Removing a virus.

[TheSuspect]

To cut a long story short, my friend ended up getting a virus on his laptop. I thought I'd be able to remove it, but this seems to be a bit more difficult than I expected. I tried doing a malwarebytes scan and removal, but that hasn't completely fixed the issue. I tried deleting weird folders installed on that day in his temp folders in safe mode, but that hasn't helped either. Desperation brought us to a Windows defender scan, which obviously didn't help either. It's also apparently removed ~200gb worth of files from his laptop, though he can't identify what he's lost. 

 

The virus changed his default browsers to some google custom search, and he's not able to visit google anymore. (It gives him some error and takes him back to custom search.) If he tries using any other search engine, it immediately goes back to custom search. We can't find out how to remove it on chrome, so we uninstalled and reinstalled, though that didn't help either. It's affected Edge and Ie as well. 

 

At random times his command prompt would randomly pop up and execute a command, though we don't know what command is being executed. Any ideas on what we can do to clear the virus? 

[Droidbot]

Idea - back up all of his crap that's personal, then re-install the OS.

[Megah3rtz]

reinstall windows immediately 

[You_are_a_cunt]

full drive wipe and reinstall.

 

That or load up an Ubuntu live image and start going through files one by one, like the in bad ol' days

[Crazymarf]

you can try adwcleaner, but like the others suggested, backup and reinstall is maybe the best option.

[m0k]

yeah back up all the files he needs 

or if you cant access them, boot up ubuntu off a flash drive and then backup files from there

 

and if hes on win10 you have the option to do a clean reinstall of the OS from the control panel

[corrado33]

I'd personally like to hear the long story about how he got the virus.

 

I'd imagine it involved one or more of the following words "torrents, porn, or stupidity"

 

The reason it's redirecting you is because it changed your DNS servers in your network TCP-IP settings.

 

I'd boot in safe mode, put an updated version of a virus software on a usb drive, then install it (in safe mode). Then do a FULL SCAN, not skipping ANY folders. Also install malwarebytes on there, and a rootkit removal tool, and spybot search and destroy. 

 

If that doesn't work, then search (with another computer) the site it takes you to when you try to access google. I'm sure there will be answers there.

 

 

[dj-lucas]

I recommend going to this site on any PC http://www.bitdefender.com/support/how-to-set-up-a-bitdefender-rescue-cd-1249.html

create a bootable USB and use it to boot that PC and do a scan. This has helped me a few times because it's Linux-based.

If that does not help you can also use it to backup your data and reinstall windows. Make sure to scan the backed up data before using it with your reinstalled windows!