Two Bad Computer Viruses: How I got rid of them With Free Simple Solutions
Google Redirect Virus Defeated
The solution for the Google Redirect Virus, was first found at:
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
which was listed on page 6 of the search results from
http://www.google.com/search?q=%22google+redirect%22&hl=en&safe=off&rlz=1B3GGIC_en___US381&prmd=v&start=50&sa=N .
For a while I flailed around on the net, not getting any answers. I found when I went to the public library to search Google for answers, where the room temp was cooler, where it was brighter and more spacious, where I could look at the search results without resorting to copying the URL of the search result and pasting into the address bar so as to avoid the browser redirect, my mind starting thinking more clearly.
Instead of using search terms that attempted to narrow down the search results to exactly the problem I had, by including terms such as asklots (a page I was frequently redirected to), I switched over to trying to use the kind of search terms that are most commonly used for the virus, leaving details out. I did a search for "google virus". This search led to a page that said the virus was commonly known as the "google redirect" or "google redirection" virus. The "google redirect" virus was more common a term according to the search results than "google redirection".
Looking at the search results for "google redirect", I resolved to start with the simplest possible solutions and work upwards to more complex solutions. The deletemalware.blogspot.com solution was approx the fourth simplest one I found and the fourth one I tried.
I found the content that I found at deletemalware.blogspot in several pages. This content featured easy to understand graphics showing screen shots of various checks that should be made on the computer. The fifth of seven steps recommended was to download http://support.kaspersky.com/downloads/utils/tdsskiller.zip , size 944 KB, (http://support.kaspersky.com/viruses/solutions?qid=208280684 ). I downloaded it and ran it; it was finished (command line window) in just a couple of seconds; it told me that it had it found the C windows system32 drivers cdrom.sys file infected by the tdss rootkit; it said it would be cured on the next reboot. It did not find any registry objects infected (some pages giving advice had advised toiling with softwares that backup and check the registry); it found only the one cdrom.sys file infected. It said on reboot, I would be free of the virus.
And on reboot, indeed I was free of the virus.
Defeat of the Mebroot Virus
Previously Feb 25, I had been infected by the Mebroot virus. In that case, finally, by doing a Google groups search for "Mebroot removal tool", (http://groups.google.com/groups/search?hl=en&ie=UTF-8&q=mebroot+removal+tool&btnG=Search&sitesearch= ), I found an entry (http://www.wilderssecurity.com/showthread.php?t=266428 ) that said Eset had a tool that successfully removed the virus. To my surprise, ESET's small command line program (http://www.eset.eu/encyclopaedia/mebroot_backdoor_sinowal_trojan_mebroot_stealth_mbr_trojan_backdoor_maosboot?lng=en ), 0.1 MB, ran for just a couple of seconds, told me to restart, and the virus was gone.
Generalizations RE the Two Victories over the Viruses
Both when I succesfully removed the Mebroot virus Feb 25, and when I successfully removed the Google redirect virus June 1, the solutions were small, free command line standalone malware removal tools produced by established reputable professional computer security companies. Both times the programs provided by these companies ran for only a couple of seconds, and had the virus cleared out with just a restart. Both times the tiny utilities were extremely easy and simple to use.
With both viruses, there were plenty of false leads in the content of verbose, expert sounding web pages (found through Google searches) giving advice re the viruses, pointing to expensive, time and energy consuming, complicated, dangerous (in terms of causing computer problems) alleged solutions. With both viruses there were lots of pages talking about how difficult it is to remove the virus, how dangerous it is to try to remove it.
With both viruses there were plenty of stories that would be laughable were they not so tragic, about unfortunates who in attempting to remove the virus had gotten to the point where they could no longer do anything at all with their computers.
When I encountered the more recent "Google redirect" virus, I by mistake bought a paid copy of Prevx, because mistakenly in my memory I thought that Prevx was the one that had removed the virus. Actually, Prevx had found the virus but would only remove it with the paid version--ESET was the company whose free product had actually removed the virus. But mistakenly, my memory told me that Prevx had removed the virus, because I had downloaded a colorful trial version of Prevx that captured my attention, that I had to pay attention to to work with. The real hero, the ESET standalone command line program, was drab, colorless, and did not require much attention to run so mistakenly I did not remember it as the hero it was. I estimate that both myself and others fail to give the proper level of attention to solutions that are superior but less memorable.
Generally, seems that a key to virus removal, is to use the right terms in the Google searches re the virus. You could have two slightly different searches using slightly different words, and one search could result in hours of useless research whereas another search immediately results in the problem being quickly and easily solved.
Apparently when using search engines to research a virus, one should use the same words that lots of people are using to describe the virus, not words and phrases that a small minority are using to describe the virus. Apparently it is advantageous to leave out little details that one would think would help to narrow down the search results to what is needed, because most people working on the subject leave such little details out of the pages relevant to the subject.
Seems it's wise to: not to get bogged down in the results produced by one search, before experimenting with a few different searches using a few different terms; be sceptical with regards to persons who exaggerate re how difficult and complex a task it is to remove the virus; start with the simplest solutions available and work your way upwards to more and more complex solutions; and, not be panicked and stampeded into prematurely spending lots of money on an expensive solution, or prematurely getting involved in complex difficult solutions.
Fact of the matter is that for any given computer infection, apparently, there are an unbelievably large number of pages pointing to sub-optimal solutions.
ESET called their solution to Mebroot, a "Mebroot removal tool", and a "Mebroot remover", and a "standalone malware removal tool" (http://kb.eset.com/esetkb/index?page=content&id=SOLN2372 ). Kaspersky called their solution to "Google Redirect", a "disinfection of an infected system", a "malware remover", and a "malware family utility". I estimate the use of such phrases will lead to quick and easy successes when fighting off viruses.
The solution for the Google Redirect Virus, was first found at:
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
which was listed on page 6 of the search results from
http://www.google.com/search?q=%22google+redirect%22&hl=en&safe=off&rlz=1B3GGIC_en___US381&prmd=v&start=50&sa=N .
For a while I flailed around on the net, not getting any answers. I found when I went to the public library to search Google for answers, where the room temp was cooler, where it was brighter and more spacious, where I could look at the search results without resorting to copying the URL of the search result and pasting into the address bar so as to avoid the browser redirect, my mind starting thinking more clearly.
Instead of using search terms that attempted to narrow down the search results to exactly the problem I had, by including terms such as asklots (a page I was frequently redirected to), I switched over to trying to use the kind of search terms that are most commonly used for the virus, leaving details out. I did a search for "google virus". This search led to a page that said the virus was commonly known as the "google redirect" or "google redirection" virus. The "google redirect" virus was more common a term according to the search results than "google redirection".
Looking at the search results for "google redirect", I resolved to start with the simplest possible solutions and work upwards to more complex solutions. The deletemalware.blogspot.com solution was approx the fourth simplest one I found and the fourth one I tried.
I found the content that I found at deletemalware.blogspot in several pages. This content featured easy to understand graphics showing screen shots of various checks that should be made on the computer. The fifth of seven steps recommended was to download http://support.kaspersky.com/downloads/utils/tdsskiller.zip , size 944 KB, (http://support.kaspersky.com/viruses/solutions?qid=208280684 ). I downloaded it and ran it; it was finished (command line window) in just a couple of seconds; it told me that it had it found the C windows system32 drivers cdrom.sys file infected by the tdss rootkit; it said it would be cured on the next reboot. It did not find any registry objects infected (some pages giving advice had advised toiling with softwares that backup and check the registry); it found only the one cdrom.sys file infected. It said on reboot, I would be free of the virus.
And on reboot, indeed I was free of the virus.
Defeat of the Mebroot Virus
Previously Feb 25, I had been infected by the Mebroot virus. In that case, finally, by doing a Google groups search for "Mebroot removal tool", (http://groups.google.com/groups/search?hl=en&ie=UTF-8&q=mebroot+removal+tool&btnG=Search&sitesearch= ), I found an entry (http://www.wilderssecurity.com/showthread.php?t=266428 ) that said Eset had a tool that successfully removed the virus. To my surprise, ESET's small command line program (http://www.eset.eu/encyclopaedia/mebroot_backdoor_sinowal_trojan_mebroot_stealth_mbr_trojan_backdoor_maosboot?lng=en ), 0.1 MB, ran for just a couple of seconds, told me to restart, and the virus was gone.
Generalizations RE the Two Victories over the Viruses
Both when I succesfully removed the Mebroot virus Feb 25, and when I successfully removed the Google redirect virus June 1, the solutions were small, free command line standalone malware removal tools produced by established reputable professional computer security companies. Both times the programs provided by these companies ran for only a couple of seconds, and had the virus cleared out with just a restart. Both times the tiny utilities were extremely easy and simple to use.
With both viruses, there were plenty of false leads in the content of verbose, expert sounding web pages (found through Google searches) giving advice re the viruses, pointing to expensive, time and energy consuming, complicated, dangerous (in terms of causing computer problems) alleged solutions. With both viruses there were lots of pages talking about how difficult it is to remove the virus, how dangerous it is to try to remove it.
With both viruses there were plenty of stories that would be laughable were they not so tragic, about unfortunates who in attempting to remove the virus had gotten to the point where they could no longer do anything at all with their computers.
When I encountered the more recent "Google redirect" virus, I by mistake bought a paid copy of Prevx, because mistakenly in my memory I thought that Prevx was the one that had removed the virus. Actually, Prevx had found the virus but would only remove it with the paid version--ESET was the company whose free product had actually removed the virus. But mistakenly, my memory told me that Prevx had removed the virus, because I had downloaded a colorful trial version of Prevx that captured my attention, that I had to pay attention to to work with. The real hero, the ESET standalone command line program, was drab, colorless, and did not require much attention to run so mistakenly I did not remember it as the hero it was. I estimate that both myself and others fail to give the proper level of attention to solutions that are superior but less memorable.
Generally, seems that a key to virus removal, is to use the right terms in the Google searches re the virus. You could have two slightly different searches using slightly different words, and one search could result in hours of useless research whereas another search immediately results in the problem being quickly and easily solved.
Apparently when using search engines to research a virus, one should use the same words that lots of people are using to describe the virus, not words and phrases that a small minority are using to describe the virus. Apparently it is advantageous to leave out little details that one would think would help to narrow down the search results to what is needed, because most people working on the subject leave such little details out of the pages relevant to the subject.
Seems it's wise to: not to get bogged down in the results produced by one search, before experimenting with a few different searches using a few different terms; be sceptical with regards to persons who exaggerate re how difficult and complex a task it is to remove the virus; start with the simplest solutions available and work your way upwards to more and more complex solutions; and, not be panicked and stampeded into prematurely spending lots of money on an expensive solution, or prematurely getting involved in complex difficult solutions.
Fact of the matter is that for any given computer infection, apparently, there are an unbelievably large number of pages pointing to sub-optimal solutions.
ESET called their solution to Mebroot, a "Mebroot removal tool", and a "Mebroot remover", and a "standalone malware removal tool" (http://kb.eset.com/esetkb/index?page=content&id=SOLN2372 ). Kaspersky called their solution to "Google Redirect", a "disinfection of an infected system", a "malware remover", and a "malware family utility". I estimate the use of such phrases will lead to quick and easy successes when fighting off viruses.
Labels: computer viruses, eset, google redirect, kaspersky, malware, mebroot, removal, remover, standalone, tools, utilities
posted by David Virgil at 4:31 AM
0 Comments:
Post a Comment
<< Home