|
Problem description: Trying to clean a laptop for someone and there's some kind of advertising redirect that's resisted all attempts to root it out. Sometimes on random websites in IE, clicking anywhere will open new tab full of advertising. The ads all appear to be served through terdir.com, or at least that's what always shows in the url before the ad page loads. Attempted fixes: Ran rkill, TDSSkiller, MBAM scans coming up clean. Kaspersky Internet Security full scan coming up clean. There's no malicious add-ons in the browser. Installed Adblock Plus and it makes no diference. Reset IE browser settings to defaults and rebooted. Searched registry for "terdir.com" and found nothing. Found nothing suspicious in Windows startup items or task scheduler. No suspicious running processes in task manager. Checked hosts file. Made sure no proxy was set in Internet Settings. Googling for terdir just returns a million sites with generic anti-malware advice half of which are trying to to get to run their own anti-malware executable of questionable provenance. -- Operating system: Windows 8.1 x64 running Kaspersky Internet Security, IE11 System specs: Toshiba Qosmio x870 laptop, Core i7 2.4GHz 16GB RAM Location: Canada I have Googled and read the FAQ: Yes
|
# ? Jan 22, 2015 22:50 |
|
|
# ? May 2, 2024 15:35 |
|
Try running these two: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.bleepingcomputer.com/download/junkware-removal-tool/
|
# ? Jan 24, 2015 23:09 |
|
Thought it had been cleaned up, but the infection apparently just decided to hide for a while, it's back now.Zogo posted:Try running these two: Ran both to no result. Currently running through the whole suite of scans in UltraVirusKiller just for kicks, but I don't expect it to do much as I've already run most of the scans it uses individually. I'm leaning towards just a Windows 8 Refresh at this point, but I'm really curious where the hell this thing is hiding that it's able to evade all the usual tools.
|
# ? Jan 29, 2015 17:30 |
|
Entropic posted:Ran both to no result. I'd try a scan using http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline-beta
|
# ? Jan 29, 2015 22:31 |
|
Looks like RogueKiller found a rootkit with hooks into IE, I'm hoping that's it. The maddening thing is that it previously seemed to be gone and then started happening again, so I can't tell if it's actually been gotten rid of.
|
# ? Jan 29, 2015 23:12 |
|
...aaaand it still came back. Salting the Earth it is, then.
|
# ? Jan 30, 2015 22:13 |
|
|
# ? May 2, 2024 15:35 |
|
There's more scans you could do but it probably wouldn't be prudent to spend another few weeks using them in a reinstall is possible.
|
# ? Jan 31, 2015 01:10 |