Help needed to stop Hi-Jacking

[Hazy]

Hi, Hope someone can help. For the last few days my browser has been hijacked. It is directed to several different sites, a couple of the main ones are adfarm.mediaplex and adserver.adtechus. I have tried all I know how to rid myself of it and used some of the tools suggested in other threads of this forum.

My last attempt to get rid of this virus was to run a full scan using Spybot, AVG, Malwarebytes, and System Mechanic. I then started up again in SAFE MODE and repeated the full scans again, but still when I turn on the hi-jacking virus takes over. If anyone can help I will be very grateful, however I am not a ?Techie? and any instructions would need to be basic.
Thanks

[MrMacro]

Malware is becoming ever more sophisticated, and is able to install itself as safe mode drivers making Safe Mode itself not very safe at all. In this scenario you typically need to boot up in an alternate environment (perhaps off a LINUX boot CD or ERD Commander) and then manually remove the offending files. If you have System Restore enabled, you could try and restore the system to an earlier working installation - just google System Restore and you'll see instruction on how to perform and actual restore.

The bottom line is that even for Techies this is not straight forward or easy. If System Restore fails, my advice to you would be to either get a Techie to look at this for you or copy any personal files and folders and then rebuild your PC from scratch - wipe it clean and then reinstall the OS.

If you go with the latter, make sure you install Spybot with TeaTimer support and always say no to any suspicious registry changes when prompted.

[Hazy]

Thanks for that MrMacro. I have found a link on this site for a 90 day trial of Norton 2009. I am installing that at the moment (have to take off AVG first) if that does not work I will follow your advice.

[tb888]

I would reformat, Anti Virus is fairly useless to be perfectly honest (norton even more so unless their new one has changed), you should still have it - before getting infected.

Here are some solid steps to get you started (assuming a format isn't an option):

click: start > run

Then type in:

Code:

cmd

then type in this command:

Code:

echo #begone > \windows\system32\DRIVERS\etc\hosts

//edit
also type this command into the black box at this point:

Code:

ipconfig /renew

//

now goto this url:

Code:

http://housecall.trendmicro.com/uk/

And follow its instructions to let it scan your computer for problems.

These are just starting steps to cleaning up though.

[Hazy]

Thanks tb888. Sorry it has taken me so long to get back to you but I have only just got it sorted.

The virus would not let me keep a page open long enough to get on line support?

The way I got a fix was to change my browser to Firefox, this allowed me to get on to the microtrend site. I downloaded the free demo antivirus program. After a couple of scans it appears to have solved the problem (I hope). Will monitor over the next few days but it is looking good.

Once again thanks for your time and trouble.

[tb888]

Glad to hear your getting somewhere with it. I wasn't meaning the free trial though, the link should have pointed you to homecall (which is free), this runs in your browser via java and scans remotley making it more difficult for the virus and/or malware to disrupt it. Useful to note anyway, for the future.