This generic solution seems to work for most people.
click on Start > Run. Type in the following into the open box.
then Click on OK. This will run Device Manager. In Device Manager,
click on View > Show Hidden Devices.
expand all the devices by clicking on the "Plus" sign. Now try to find
TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,
right click on whatever one you found and select Disable.
Please make sure that you do not select the Un-Install option
otherwise infection will be back once you reboot your computer.
if none of them are there do not worry,
it could be something simpler but follow what comes next.
you will have to enable view hidden folders in folder options > view.
Delete everything in the windows temp folder,
C > Windows > Temp
Delete all cookies,
Delete all temporary internet files(not to be confused with windows temp files)
these are best deleted via your internet browsers.
it will save you messing about in the the hidden system files
reset internet explorer,
tools > internet options > Advanced tab > reset .
Delete everything in the prefetch folder.
C > Windows > Prefetch
Delete the hosts file,
C > Windows > System32 > drivers > etc > HOSTS
A clean hosts file will be written by windows when you reboot later.
Note: if you were using a custom Hosts file
you will need to replace any of those entries yourself.
Delete the flash cookies found in the macromedia, #Shared Objects folder.
c > users > "your name" > App Data > Roaming > macromedia > Flash player > #Shared Objects
delete everything you find in the #Shared Objects folder
Run a full scan with this
Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
and remove everything suspicious it finds.
When you run this,
DO NOT have any windows open or any other programs running.
Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_sfx.exe
Then run a full scan with this and remove what it finds.
Super anti spyware Pro : http://www.superantispyware.com/
Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SUPERAntiSpywarePro.exe
this has a tool built in that can reset the URL prefix's
reset your router to default.
your redirect virus should now be gone.
download then run,
Hitman pro : http://www.surfright.nl/en to double check.
· 9 years ago