What's new

I Need Serious Help - HP Netbook

Good afternoon gents. Well, this is getting to be absolutely unbearable. My wife and I are the "proud" owners of a HP Netbook. Model 1000. I believe this is a pre-Atom processor since it is about 2-3 years old. 1. something Ghz processor(can't tell you rignt now. Explanation further below) 16Gb solid state hard drive, XP SP3(pretty sure it is home edition), 1Gb RAM. Now mind you, the slowness with some things I can manage. This is not a power machine and I realise it. It is great for checking the web from the easy chair and I wield it as this is written. However, there are some issues which are flatly driving me to the brink. Let me 'slplain.


Last year I managed to get the infuriating Google Redirect Virus. I finally nixed it with Kosperky's TDSSKiller. A freeware scanning tool that "cures" the virus. Things went along smashingly for a good while. Then about a month ago I started noticing more weird things. I use MSN Bing search now and it is affected as well since the first result is usually a redirect of some kind. It is not as insidious as GRV but I can tell it is not right. You can usually back out of the redirect page and go to the next result with no problems. Till yesterday. Actually, I noticed a few days ago it was acting odd and yesterday a simple search for rubbing compounds sent me to one of those bloody "your computer is infected with viruses! You firewall is turned off! Click here now to fix it!" And even though I knew what was coming it was too late. Any click of the mouse started an install of this crap. So I forced a cold start by holding down the power button till it shut off. I know it is not good to do that but hey, my choice was exactly what?

So I re-started it in Safe Mode and immediately updated Malwarebyte's and ran a scan. Sure as death and taxes, it spotted some stuff. THIRTY TWO things to be precise. I let it quarantine the malware and restarted normally. This is when the trouble really started. Now, every time I click an icon for an application or even choose it from the menu, there is an error. And it always involves something like 'rundll32.exe' and it either says "windows cannot open rundll32.exe because there is no program associated with it. Open Folder Options and associated with...) or you get a 'Open With' menu box and you have to browse to the programme you want to open and do it that way. Sometimes it works and other times it does not.

I suspected a bollocksed up registry so I tried to undo the damage by running the backup of the registry I had before trying any of the Malwarebytes or CCleaner apps. It will not allow it to reinstall. I tried the Roxio Back on Track software which I knew has an updated point about a week ago. No dice. It will not allow me to open it at all. Even after going through the Open With menu. What am I going to do with this thing? I cannot even access the System icon in the control panel page. Same errors. It is why I cannot tell you the exact processor.

I have no issues with wiping it clean and starting again but I do not want to jump to Linux just yet. Still too many issues with wireless and my comfort level is not there yet. The big issue is getting restore discs from HP. They offer it for fifteen dollars and I can locate a USB optical drive to do the restore/reinstall but I wanted your take on this first. If there are some steps I can take to at least straighten things up then a better scanning, registry editing or whatever can be undertaken. This is beyond infuriated. BTW, antivirus is Avira's latest free version and I think it may be an issue as well but I am not sure. Thank you for anything you can help me with.

Regards, Todd
 
Last edited:
I am not familiar with the virus you mention so I don't have much concrete help. But I think your best bet is to use a second computer to search for the exact issues you are seeing to find a specific cure for them. I say this because I was once infected with some http proxy virus that mutated for each infection and captured every webpage, not just google searches and without a non-infected computer setup it would have been nearly impossible to track down. If that is not feasible, then I am afraid that wiping the disk clean with HP's help or a new linux install may be your best option.
 
Thank you for the replies. It is really odd, whatever this issue is. I think by forcing a shutdown I may have prevented it from installing completely but I am having some more weird issues. Take Friefox for instance. When I click the quick launch button or select it from start menu I get the "open with" menu. Firefox is highlighted. I click open and while it opens a session of Firefox, it does not go to my home page but remains blank. Then it gives me a download dialogue box saying firefox.com wants to wants to download and of course you get the save or cancel option. The first time I thought it was just downloading something missing since the weirdness with starting any programs. It just left a desktop icon and nothing else. So now I hit cancel and it goes away. I still get the blank page but if I click the home page button it goes there. Just total weirdness. I will run chkdsk to see if it clears up anything. As it stands now I have the red shield with white X telling me I have no firewall. And my Avira icon is gone too. Since I cannot get into security center I cannot verify this. I am going to try to access it from Safe Mode. Will keep you updated.

Regards, Todd
 
Progress! Well mostly. I am paranoid about this thing now because of the seemingly never ending issue of clicking on a web search whether it be Bing or Google and either being redirected(not the Google redirect virus, already checked) or the Avira not picking up threats before the page loads.

Here is what I did and I have no idea if it was correct or not but seems to have cured 99% of the issues. First I got Piriform's CCleaner running and had it fix any registry issues it found. And yes, if found several "dll" issues. It fixed a number of other items as well. Until I did that I could not even get chkdsk to work. As I suspected, a web search revealed this was the tactic of a number of viruses. So you cannot execute any progamme the virus does approve of. You know, antivirus, anti spyware, and just about everything else in your start menu. So I think I was right to force a shutdown of the pc. It is not a good practise but in this event it kept the stinking virus from taking over everything all at once.

Then I scanned again with Malwarebytes. Nothing. Avira was MIA. I mean it did not show up in the systray and it would not start from the menu no matter what I tried. So I did some web searching and found the newer version of Avira has anti-spyware installed and that it may conflict with Malwarebytes even though most times anti-spyware usually does not conflict a/v. I wondered about this since some of these issues showed up after I had upgraded to Avira 10 free version a couple of weeks ago. So I have uninstalled Malwarebytes for now. I also used CCleaner to uninstall Avira and then reinstalled to the latest version again today and updated it and did let it do a short scan. It came back empty. But I still had an issue with getting a small dialogue box every time I opened a programme. It always prompted me to select a user account with some warning about not allowing viruses or something. Anyway, I knew that was bollocksed so a search turned up some very good information at Tom's Hardware forums. There was a thread there about running some dll commands in the "run" command box. I copied them and it worked nicely to get rid of the dialogue box. So for now at least it seems I have kind of gotten back on track but this stuff makes you seriously spooked at anything that even looks odd. I know just using a fix-it someone posted on a forum is not too good an idea but it worked this time.

There is one nagging issue that drives me nuts. I have been using Bing search engine and almost universally the first result is a redirect. You can back click and it will give an empty screen and the address bar with say redirect. Another back click takes you back to the page you started searching from. It is nowhere near as insidious as the Google Redirect virus but I just cannot imagine this is normal search behaviour. It may also have to do with the issue of the scanners not picking up these suspect sites BEFORE they start loading. Will post any updates.

Regards, Todd
 
... the first result is a redirect. You can back click and it will give an empty screen and the address bar with say redirect. Another back click takes you back to the page you started searching from...
Once you got redirected, I think it is common to need a couple of back clicks to get where you started. Some sites are worse than others, but I think this is universal problem with how web browsers handle redirects.

Besides all your registry and virus checking/purging, I would also recommend installing the latest chrome, opera, or even IE and use that as your browser to see if your problem (infection) is firefox specific or not.
 
Malwarebytes works really well, also check out Advanced System Care 4 (free edition), you can get it a download.com........If all else fails do a complete factory restore. Make sure you save everything to a external drive that you want/need and do that. Should work fine after that. I usually do a factory restore once even twice a year on my PC and lappy. It's a pain to reload eveything but gets rid it of all the garbage and it's like having a new computer.
 
Another update. I remembered something about Avira having anit spyware features now and wondered if it may be an issue with Malwarebytes. So I uninstalled it and reinstalled it yet again. This time I paid way more attention to the install. I unchecked anything in the extra features available when you configure it. I noticed immediately the pc booted faster, Avira showed up in the systray faster, the overall boot and load time was better. Hmmm. You know, a few years ago AVG did the same sort of thing. They added antispyware features but you could not disable them. At least then you couldn't. It was a giant pain for my pcs. It led me to Avira. And it has worked splendidly. It still does but only after I ditched the malware stuff. So it will either be back to Malwarebytes or maybe a go with ASC4. Thank you for the suggestion.

Regards, Todd
 
From what you describe, it sounds like you never really got rid of the backdoor trojan responsible for redirecting any search engine you use.

Before you begin with trying to eradicate this bug once and for all, turn off your Windows System Restore because the "bad bugs" get backed up into the system restore files and windows does not allow anything to inspect those files. When you are sure the "bad bugs" are gone, you can then turn it back on if you wish.

Now, on with the show, as it were. A lot of reading ahead, but please try to keep up. :wink2:

Since you are being redirected to unwanted websites or another search engine, no matter what search engine you use, your browser is not only hijacked by a Trojan, but the computer is also infected with a TDL3 rootkit as well. This threat is also known as the TDSS or Alureon rootkit. Many anti-malware vendors have failed to detect and prevent the infection but removal of the latest variants of TDL3 rootkit is possible using several tools and malware removal programs.

The first method to use is to run a scan using an anti-malware removal program to detect the TDL3 rootkit. Using these anti-malware programs (any or all) to scan and remove is important, enabling you to find other malware hiding in your computer as well as the TDL3 rootkit.


  • A-squared Free or A-squared Anti-Malware – both versions provide a scanner and remover of the browser redirect virus (a.k.a. TDL3 rootkit). A-squared flags the said infection as Rootkit.Win32.TDSS!IK. Note the IK in the threat name which means, the Ikarus detection. Ikarus is another antivirus engine that is integrated in A-squared programs.
  • Malwarebytes Anti-malware Free (a.k.a. MBAM) and its paid edition – Free and paid editions of MBAM offer a scan and removal of the browser redirect virus.
  • SuperAntispyware Free and SUPERAntiSpyware Pro – like A-squared and MBAM, both programs of SUPERAntiSpyware provides a scan and removal options.
If, for some reason the removal is not successful (this can happen if the infection is a new variant of TDSS rootkit), then I suggest using a standalone removal tool.
Choose any of the free tools below:


If you prefer to use an online scanner and remover, try Trend Micro Housecall and ESET Online Scanner.

Lastly, if all the above fails:

Another removal tool for the browser redirect virus is ComboFix.
ComboFix is easy to use but I recommended you follow this self-help guide for instructions and the official download links. Only download this tool from the links in the guide.
 
Last edited:
Does your netbook have a system restore utility installed? Given the amount of problems you're having, I would just revert to factory and start over fresh, you're never going to be completely confident you got everything removed otherwise.
 
I owned one of the early netbooks (was a Samsung) which was running XP, and it had a factory restore feature. You usually reboot and hit f8 while it's rebooting and the system restore came right up.....
 
Top Bottom