
Twice now, I will have a fine working internet, no rerouting...for up to a couple hours....then it starts up again.
When I go into CCleaner and view my temp internet files...even after stopping the iexplorer process in task manager...multiple files come up many ending in mevio.com.
Some AOL-kevin and various searched sites...obviously nothing I have searched for. It is almost as if my IP address was hacked or something as these are not just adsites, but other searches...could someone be secretly utilizing my system? I'm at a loss...no hidden files to be found, no proxy enabled, I am the only User defined....
Also, I have a 1TB external hard drive...can I clear my comuter of pictures onto the Hard Drive without infecting it or would it transfer. I don't know enough about viruses, trojans etc to trully understand their level of harm. I do photo editing and am a week and a half behind. Can I resume editing on this computer with the internet disabled and not have continued attack? I guess what I'm trying to inquire, it this virus/trojan JUST embeded in my internet, or elsewhere on my computer...stressing.
Please note...I am a bit computer programming illiterate...know just enough to eek my way through a problem...usually. This is the first time I haven't been able to get through the problem...grrrr
As an asside (perhaps this will trigger something...after reseting my internet, closing and reopening I am asked if I want to make Explorer9 my default computer. I was asked againin a rollup at the bottom of my sreen, I ignored both only this time...haven't been onlie long enough to know if enabling that has been where the rerouting is tied...the last two times I said yes and rerouting occurred within an hour or so...probably not related, butI'm tryinganything at this point.
Thank you for any assistance you can provide...btw, I typed this super fast with no proofreading...please overlook my horrendous typos :-)
Have a great day!!