Virus?

[Stuarty]

I have noticed when on internet my browser will open another page by itself. I am also experiencing difficulty with programs opening. This applies to McAfee too.

I did manage to get McAfee to open last night and did a full scan and it found nowt. Dunno if its relevant but I have less than 9Gb available on a 69Gb drive.

Can anyone tell me what might be going on?

Ta

[Roger]

What's the page that opens?
Get rid of MacAfee, there are much better around
Download and run Malwarebytes

[Stuarty]

The page that opens is a search engine which lists websites. Another page that opened was a poker game website.

Will Malwarebytes provide the same protection McAfee does?

[Rubianroaddog]

For Free anti virus I use Avast, sounds like you have a browser hijacker, download malwarebytes, install run in safe mode(with network), download updates for malwarebytes, and then run it. That should kill your hijacker.
Cheers
Mick

:60277EB7B 04744289C0

[Roger]

Malwarebytes is a removal tool that may remove the hijacker. Don't run it in safe mode unless it won't run in normal mode. It's designed specifically for normal mode and won't pick-up some of the rootkit hijackers in safe mode

[Stuarty]

Thanks for the info guys.

I ran Malwarebytes in normal mode and it found 250 naughty bits.

Unfortunately the original problem still exists The websites that are opening seem to be random.

Any other advice?

[Roger]

There's a really nasty rootkit infection doing the rounds at the moment that needs checking first

Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Paste the log here

I've got limited internet access for the next few days, so it may take me a day or two to get back

[Stuarty]

Thanks Roger.

I note I am also getting a message periodically which says

"Host Process for windows services stopped working and was closed" When I close this dialogue box another window in my browser opens saying:

Download updates for Windows

There was a problem with Windows that caused it to stop working correctly.
Your computer might be missing updates that can help improve its stability and security.
Go online to check for and install Important and Recommended updates.

1. Click to go online to the Windows Update website
2. In the left pane, click Check for updates. If any updates are found, click View available updates.
3. Select all Important updates, and then click Install. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
   Note
   If you have turned on automatic updating, you might not see any Important updates listed. If this is the case, the updates have already been downloaded to your computer.

I only load important updates but dont load the others.

Dont know if this is linked to my problem?

I will follow your instructions and post when available.

Thanks again

[Stuarty]

Roger,

No Joy

Carried out your instructions as listed but my laptop crashed 3 times and each time the log could not be saved.

At initial opening of the Gmer program it has a short list of items in the large box. I notice one says windows 32 had a suspicious change (or words to the effect). Dunno if this is relevant.

Grateful for any further assistance.

[Stuarty]

Have been able to catch the websites to which the newly opened browser window points to.

It starts with

Code:

 http://correspondent.net/key/?qs=899f91bbce4bfbf6c564b1366322e76a2c8737cfe2ebe9f998cbffc6c54b921b98c6daed193768035c0b0cf30be50a49&t=microsoft+security+essentials

It then moved (this time) to

Code:

 http://www.topdaofinder.com/check/?sid=37574f11df3a1bd33beec9b58524cf0e&cid=0d8dd8f01e41387907204c58d92386b6&did=6

Also when the message "Host Process for windows services stopped working and was closed" is received and the dialoge box closed it directs to

Code:

http://      www. 



update. 



microsoft. 



Com / 

windows
update 

/ 

v6  

/
default.
aspx

I couldnt send this message with a third piece of code. When that was included in this message and I tried to Preview Post a page opened telling me the connection had been reset.

WTF!

NOTE: had to cut up link to get it to accept.