I discovered the malware by symptoms alone. I tried a 5-prong approach using tools, but even combined, they could not get rid of it:
McAfee virus scan
Trend Micro online virus scan
MalwareBytes malware scanner (probably the most useful)
Microsoft Defender
Ad-Aware
The way it typically "happens" is social engineering. A year ago, my dad fell for an e-mail trick. I got the same e-mails, and maybe you did, too, but I just deleted them. They said things like, "CNN Headline News!" And it looked like it was from CNN and requested me to 'click to download my headlines' so my dad clicked it.
This year, he could not remember what he did, so chances are he clicked a link somewhere on a web site. There are a few script exploits which will download a payload from an infected web without the user clicking anything at all. He uses Firefox which is better about that, but probably not infallible.
Those tools even combined could not get rid of the problem. McAfee could see the DNS redirector and delete it, but a watchdog process would just recreate it instantly. I could not kill those even if booting Safe Mode. I needed to boot Linux and mount the NTFS partition and delete the hidden files that way (no longer hidden to Linux though).
My parents kept asking what ordinary people do. I said they are just farked. They pay $200 to the local geek, or get a new PC. Which includes another paid up license for MS Windows.
Sounds a bit like General Motors, doesn't it? |
