Help with redirect virus

[RRHODY]

Need help. Even with Avira and AdAware my computer got an infection. I don’t know the name, but it redirects any search, Google, Yahoo, About.com, MSN. If a search is made and the results displayed, the entries look normal, but if you click on the title, a totally different site comes up, usually selling something. Google suggests going elsewhere for a solution, Yahoo doesn’t respond. Looking at anti virus and other applications, they seem to be directed at preventing infection – but what to do AFTER infection? Spy Bot, Avira and AdAware say the unit is “clean” but the infection is still there. There was a screen that came up saying their program could stop the intrusion if you paid $$$, it was called A360. I was suspicious, and did not accept the offer. Was that a legit offer?
This situation applies either with MS Internet Explorer or Mozilla Firefox using Windows XP Pro.
Obviously, I can’t do a search for an answer, so I’m hoping to get some directions from the list.

[GomJabbar]

You need to download, install, and run Malwarebytes' Anti-Malware. Malwarebytes' Anti-Malware is a powerful virus removal tool. See the following for how to do this.

http://www.bleepingcomputer.com/malware ... ivirus-360

EDIT: Actually, it looks like you need to remove the Vundo Trojan (as well as possibly A360). See the following for removing the Vundo virus.

http://www.bleepingcomputer.com/malware ... virtumonde

[aaa]

+1 on malwarebytes.

[spuddog]

Sounds like your DNS settings have been hi-jacked. Open control panel go to Network connections-
right click on you network adapter- properties. in the list of properties- click on TCP/IP open properties.
under Obtain DNS most ISP's use Obtain Automaticaly. Set to auto and see what happens. Some ISP's
specify the DNS server, so you may have to call your ISP to find out what the setting should be.

By all means run MalwareBytes also.

Scott

[RRHODY]

The first link shows the exact screen shots of what my 'puter looked like. I will follow the instructions and report results.
THANKS !

[RRHODY]

OK, got rid of A360 and the nag screens, but the search redirection still goes on. I'm going to try the next link.
I do appreciate the help.

[GomJabbar]

While I haven't read previously about the following software, I think I would give it a try. One thing it does is replace the "Hosts" file with a default one. The Hosts file can send you to a poisoned DNS.

http://www.softpedia.com/get/Tweak/Netw ... kFix.shtml

EDIT: Here is a newer version of the above: http://majorgeeks.com/download4372.html

[aaa]

There is also ComboFix. I had to rename the file to get it to run.

[Marin85]

@OP: you may also want to check out this thread in case you have to go the hard way...

[RRHODY]

This is especially for Gomgraber

The first link you suggested worked fine.
The second link - virtumonde - neither program found any problems so didn't solve the problem.
I will continue other avenues in my quest for restoring searches.
Thanks.

[spuddog]

Check your DNS servers

Scott

[RealBlackStuff]

You might have the CoolWebSearch virus.
This link gives you loads of info and how to get rid of it:
http://www.spywareinfoforum.com/lofiver ... 23424.html

[NorrisCell]

I shudder at the name Vundo. Got it not too long ago. Similar symptoms. The Virtu removal found nothing, but Spybot said it was there. Never was able to kill it. Ended up redoing a different drive and safely transferring files. Not a huge deal because it needed to be transferred to the new drive anyway, but an unexpected headache none the less.