So, I accidently click on some advert on a website I'm looking at a while ago, I forget which website (megavideo I think) and forget about it. Anyway, I'm alt-tabbing between a skype call and firefox when I noticed a program running in the background. All of a sudden I got a virus alert and I'm worried.

I tried running system restore but there were no restore points set up for August and it won't let me look at July.

My first question is, what's up with system restore?

Secondly, I haven't had any issues since resetting normally and there isn't anything unusual running on my computer according to the task manager, so I am wondering if it was a virus at all, or just a hoax thing.

Thirdly, is there any good free virus scan and removal software available?

Thanks in advance.

ETA: Ok, there's definately something wrong. If I do a google search for absolutely anything, around half the time any link I click on sends me to somewhere like eBay or a site where I can "win prizes".

Damndamndamn.

A link about virus scanner tests http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/

AVG is near the top and is free. I use Avast, also free.

A link about virus scanner tests http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/

AVG is near the top and is free. I use Avast, also free.

Thanks for the advice. I'll use AGV, but is it just a scan or will it remove any infection?

The key thing is finding exactly what virus you have then you can google for how to remove it.
http://free.avg.com/virus-removal

eta: Looks like it does some virus removal

Also try one of these:

http://www.malwarebytes.org/mbam.php

http://www.superantispyware.com/

I would use Malwarebyes first.

SpyBot Search and Destroy (Freeware)

Spwarebalster (Freeware)

CCleaner (Freeware to remove all the garbage)

The first two downloads offer passive immunization in thw background against hidden threats on websites.

Download and run that lot.

DB

PS...

Free Avira ant-virus beat AVG in detection...

Free Avira beat a load of 'paid for' Anti-virus software.

DB

I wasn't aware Avira was free - thanks.

You can also google "hijack this" and try to find a friendly site where people can interpret the trace for you.

Ok, so I stopped my net and ran an AVG scan. It found 9 threats and locked them in the "virus vault" wherein I deleted them immediately from my computer.

However, the problem still isn't gone. I will attempt shortly to run a few more programs while I go to work but I am getting worried that this will be a serious issue. Assuming none of these cures the problem (erk) does anyone have any suggestions other than "clean the hard drive"?

However, the problem still isn't gone.

Sorry, what symptoms do you still have? All of them?

If it's just being sent to a scam website then possibly your DNS settings are changed or you've had a HOSTS file shoved in to redirect you. I assume you're running windows but what version?

I had the same thing happen a couple months ago and found it impossible to remove. Several scans and antivirus programs later, my only option is to re-install the OS.

Be careful with running/downloading AV software on an already infected machine. There are quite a bunch of viruses and worms out there that are able to hide themselves from such programs when they are active. That means you can search forever and still not find it.

When you download on that machine, and install, it may even infect the AV program to hide itself from it. The only real way to check an infected machine is to have a clean, bootable read-only medium that contains the OS and the AV software, start with a cold-boot (that is, turn off an on the machine, not simple reset/restart it), and then let it scan the drives.

Alternatively you may remove the drives form the infected machine and plug them as extra drives in a non-infected machine, and do the scanning. You can put the infected drive in an external enclosure and connect it through USB. If you do that, make absolutely sure that you disable the autorun-function on that machine. Otherwise it may load the bugger as soon as you plug in the drive. A simple AUTORUN.INF in the root directory of that drive may be enough to start whatever is pointed to in the .INF.

Once checked and cleaned, look at the file named "hosts" in \Windows\system32\drivers\etc\ and check if there are any suspicious entries. Then boot up the system and check the network settings. Usually it should get the DNS settings through DHCP when you connect to the net. In case you have manually given DNS in the network settings, make sure it is still the right one. Just for a check you may use other DNS servers instead, because the DNS you use may be hijacked (that happens some times, albeit it's quite rare).

If the problems still persist, you may want to try a different machine in your network, preferably one that started from a live CD like Knoppix. The reason is that there is s light chance that your router got hacked and messes up your traffic/requests. It's very rare that this happens, but it does sometimes. If that is the case, either contact your provider from whom you got the router.

Greetings,

Chris

Sorry, what symptoms do you still have? All of them?

If it's just being sent to a scam website then possibly your DNS settings are changed or you've had a HOSTS file shoved in to redirect you. I assume you're running windows but what version?

Ok, the symptoms are that if I run a google search (for example) and select any result at random there is a chance that it will not open the result and will instead redirect to another website without a security certificate. Often it will be one of those very dubious looking search engines, which has run a search for me on the term I asked google to look for.

As for my version of Windows, I have XP Professional.

Would it help if I ran something like Hijack This and posted the results up here?

Turn off System Restore, reboot
During the restart, if possible, go into safe mode
run your AV scan (if it runs in Safe Mode), restart


Now, depending on a few factors (like your AV not working in Safe Mode), you may need to take more serious action:


Turn off System Restore
Restart and go into safe mode
Create a new user
Restart and log in as the new user, copy the files you had saved in the other user account.
Once the files are copied, delete the old user account.
Get a decent antivirus and don't let it happen again.

Others have mentioned Avira and I would recommend it as well. Especially
the Avira Antivir Rescue System. I tried to post a link but I am still under 15 posts so just google it ;).

If you download the ISO version you can make a bootable cd which you can use to scan your system without allowing any baddies to load. The new version also downloads the latest virus definitions from the net.

Another cool thing is that you can put it on a usb key too for computers that allow booting from usb.

I recomment Avast over AVG.

AVG doesn’t so much protect your system as it does let you know you may have an infection by breaking. I don’t think I’ve ever gotten a virus warning from AVG, but it has broken more than twenty times on me.