1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Is my laptop infected?

Discussion in 'General Hardware' started by Kantastic, Jan 25, 2011.

  1. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,181 (1.87/day)
    Thanks Received:
    998
    My laptop has been acting weird lately. Some webpages don't load, some redirect me, and I can't seem to do Windows Update or any antivirus software updates. I took the hard drive out and scanned it in another computer with MalwareBytes (3 trojans, all cleared, rescanned to be sure) and I still can't do any form of updates on the laptop.

    I'm not sure what else to do, help me troubleshoot!
     
  2. ChiSox

    ChiSox

    Joined:
    Jan 14, 2009
    Messages:
    447 (0.16/day)
    Thanks Received:
    77
    Location:
    On The Green
    Hey Kan...first make sure time and date are synced...next check your ad-ons running on your browser, sometimes a redirect is hiding in there...I like superantispyware or spyware doctor to scan after malwarebytes
     
    Kantastic says thanks.
  3. HXL492

    HXL492

    Joined:
    Sep 26, 2010
    Messages:
    232 (0.10/day)
    Thanks Received:
    24
    Kantastic says thanks.
  4. {JNT}Raptor

    {JNT}Raptor New Member

    Joined:
    Jul 12, 2005
    Messages:
    733 (0.18/day)
    Thanks Received:
    87
    Location:
    NY
    Check your internet settings/Lan settings to make sure a worm hasn't set you up with a proxy server....alot of malware is doing that...that way..you can surf all you want...but none of your software will update.....the redirecting and no updates is a giveaway.

    Hope it helps. :)
     
    Kantastic says thanks.
    10 Year Member at TPU
  5. _JP_

    _JP_

    Joined:
    Apr 16, 2010
    Messages:
    2,711 (1.12/day)
    Thanks Received:
    765
    Location:
    Portugal
    Also, you could go to "C:\WINDOWS\system32\drivers\etc" to look up the hosts file and check if it's clean (open it with notepad). There should be no other hosts but the loopback (127.0.0.1). If there are any other hosts, check if it was you who put them there, if not, delete them and save the file.
     
    Last edited: Jan 25, 2011
    Kantastic says thanks.
  6. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,583 (1.45/day)
    Thanks Received:
    798
    Location:
    By the Channel Tunnel, Kent, England
    +1; this is most likely the solution.
    If there is another address there, your laptop will connect to that and, in turn, can reinfect you (the address could be that of another infected computer for example).
     
    Kantastic and _JP_ say thanks.
  7. Arrakis+9

    Arrakis+9

    Joined:
    Aug 10, 2007
    Messages:
    1,664 (0.49/day)
    Thanks Received:
    779
    Location:
    TEXAS
    try running tdss killer in safe mode first then hit it with combofix (MAKE SURE TO RE-NAME COMBOFIX TO SOMETHING ELSE)

    those are classic symptoms of a tdss/aroueln rootkit infection which are not normaly picked up by malware bytes
     
    Kantastic says thanks.
  8. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,181 (1.87/day)
    Thanks Received:
    998
    Done! Problem still exists.

    Done! Internet is running fine, problem still present.

    127.0.0.1 localhost
    ::1 localhost

    I think it's clean.


    This is my next step. No luck, TDSSKiller didn't spot anything.

    Thanks everyone so far!
     
    Last edited: Jan 25, 2011
  9. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,583 (1.45/day)
    Thanks Received:
    798
    Location:
    By the Channel Tunnel, Kent, England
    Check firewall settings to make sure there's nothing being blocked, and also check services to make sure the virus hasn't disabled certain services.

    If you're still getting redirected etc, then I think you're still infected. When I got hit with the ESQUL virus, malware bytes couldn't fix it for 3 days. On the third day, I updated Malware Bytes and it fixed it. Might just be the waiting game.


    EDIT: wait wait wait, combofix didn't fix it???
     
    Kantastic says thanks.
  10. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,181 (1.87/day)
    Thanks Received:
    998
    I've disabled the firewall, I always do. I assumed that Avast! or M$ Security Essentials would be enough, apparently not.

    Oh I assumed ComboFix was a follow-up for TDDSKiller, when TDDS didn't pick up anything, I didn't bother with ComboFix. I'll give that a shot momentarily, right now I'm busy with another computer, I have to meet up with AudiTuner and complete a deal. ^_^
     
  11. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.17/day)
    Thanks Received:
    166
    You are using Avast? Replace it with MSE and report back.
     
    Kantastic says thanks.
  12. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,181 (1.87/day)
    Thanks Received:
    998
    I uninstalled Avast! and installed MSE. I can't update it, that's when I figured something was wrong. Windows Update didn't work, Malware Bytes wouldn't update, etc. I'm also being redirected to a few sites, and Malware Bytes' homepage does not load.
     
  13. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,583 (1.45/day)
    Thanks Received:
    798
    Location:
    By the Channel Tunnel, Kent, England
    Personally, I've always had firewall on, and only allow:
    Core Networking
    Firefox
    Homegroup
    Maxis Broadband (My internety dongle)
    Network Discovery
    Orbit Downloader (Flash grabber + Download Accelerator)

    Every time I install something, I check to make sure it hasn't allowed itself.

    Combofix should deomlish the virus. It disables drivers etc. before doing it's thing. If a virus is using a driver to evade detection/spread, it's no sweat. Unfortunately, that's why a lot of people report problems connecting to the net after running combofix, as it's ruthless and will remove your LAN driver if it wants to.
    Just make sure you let combofix update when it asks.
    And be prepared to reinstall OS if you're using combofix... Although I've never needed to, YRMV.
     
    Kantastic says thanks.
  14. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,181 (1.87/day)
    Thanks Received:
    998
    ComboFix took care of things, powerful little tool isn't it. Windows Update is working, MSE is updating, I'm able to visit MalwareBytes' homepage. I'll revive this thread should anything happen again.

    Thanks everyone!
     
    _JP_ and Arrakis+9 say thanks.
  15. Arrakis+9

    Arrakis+9

    Joined:
    Aug 10, 2007
    Messages:
    1,664 (0.49/day)
    Thanks Received:
    779
    Location:
    TEXAS
    proof that combofix isnt as "bad" as people make it out to be
     
  16. xBruce88x

    xBruce88x

    Joined:
    Oct 29, 2009
    Messages:
    2,517 (0.97/day)
    Thanks Received:
    756
    every computer i've used combofix on so far no trouble. the only trouble i've had with it is sometimes it doesn't work and i have to use something else. as far as harming the computer... i've yet to see that.
     
  17. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,583 (1.45/day)
    Thanks Received:
    798
    Location:
    By the Channel Tunnel, Kent, England
    Yea, I'd say about 8 or 9 out of 10 users don't have any problems using it.
    Most people don't actually read bleepingcomputer.com's instructions before using Combofix and assume that it's a program that can be used regularly.
    The people that know what damage it can do to your OS installation are the people who have actually read the instructions at bleepingcomputer. Unfortunately, it seems not many people do.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)