redirect virus? root kit/kernel issue?

[infinity11]

got a jr/rdir (something named like that) virus alert from avg
Norton did not find or flag it
google was redirecting me to an ad site for every click i made on google search page results

i did a heck of a lot of research

temporary summary:
it is difficult or impossible to know if you are infected with rootkit kernel virus
there are now many new and useful tools for detecting and removing rootkit virus
the scariest thing is you NEVER KNOW for sure

and your whole system will be compromised

reformat HD is THE only real solution, fix, for peace of mind

very scary stuff indeed

scared to used that computer for anything important now

might already be compromised

who knows? could be on any or all computers you/we use

your helpful thoughts suggestions and better yet experiences here please

[KittenKong]

Try a different browser.

[manarak]

I never came across a virus that could not be cleaned, at least not after a cleaning program was published on the internet by some AV editor.

The first thing to do is of course to run proper AV protection on your computer.

[happynthailand]

download an install "Dr web cure it" (free program)

should take care of your problem

[schondie]

For Windows computers I'd recommend Malwarebytes (free) and SpywareDoctor (free) to sort out these sort of nasties.

Avast Anti Virus (free) does a better job of blocking these sorts of problems before they infect your computer.

Another way of making sure you're safe is to install Sandboxie (free) as it runs your browser in a sandbox and doesn't allow any files to get into your hard drive unless you choose to do so.

Prevention is better than cure.

Edited February 7, 2014 by schondie

[Chicog]

I would download and burn a bootable cleaner. Most of the major vendors do one.

[BAD ANGEL]

I would download and burn a bootable cleaner. Most of the major vendors do one.

yes any linux bootable should do. thorough long lasting clean guaranteed on full install. if you know how with the right one you dont even have to burn it.

Edited February 7, 2014 by BAD ANGEL

[RichCor]

got a jr/rdir (something named like that) virus alert from avg

Norton did not find or flag it

google was redirecting me to an ad site for every click i made on google search page results

It doesn't help to jump to conclusions (ie rootkit), especially when you don't even have the correct name. A 'JS/rdir' and variants are JavaScript Redirects that take up home in your browser. We've discussed them here on ThaiVisa within the past year.

As KittenKong suggests, One way do diagnose the issue and its severity is to close the problem browser and open a different browser and see if it has the same issues. If it does then either your ISP or your System Files have been modified to cause redirects. If the issue doesn't exist in the different browser then the issue is contained to the first browser.

And as Schondie suggests, scan your entire system using Malwarebytes. And once you clean your system install Sandboxie to prevent a reoccurrence. If you've been infected once and don't know the Who/What/Where/When/Why or How it happened then better to have javascript and java helper apps run in a sandbox to be safe.

Sometimes it's necessary to run the cleaner programs in SafeMode. If it's really problematic (the offending code can't be removed on a running machine or continuously respawns) then, as others have suggested, use another machine and download a bootable cleaner that can either be burned to a CD/DVD or Flashdrive and boot your machine with that and have it scan your machine.

If you run into problems, there are tons and tonnes of websites dedicated to assisting people with clearing their machines of rogue code -- and they'll do it for free as long as you're patient and willing to do exactly what they ask of you.

[infinity11]

Thanks all and yes i did not check the exact name before posting, sorry, you win one gold point.

Now i could be wrong, but i think i got it from a media file i downloaded ages ago.

I think it hidden as or in a media file.

When i was running an older version of kmp player, sometimes i would get a message that a file was not found or could not be played but the file name was a web address!

KMP is now <deleted> and hangs most every time.

Almost installed a new version but scared to do or change anything just yet.

I scanned all of my removable hard drives and the virus had replicated in quite a few places.

One drive had a suspicious folder named (dont quote me) 'recyclers' and had weird ass file names like dump/code addresses.

Someone mentioned i am jumping to conclusions and thinking the worst, yes sure i AM doing that, because after my research i read that this kind of virus can and often does go deep in the system (DSS or some root kernel name) and again please do not quote me on the proper name just yet ok???? The exact names can be fetched and found if i need de-bugging help.

I think and believe we should all be very concerned with DEEP security especially with all the online banking.

I know I am after all that i have read.

[noodle]

Ditch Norton. Stay away from porn:)

[KittenKong]

One drive had a suspicious folder named (dont quote me) 'recyclers' and had weird ass file names like dump/code addresses.

This is a perfectly normal Windows system folder connected with the recycle bin function. In common with other system folders it is normally hidden and does not display in Windows Explorer. Recycler folders are user-specific and so you may have more than one.

It may contain the remnants of viruses and virus-like files that have previously been deleted and so can be a source of false positives in scans.

As a general rule it is advisable to empty both the recycle bin and your browser cache before doing a full scan.

External drives can contain their own recycle bin data.

[infinity11]

after much thought

because you NEVER know

also because the computers are getting old

i think a reformat is in order for a fresh start

however i have never done this myself

i am loath to give it to a shop to do it because that just opens me up to more possible threats

i also do not have a reuse or recovery disc for either system

and i have never yet done this myself

what is the best easiest safest way to reformat (and maybe partition) the hard drive

windows xp and windows 7

can i down load a disc/software to format with?

is there also something called windows light?

any and all useful help appreciated thanks

[Chicog]

Depending of course on where it resides, it's generally pointless running a virus scanner for a Rootkit unless you have booted into a clean environment.

Which is why I suggested using a bootable rescue disk.

[RichCor]

[...]

i think a reformat is in order for a fresh start

[...]

i also do not have a reuse or recovery disc for either system

and i have never yet done this myself

what is the best easiest safest way to reformat (and maybe partition) the hard drive

windows xp and windows 7

can i down load a disc/software to format with?

is there also something called windows light?

any and all useful help appreciated thanks

Some PC's have a System Recovery Partition hidden on the hard drive that can be used to totally erase the booting partition and reinstall the original OS/Drivers/Software from scratch. Access to it is usually only accessible via an F-key button at power-on. Using this option will ERASE all contents of the bootable drive and set the computer up as boxed from the factory.

If your PC doesn't have a System Recovery / System Install partition then you might contact the manufacturer and order recovery discs. Otherwise, you'll need to purchase a licensed copy of a Windows OS, or decide to switch and install a Linux OS.

This option will not provide original OEM software or system drivers specific to your machine. Some but not all might be available for download from the manufacturers website.

Windows light (lite?) versions are usually referred to as Windows Home.

Make sure you've backed up or copied all the documents and settings you need/want to keep or are important prior to a System Install/Recovery.

[Chicog]

I would go with the bootable cleaner before you take the nuclear option.

[Sayonarax]

You have a redirect virus from installing free software/programs.

Scan with Avast or an online scanner and see what the name of the malware is..

Then Google the name with "removal instructions" beside it.

Next time you get software you don't know use Avast sandbox mode.

Edited February 19, 2014 by Sayonarax

[infinity11]

Win 7 does have a feature to burn your own rescue disc!

That's a start though not a reformat i presume.

Does XP have this feature as well?

[RichCor]

Better check their definition of Rescue Disc and Recovery Disc. Some are just boot and repair utilities while others create a bootable disc to do the initial out-of-the-box OS setup.

If it's a full-OS reinstall, the package will warn you if it wants to repartition / reformat or just overlay the OS onto the existing system.