Unbeatable Virus? [Resolved] (HP Dv6 Browsers go ballisitc)

Hello

I'm having an issue with an extremely frustrating virus on my laptop. It's an older laptop, an HP Pavillion DV6 but it still runs perfectly fine. It's current OS is Windows 7 64-bit. Up until a few months ago it had no issues whatsoever.

Until this virus appeared. I did not download or install anything during that period, but I kept having these issues. The virus hijacks any installed browser and will continue to open new windows until the system memory runs out and Windows crashes. The virus only seems to get aggressive when I'm running a program of some kind, ie; a game or virus scan.

What it does

The virus will do one of two things with my browser at any given time. It will either:

  • Open new browser windows at an accelerated rate during games or other programs

Or

  • Change the browser page I am currently on to a new blank page rapidly.

This makes it next to impossible to surf the web, or play any games on this laptop.

What I have tried

I have tried every known Anti-virus, Anti-malware, Anti-SpyBot, RootKit, everything.
I even used the laptop's built in recovery drive to restore to factory settings.

The virus is still there, and continues to wreak havoc on my system every time I boot it up.
I've been told my only option is to re-install Windows 7 64bit from a disk, but I do not have a disk or even a CD burner to make a bootleg copy.

I have also tried uninstalling all browsers on my system, including Chrome, Firefox, and Internet Explorer (which the virus is capable of hijacking all of these). I have used the cmd command lines to force an uninstall for Internet Explorer 8, but it persists on the system and will not be removed.

I have tried using google to search for my exact problem, but I can't find any results or forum posts for a problem even remotely close to this one. If there's anyone who can offer advice for this issue, please help.

Does your laptop have a partition on it to set it back to" factory Defaults"?

Yeah sounds like you need to format/wipe the drive and start fresh to be honest. If you haven't got the tools then you may need to find someone who does or take it into a computer store.

You might be able to download a legit ISO from Microsoft (not sure if they still do this) and then make a bootable USB.

1 Like

It a clean re-install wont fix the virus it could be one of those types that infect the bios chip on the mobo.

Get a win 7 ISO from microsoft and make a bootable usb for a fresh install.

I'm not entirely sure, but if that is the case it would make sense as to how the virus has managed to persist for this long. My bet is yes, the recovery is most likely on a partition within the C drive. I might have a separate recovery drive, but I'm not entirely sure.

If you open "My Computer" and there is an other "Local Disk__" other than C you may be able to reset it back to the way it came new, you will want to save anything you want to keep on an external drive.
Google up how to restore my (insert you laptop) to factory settings and see if that helps. Worked for me on an old Lenovo Think Pad.

Since I've already lost all the data during the first System Restore, I don't really mind re-installing all the basics.

Also, there is a drive named Recovery (D:) so It's safe to say that is the recovery drive. I'll give that advice a try and see if it helps. Thanks.

2 Likes

Clean install.
If you cant read the serial underneath the laptop - use a serial key grabber application.
Wipe the hdd and reinstall the OS - download ISO appliciable to the COA.
(I would probably run DBAN on the disk before installing as well. Just for paranoia's sake.)

you could try to make a bootable virus scanner usb stick, on a different computer of course.

here's an example from bitdefender: http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html

with something like that you won't have to start up the os to scan and terminate the virus.

the virus could be in your boot sector you can save your self the trouble of reinstalling by deleting the your boot sector using a linux live cd and then do a windows startup repair. you can also run a antivirus on linux to scan for infected files. it can scan a little deeper since it can ignore windows file permissions.

that said if it only high jacks web browsers theirs a good chance you can get rid of the virus using advance system care's browser highjack tool. virus's of this type usually hide in your appdata folder and act as a browser plugin.

This or an Avast boot-time scan would be my suggestion as well. If you've tried what you've said then either these options or re-installing is your best bet right now

I dealt with a similar thing called "omiga plus" on a friends laptop. Tried every malware remover and Antivirus. The way these things work as far as I've figured out is they inject an extension to your browser shortcut but dont actually install anything so you dont have anything to remove.

So after 4 hours here is the retardedly simple way I beat it:

Click properties on your browser shortcut, where it says target it will say something like
"C:\Program Files\Internet Explorer\iexplore.exe HDSFK321J9U9MDKAU"
Delete everything Extra to make it look like C:\Program Files\Internet Explorer\iexplore.exe"
Done. GL and God speed xD

1 Like

I just checked the target directory for my browsers, and they all look normal. There's no extension there, unfortunately. I was hoping your easy fix would have been the solution before a last resort. Sad to say, this does not appear to be the same piece of malware. :c

I attempted to create a bootable virus scanner on the only USB I have available at the moment. It was too small, only 700mb. I moved recently so I don't have any bigger USB drives or CDs for burning windows isos onto. Funny enough, my only blank discs on hand are also 700mb. Huh. I did however ask someone in my family to send me a burned copy of windows 7 in case I need to nuke it if nothing else works. It should arrive in a week or so. Til then I'll keep trying your guys' suggestions.

Also I've had the virus for about a month now, so I think I'm gonna name it Fawks. Or maybe Frank, I dunno.

@malakaitheninja
just gonna leave this here https://www.reddit.com/r/TronScript/comments/3a1dw1/tron_v636_20150616_fix_for_minor_ntp_issue/

runs multiple virus engines, file cleaners, defrag, registry fixes, and patches software.

it is best to run it in safe mode, you launch it via command line
Ex: downloaded and extracted into your downloads folder.

  • open cmd.exe via windows key and typing cmd
  • cd C:\Users\Your User Name Here\Downloads
  • dir
    • dir will show the files in the downloads folder
  • Tron.bat -a
    • should start the script and just let it run.

Also depending on what the virus is, it may be living in system restore points/hidden partitions/bios chips/mbr/recovery partion/who knows where else.

I advice you delete all the system restores, and look in disk management to see if any partitions are there that are not shown in my computer. also if you have any usb storage plugged into the machine it may be on that too.

It is very possible that since you did a factory reset and it is still there, that it is living on the factory reset partition and you will have to scan that/delete it to kill the virus. Do not delete it unless absolute last resort before you wipe drive and reinstall windows

it looks like this only affects web browsers?

it is possible it is a hijacked extension or something like. if you uninstalled all browsers also search the hard drive and delete there folders too. do not do this for internet explorer

1 Like

Everybody should be making OS disk images and using 1+ drive for storage eliminates all virus issues. Wipe the drive write OS image back up and running in 1 hour. Really consider doing this asap you will never deal with this type of issue again. Also save your old computers and make test boxes out of them for removing viruses from hard drives.

One. he has a laptop not a desktop. Two a regular user isn't going to setup a virus station.

The suggestion of an OS disk image and using 1+ drive storage might not protect you if a rootkit was built into the driver NTFS.SYS on the prior OS because if it loaded it self into NTFS metadata on the storage drive it could reinstall itself. This scenario, while unlikely, is still possible.

http://www.bleepingcomputer.com/download/rkill/

http://www.bleepingcomputer.com/download/adwcleaner/

make sure you grab an offline update for malwarebytes get all these programs onto a usb drive using another computer.

Disable all your network devices on your laptop ie ethernet and wifi/bluetooth

First thing before you re enable your network make sure someone did not assign a proxy because they are just going to resend you the virus.

PM me if you have questions about what to do with this software and what order to do it in. Bleepingcomputer.com is a great source for removing any virus related issues.

Your pc still functions and enter windows so between all of us who are helping we can get you back up and running .

Also faronics deep freeze app is a great tool if you frequently get viruses.

1 Like

Are any of your browsers sync'ed or does any of your browsers save your personal settings ? If so un-synchronize, disable and wipe all extensions. Here is a fun little fact. Malware in your extensions will follow you to any device that you use. Ask Chrome about that. :) It is possible for all them. So even tho you clean install and scrub your machine, you will be right back in the same boat once you link to your browser and your account. So be sure to scrub them too.