Well hidden redirect virus...

[kaotkbliss]

I fixed an XP system with that type of virus about a month ago. This particular one eventually replaced his shell with some FBI warning screen, and the Safe Mode shell led to a false 0x7B stop error. I ended up removing it mostly from WinPE, but checking the registry's Shell item, as well as some items in Startup. Then I found all the files and deleted them all. After I was able to get into XP again, I only used HJT and Malwarebytes until it was gone. I didn't do anything with the 8MB partition (it was empty) so I just left it.

I used a multitude of scanners (MB, SSD, AVG, AdAware, and some others I found while looking up info) also manually removing files and registry entries etc. Nothing worked it always redirrected links to some strange search engine.

then I did a reinstall of the OS figuring that would work, nope still there.

That's when I found the extra partition and when I removed that, and reset the HD (then reinstalled the OS again so it would boot from the correct partition) the redirrect went away.

Her extra partition wasn't empty and had "boot" files on it.

[dany]

Because I went through it and nothing stood out. Besides, I think the problem has been fixed.

Did you submit it for analysis or were you the only one who went through it? Because 'I think...' doesn't sound all that reassuring...

[JohnOne]

Glad you got it sorted.

[jaberwacky]

Yeah. I know it. I don't feel completely sure either. I'm not an IT person and so as soon as it stopped redirecting I was all liked, "FIXED! I CAN GO TO BED NOW!!!" If she reports more problems I'll run HJT again and send it to their forum and hope someone gets around to answering.

@Chimaera, SpyBot is still a good scanner? I'll go get it again if it is. I always thought of it as like Ad-Aware. Or Sta-Connect. (Yikes.)

[dany]

send it to their forum and hope someone gets around to answering.

Last time I checked thet were pretty fast and helpful. Mind you that was pre- Trend Micro time... However HJT always had a good reputation and support base and I'm sure they're still keeping their rep high.

@Chimaera, SpyBot is still a good scanner?

Maybe I can answer that. Yea, Spybot is a decent scanner, albeit slow. It's GUI freezes a lot too and updating only works from within the main GUI for me. But it will still scan and clean a lot. In short, good scanner, bad frontend as far as I'm concerned. Bit behind the times on some ends. Oh and TeaTimer real-time shield can be a real resource hog, watch out for that too.

I only have Avast running with all shields raised and only use Spybot and the likes if I want to do a thorough scan. Which is about once a month and usually turns up nothing. Last time my machine was infected was atleast 6 years ago

Just make sure that you're running just one real-time monitoring software at a time.

[Chimaera]

Maybe I can answer that. Yea, Spybot is a decent scanner, albeit slow. It's GUI freezes a lot too and updating only works from within the main GUI for me. But it will still scan and clean a lot. In short, good scanner, bad frontend as far as I'm concerned. Bit behind the times on some ends. Oh and TeaTimer real-time shield can be a real resource hog, watch out for that too.

I only have Avast running with all shields raised and only use Spybot and the likes if I want to do a thorough scan. Which is about once a month and usually turns up nothing. Last time my machine was infected was atleast 6 years ago

Just make sure that you're running just one real-time monitoring software at a time.

^^^ Prettty much, i use avast as my main real time monitoring av, and i have malwarebytes and spybot to back it up on the monthly scans.

We usually recommend all three to customers.

Well AVG Malwarebytes and Spybot as a set as they do slightly diff things and gives more width of cover all together.

I dont think a single Av can yet cover all bases and maybe never will