Allertsearch virus: How do I get rid of it?

[RACECAR]

So I noticed the past three days that using google has been complete hell. Everytime I click a site in the results, I get redirected to allertsearch.net
At first, I thought it was just google but soon noticed the same thing happening with Yahoo as well. After doing some research via my PS3 (which is unaffected by it), I found out that site is a web browser hijacker virus that appears as a search bar and home page. Since I'm basically crippled in trying to get help without being redirected to the site, I'd like for anyone here to help me get rid of it. Where and what folder would I go to in order to get rid of it? I just want it off of my system immediately.

 

[nick09]

Here you go. Good luck getting rid of it. I always never add any search bars to my browser. Most of the time it's just a pain.

 

[RACECAR]

Bad news: That didn't work. I was not able to find those files in the registry and my Virus protection program is not detecting it even after I've run many scans on my laptop. Right now I got my dad trying to figure it out so I'm posting this from my PS3. I do read that its installed in the browser itself so maybe if I uninstall it and reinstall, that might work?

 

[Infinital-NG]

http://kaspersky-tdsskiller.en.softonic.com/

Try that.

What A/V are you using?

Put malwarebytes http://malwarebytes.org
on your system.

 

[PAPPACLART]

are you able to use your computer to go and downlaod another virus software?

If not use the PS3 and download to a portable HD or memcard.

try superantispyware http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

and Avast. http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

That will sort it pretty much without doubt.

 

[RACECAR]

Its been fixed. My dad has been able to get rid of it so issue has been solved:tup: Thanks to all who have tryed to help me, I'll keep a list of those sites in case this problem occurs again.👍

 

[archangelz]

Hey I have just gotten this annoying virus. How did your dad remove it? I have tried AVG, avast, malwarebytes, spybot search and destroy but nothing even detects it?

 

[RTSolvalou]

Gopher prefix hijack?

 

[DQuaN]

If google links are being hijacked, I've found that Malwarebytes' and SuperAntiSpyware struggle to get rid of it (but are excellent for any other problem and highly reccomended by me).

To get rid of the hijacks you're best off running Combofix.

If that doesn't work you'll have to run HijackThis and post the log.

 

[RACECAR]

Hey I have just gotten this annoying virus. How did your dad remove it? I have tried AVG, avast, malwarebytes, spybot search and destroy but nothing even detects it?

I kinda wish I knew how he did. Alot of times when the programs don't work, he usually ends up finding it and getting rid of it himself.

 

[The Stig Farmer]

Similar situation. Downloaded Winzip (recommended software lol) and 'Vosteran' came bundled with it. Searching, it appears to be one of these browser hijackers.

Help appreciated...

*on Chrome. No other browsers affected.

 

[TB]

@The Stig Farmer - I've run into Vosteran on a few machines at work. Malwarebytes took care of it but then you also need to look at any add-ons in each browser you have that look questionable for each user on the machine.

 

[Lizard]

Also reset your home page etc.

In fact reset all chrome settings.


Did you get other viruses such as storm watch etc?

 

[The Stig Farmer]

@The Stig Farmer - I've run into Vosteran on a few machines at work. Malwarebytes took care of it but then you also need to look at any add-ons in each browser you have that look questionable for each user on the machine.

Thank you. 👍

Also reset your home page etc.

In fact reset all chrome settings.


Did you get other viruses such as storm watch etc?

Settings reset.

Pretty sure there is nothing else, at least nothing has flared up.

 

[RACECAR]

In an odd twist, I recently got rid of a similar highjacker Virus off my Dad's computer and in doing so, found out how they work (at least this one in particular):

It disguises itself as various programs (or add-ons in the case of Chrome) you don't ask for which install themselves. Then, they alter your browser settings from your normal home page to a false homepage (Say like allertsearch.com). I looked up the virus via my tablet and once I identified the questionable programs, I went uninstalling all of them. I then used a Virus program (Malwarebytes if I recall) and got rid of the roots. Before I was done, I noticed the browser still kept going to the questionable site. This was because, as mentioned before, the hijacker altered the home page settings. I simply went in the internet settings, put back in the home site that was there before and it was all done. It ran much better and finally stopped going to that site.

 

[Lizard]

Pretty sure there is nothing else, at least nothing has flared up.

Are you sure? It usually comes bundled with other viruses.

Do you get random pop ups asking you to update your flash player for example?

 

[The Stig Farmer]

No.

edit- adware maybe? It seems to be a GTPlanet-specific issue, but I have been noticing more colourful "download now" ads.

Would this be picked up by antivirus software?

 

[TB]

@The Stig Farmer - Completely forgot one other thing. Go into Control Panel, sort programs by date, look for any programs that look out of place and uninstall any that share the same install date. All of the questionable ones should be pretty recent so they'd be towards the top of the list.

 

[The Stig Farmer]

Can't find anything else suspicious apart from the WinZip File Association Helper. But when I got to uninstall it, it brings up an FAH64.msi file in a user account control window saying "Do you want the following programme to update software on this computer?" as if it was installing an update.

 

[Grayfox]

In future use this method
Download Combofix, Malware bytes, spybot S&D
Install malwarebytes as free trial and spybot
update malwarebytes and spybot

Run Combofix(doesn't work on win8.1(rare chance of it killing your machine))
After that run malwarebytes and then spybot to remove any traces

This method works very well for family/friend PCs that get infected.


Lastly
Never click on those ads.

I would recommend you download and install google chrome and get the Adblock Plus plugin

Any thing that says "you won a ipad" is a lie(like the cake) and if you get a message that says your PC is running slow click here to start a scan clicking no is the same as clicking yes
once you choose to run a file that is infected your anti virus wont do much as you have given permission for that file to run