Well I got my first virus on this computer of many years. Very, very annoying. I'd love to have 5 minutes alone with the people who make these. Anyway, it doesn't seem that bad. All it does is mess up my browsers. Can't go to many websites and any results I click in Yahoo or Google take me to some random weird advertising sites. Spybot detects things, but does nothing when it says it has removed them. Any ideas?

I mean these little things annoy the hell out of me. For some reason I can go to ESPN.com. BUT, I can't go to Mets.com or Phillies.com.

What an annoying day. Everything is great then I go to watch the Phillies and the CW15 is airing a meaningless Yankees vs. Orioles game. Arg.

Get Hijack this! It will identify rootkits. Helps to know which registry files are crucial however. You don't want to delete the wrong one!

Run avast or AVG in safe mode.

Run BitDefender Online in safe mode as well:
http://www.bitdefender.com/scan8/ie.html

if you can't get to DL websites, get a virus scanner setup file on another computer's connection, slap it on a flash drive or burn it to a disk, and then install it on your computer, run it.

I can't really get to these websites to do anything. Some work, some don't. I can come here, Youtube, random other places. It changed my background as well. I don't know, no System Restore points either...

Then you're going have to do what Sord suggested and get the stuff I suggested from a different computer and burn it to a cd.

What OS are you running? Stuff like that you can usually clean yourself if you know what you're doing. You can always boot into Safe Mode and remove the process.

Run MalwareBytes and then open your HOSTS file and delete all of the entries except for:

127.0.0.1 localhost

Do a system restore to before it happened if you have to. If you know what you're doing, hijack this or just finding the program in safe mode works.

I am running XP.

Just got Malwarebytes...how do I do the other thing? I have a computer downstairs for other purposes so I can send .exe through AIM. Hope malwarebytes works. Oh yeah, Safe mode...what F key is it again?


Also...I have no points to restore to in system restore.

Hit F8 just as windows first starts to load. That will take you to a menu where you can choose which startup method you want. You'll want to shut off your system restore points while you're removing the virus, even if you can't use em. Turn them back on after you've verified that your system is clean.

Your HOSTS file should be in C:\Windows\System32\etc

That's what you get for looking for porn on google. xD

I'd definitely recommend turning on system restore to at least one restore point a week. Most things you're able to fix on your own without too much trouble, but it doesn't hurt to be safe.

Hit F8 just as windows first starts to load. That will take you to a menu where you can choose which startup method you want. You'll want to shut off your system restore points while you're removing the virus, even if you can't use em. Turn them back on after you've verified that your system is clean.

Your HOSTS file should be in C:\Windows\System32\etc
Close :-P it's in
C:\WINDOWS\system32\drivers\etc

You will need to go into Folder Options and make sure you have Show Hidden Files and Folders checked first though (or you could just copy and paste the path into any Windows address bar lol.) MalwareBytes should correct any browser-jacking but I still recommend cleaning out the hosts file anyway.

That kind of virus you dont need a program to fix it. All you need to do is modify your lmhost file.

That's what you get for looking for porn on google. xD

No no, wasn't that. I appreciate the help dudes and ladies. I managed to eradicate it with Malwarebytes.

That kind of virus you dont need a program to fix it. All you need to do is modify your lmhost file.
Actually, it depends on the infection (btw most browser-jacking infections aren't really virus related.) Modifying the lmhost file won't do anything to remove the actual dll's and exe/s that will still be infecting your system which is why something like malwarebytes is needed. Also lmhost applies to net-bios name resolution only and not dns name resolution. Net-bios allows applications on a LAN to communicate, it has nothing to do with site redirection and in fact is NEVER used by Windows anyway unless the .sam extention is removed (otherwise it is ignored) and unless the user specifically removed the extension (which is doubtful unless you're a network Admin or something and have a reason to do so) there is little chance of that.

It's been a while but had a similar problem about 5 years ago. Symantec and Ad-Aware didnt detect any problems but any time I went to Google, it redirected me to some SPAM site.

I deleted lmhost or some file, rebooted PC and problem went away.

It's been a while but had a similar problem about 5 years ago. Symantec and Ad-Aware didnt detect any problems but any time I went to Google, it redirected me to some SPAM site.

I deleted lmhost or some file, rebooted PC and problem went away.
It would have been the HOSTS file that the instructions would have had you remove. Although, complete removal isn't really needed if you just clear out all of the entries except for local host, but either way will work :)

I wouldn't recommend Hijackthis! unless you REALLY know what you are doing in your computer