Viberrescue detected 4 more files which supposedly removed and/or quarantined
Still I get the ads
I'm guessing you put the ISO on a flash drive, but did you use Unetbootln (or whatever that program is called) to get it on there in a bootable fashion? Or is your BIOS the culprit?
BTW, dunno the state of wifi (read: WPA2) implementations on those rescue CDs, but if you're near an ethernet cable, they can update themselves to the latest definitions.
Does Opera exhibit the same behavior? Just curious how comprehensive this malware is.
I used the Kapersky Rescue2USB to get it into a USB just as suggested from the Kapersky site.
I dont know what is the fault. I went to the Bios and I have set the priority to the USB when trying to boot instead of CD or HDD.
IE, Firefox and Chrome exhibit the issue but I havent installed Opera yet to try it but I am sure it will have the problem
run hijackthis
better link
http://sourceforge.net/projects/hjt/files/latest/download
click scan
click save logfile
post contents here
Ok.
I have run it and I get a warning which you can see in the image attached. I believe there is something wrong with the host
Here is the log
View attachment hijackthis.zip
I suspect the following findings from the log file
O1 - Hosts: 149.5.18.172
www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172
www.statcounter.com.
O1 - Hosts: 108.163.215.51
www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51
www.statcounter.com.
Now how do I get rid of them I have no idea and I am not 100% sure its them. ANyways I do as what I am suggested by the warning window,I delete them from the notepad but it saves the log in some location, perhaps other than the one it should have because everytime I run "notepad c:\windows\system32\drivers\etc\hosts" they are still in there (paradoxically it tells me the hosts.txt file was save in that same path so it shouldnt have had these entries after I deleted them)
edit: That thing is crazy. I even deleted the Host.txt file altogether from the directory c:\windows\system32\drivers\etc\hosts and when I still type this path from "start->Run" it opens a hosts.txt file with those contents and I have no idea how on earth does it do that when the file is in the recycle bin
Am I doing something wrong?