Is my laptop infected?

[Kantastic]

My laptop has been acting weird lately. Some webpages don't load, some redirect me, and I can't seem to do Windows Update or any antivirus software updates. I took the hard drive out and scanned it in another computer with MalwareBytes (3 trojans, all cleared, rescanned to be sure) and I still can't do any form of updates on the laptop.

I'm not sure what else to do, help me troubleshoot!

 

[ChiSox]

Hey Kan...first make sure time and date are synced...next check your ad-ons running on your browser, sometimes a redirect is hiding in there...I like superantispyware or spyware doctor to scan after malwarebytes

 

[HXL492]

Why not try speedtest? May be a internet problem.
http://www.speedtest.net/

 

[{JNT}Raptor]

Check your internet settings/Lan settings to make sure a worm hasn't set you up with a proxy server....alot of malware is doing that...that way..you can surf all you want...but none of your software will update.....the redirecting and no updates is a giveaway.

Hope it helps.

 

[_JP_]

Also, you could go to "C:\WINDOWS\system32\drivers\etc" to look up the hosts file and check if it's clean (open it with notepad). There should be no other hosts but the loopback (127.0.0.1). If there are any other hosts, check if it was you who put them there, if not, delete them and save the file.

 

[scaminatrix]

Also, you could go to "C:\WINDOWS\system32\drivers\etc" to look up the hosts file and check if it's cleaned (open it with notepad). There should be no other hosts but the loopback (127.0.0.1). If there are any other hosts, check if it was you who put them there, if not, delete them and save the file.

+1; this is most likely the solution.
If there is another address there, your laptop will connect to that and, in turn, can reinfect you (the address could be that of another infected computer for example).

 

[Arrakis9]

try running tdss killer in safe mode first then hit it with combofix (MAKE SURE TO RE-NAME COMBOFIX TO SOMETHING ELSE)

those are classic symptoms of a tdss/aroueln rootkit infection which are not normaly picked up by malware bytes

 

[Kantastic]

Hey Kan...first make sure time and date are synced...next check your ad-ons running on your browser, sometimes a redirect is hiding in there...I like superantispyware or spyware doctor to scan after malwarebytes

Done! Problem still exists.

Why not try speedtest? May be a internet problem.
http://www.speedtest.net/

Done! Internet is running fine, problem still present.

Also, you could go to "C:\WINDOWS\system32\drivers\etc" to look up the hosts file and check if it's clean (open it with notepad). There should be no other hosts but the loopback (127.0.0.1). If there are any other hosts, check if it was you who put them there, if not, delete them and save the file.

127.0.0.1 localhost
::1 localhost

I think it's clean.

+1; this is most likely the solution.
If there is another address there, your laptop will connect to that and, in turn, can reinfect you (the address could be that of another infected computer for example).

try running tdss killer in safe mode first then hit it with combofix (MAKE SURE TO RE-NAME COMBOFIX TO SOMETHING ELSE)

those are classic symptoms of a tdss/aroueln rootkit infection which are not normaly picked up by malware bytes

This is my next step. No luck, TDSSKiller didn't spot anything.

Thanks everyone so far!

 

[scaminatrix]

Check firewall settings to make sure there's nothing being blocked, and also check services to make sure the virus hasn't disabled certain services.

If you're still getting redirected etc, then I think you're still infected. When I got hit with the ESQUL virus, malware bytes couldn't fix it for 3 days. On the third day, I updated Malware Bytes and it fixed it. Might just be the waiting game.


EDIT: wait wait wait, combofix didn't fix it???

 

[Kantastic]

Check firewall settings to make sure there's nothing being blocked, and also check services to make sure the virus hasn't disabled certain services.

If you're still getting redirected etc, then I think you're still infected. When I got hit with the ESQUL virus, malware bytes couldn't fix it for 3 days. On the third day, I updated Malware Bytes and it fixed it. Might just be the waiting game.


EDIT: wait wait wait, combofix didn't fix it???

I've disabled the firewall, I always do. I assumed that Avast! or M$ Security Essentials would be enough, apparently not.

Oh I assumed ComboFix was a follow-up for TDDSKiller, when TDDS didn't pick up anything, I didn't bother with ComboFix. I'll give that a shot momentarily, right now I'm busy with another computer, I have to meet up with AudiTuner and complete a deal. ^_^

 

[temp02]

You are using Avast? Replace it with MSE and report back.

 

[Kantastic]

You are using Avast? Replace it with MSE and report back.

I uninstalled Avast! and installed MSE. I can't update it, that's when I figured something was wrong. Windows Update didn't work, Malware Bytes wouldn't update, etc. I'm also being redirected to a few sites, and Malware Bytes' homepage does not load.

 

[scaminatrix]

I've disabled the firewall, I always do. I assumed that Avast! or M$ Security Essentials would be enough, apparently not.

Personally, I've always had firewall on, and only allow:
Core Networking
Firefox
Homegroup
Maxis Broadband (My internety dongle)
Network Discovery
Orbit Downloader (Flash grabber + Download Accelerator)

Every time I install something, I check to make sure it hasn't allowed itself.

Oh I assumed ComboFix was a follow-up for TDDSKiller, when TDDS didn't pick up anything, I didn't bother with ComboFix. I'll give that a shot momentarily, right now I'm busy with another computer, I have to meet up with AudiTuner and complete a deal. ^_^

Combofix should deomlish the virus. It disables drivers etc. before doing it's thing. If a virus is using a driver to evade detection/spread, it's no sweat. Unfortunately, that's why a lot of people report problems connecting to the net after running combofix, as it's ruthless and will remove your LAN driver if it wants to.
Just make sure you let combofix update when it asks.
And be prepared to reinstall OS if you're using combofix... Although I've never needed to, YRMV.

 

[Kantastic]

ComboFix took care of things, powerful little tool isn't it. Windows Update is working, MSE is updating, I'm able to visit MalwareBytes' homepage. I'll revive this thread should anything happen again.

Thanks everyone!

 

[Arrakis9]

ComboFix took care of things, powerful little tool isn't it. Windows Update is working, MSE is updating, I'm able to visit MalwareBytes' homepage. I'll revive this thread should anything happen again.

Thanks everyone!

proof that combofix isnt as "bad" as people make it out to be

 

[xBruce88x]

every computer i've used combofix on so far no trouble. the only trouble i've had with it is sometimes it doesn't work and i have to use something else. as far as harming the computer... i've yet to see that.

 

[scaminatrix]

proof that combofix isnt as "bad" as people make it out to be

Yea, I'd say about 8 or 9 out of 10 users don't have any problems using it.
Most people don't actually read bleepingcomputer.com's instructions before using Combofix and assume that it's a program that can be used regularly.
The people that know what damage it can do to your OS installation are the people who have actually read the instructions at bleepingcomputer. Unfortunately, it seems not many people do.