Hi I was infected with a virus that is causing some browser redirect and deny permission for executing some applications (I assume it blocks mainly those applications related to security as antivirus)
I don't know what to do, the antivirus AVG didn't get rid of it.
there are redirect fixing utilities that can assist with that. the first thing to check would be his HOSTS files , which can have IP redirections, and DNS, the dns that is used to turn names into IP numbers. Any proxies that are in play.
if the hosts file has names and numbers in it , that are set to point to the evil locations, this would redirect behind the scenes the users requests. open up the HOSTS file that is found on the computer (actually any of them to be sure) , and observe the contents of it.
If the Server that is resolving names into numbers the "DNS server" being used by the connection the users names are resolved out to evil addresses that the DNS resolver sends it to. Check the users Advanced properties in the network connection device, for the DNS and WINS and all that good stuff.
If there is a "proxy" applied anywhere in the system, be that in the internet options for the browser , or a program that is intercepting.
that was the browser ONLY. the next part, is beyond my skill, the manipulation of the systems exe capability or blocking of specific applications to keep the situation from being resolved via virus protection software.
If the virus is lame enough, you can rename the extention of a virus checking tool to .com , sounds really weird to do that. .com files can be executed by the win98 and XP systems, dont know about vista and 7 yet. this cheap trick would allow you to manually startup sometimg like Malware bytes (as tested) , and then you have some capability to proceed.
again beyond my skill, even if that worked, you still would have other things to have to do and check, and refer to more expert advice on the subject.
EDIT: Okay, I just saw this pop up on the first page and didn't realize it'd been asked ages ago. I can't believe I just wrote this whole thing. I'll leave it here on the off change someone finds a use for it since it's pretty generic, but I expect this goes away soon.
NOTE: The below runs a small risk of either damaging your system or not completely removing the virus. Be aware of that before you attempt it.
Start your machine in safe mode (with networking, if that works) and run some antivirus programs. I would start with Malwarebytes Anti-Malware as I've had a lot of success with it when it comes to these sorts of issues. Install it and allow it to update.
To get to the menu that allows you to access the various types of safe mode and some other options, hold F8 as your computer is booting. Try "Safe mode with networking" first, this will be the easiest to work with.
If the virus still causes the same problems in safe mode with networking (some of the more powerful ones can) you'll need to take some more extreme steps. Here's what I've tried in the past with success:
Download the installer for Malwarebytes Anti-Malware. Run it and update it. Copy the installer file and the following files to transfer to the infected computer after the update:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf
This is to manually update the database since you won't be able to do it over the internet. These file locations assume Vista or 7.
Boot into "Safe mode with command prompt" (if you want to try plain old safe mode sans networking with the next few steps you can, that might work to)
Start up the graphical interface - if I recall correctly, the command for this is
explorer.exe
Transfer over the files as you would normally - you'll have to use a flash drive or something as the network won't work. First, install Malwarebytes Anti-Malware (you can do this directly from a flash drive if you like). Then copy those other files into the same place you got them from the other computer (if this computer is also Vista or 7). If you're running another version look up the locations or comment and I'll double check them.
Run Malwarebytes and any virus scanner you like if Malwarebytes doesn't do the job. Be aware that there is a slim possiblity of this damaging your system! It's rare, but I've had it happen before.
This should fix pretty near anything Malware-wise. Not much can ingrain itself into your computer so deeply that safe mode with command prompt is compromised.
EDIT: It might be a good idea to run a registry cleaner afterwards to reduce the chance of the virus recurring or other problems.
