0

A fortnight before, I downloaded a keygen file, which I presumed to be fine, but when I started the installation, I felt there is something weird. So I was about to start the installation, but I cancelled.

After I cancelled and when I opened my browser, I got some hohosearch as my home page instead of other. I did research on it and found that it is more of an annoying adware than anything dangerous.

Few days later, when I was browsing, things freezed for 20-25 seconds and once it started, my internet stopped. When I debugged and check control panel for any new software that could have installed, to my shock, an antivirus tool along with a player got installed. Then I started feeling scared about this adware.

After few days, instead of hohosearch, a new home page with newsearch123.com became my home page. I did not find any tool to remove it and it did not install any software like before, but all of sudden, few days back, I cannot open google or any other sites with HTTPS. The error being thrown as "Invalid Certificate".

So I am sure that this adware has become dangerous and now I am not able to work on browsers because of this.

I did try to troubleshoot all that was mentioned on search engines with the help of my other machine, but there is no help. The system admin has only one solution and that is to format C drive, but I do not consider this a solution, but a flush. What should I do?

schroeder
  • 123,438
  • 55
  • 284
  • 319
NKL
  • 217
  • 2
  • 5
  • 3
    @Stephane I think "home PC infected with malware" and "compromised server" is two quite different things. Very little of the top voted answer to that question applies to this situation. – Anders May 18 '16 at 12:15
  • 3
    Your sysadmin is right. Nuke from orbit is the only safe solution. – Magisch May 18 '16 at 12:58
  • Unfortunately, we are not tech support or a virus removal forum. If your local expert has a plan of attack, please consider it. Trying to find a "solution" to malware tends to be a fool's errand. – schroeder May 18 '16 at 15:54
  • @Anders while you are technically correct, the answer of "rebuild and restore from known good backups" is the correct answer – schroeder May 18 '16 at 15:56
  • In extreme cases, probably not with your case, the adware can nestle itself into the boot, SSM, GPU or even network cards I find this a good read: http://security.stackexchange.com/questions/121100/can-a-computer-virus-be-stored-somewhere-else-than-on-the-hard-drive If someone can add this as a comment, I'll delete this answer. –  May 18 '16 at 12:23

2 Answers2

5

I'm afraid wiping the machine, changing all your passwords from another good machine, doing a fresh install from known good install media, and restoring the data (carefully) from backups really is the only solution guaranteed to clean your machine.

In the trade we call this "nuke it from orbit", and the reason it is the only way to be sure is that you don't know what malware has infected your machine. Even if you disassemble the keygen file to work out what you were initially infected with, modern malware is modular in design; once you were infected the malware may have gone off and installed a variety of other pieces of malware, and they in turn may have installed further infections. You can run malware clean-up tools, and they will find some of it, and maybe find all of it, but you can't be sure.

Graham Hill
  • 15,394
  • 37
  • 62
0

First of all if your system really is infected it is hard to trust it again. But you could try to remove this adware with antimalwarebytes and with hitman PRO.

The HTTPS error you get is the same I got while using bullguard. This could be because of your AV protection. I highly recommend you check your safe browsing section of your AV. If this did not help you I'm affraid your sysadmin is right.

Bomskie
  • 324
  • 2
  • 13