(The quickest way to register)

Forum

  1. User picture
    • Soleiloquy on Sun 15 Jan 2012
    • 02:32:06 AM UTC

    How do you get rid of MediaShifting redirect virus

    I usually never go on any weird sites and therefore have never had any real infections, but I foolishly was looking for a free download of typing software and ended up get some seriously narly stuff on my PC.

    I realized right away that I had a worm and used both Malwarebytes which I already had and superantispyware.com per the suggestions I found online..but it did not get rid of the malicious and rather sticky "mediashifting" bug. It's replicating itself, I manage to have it blocked off, and each time I run malwarebytes etc I scoop up as many as I did the time before, even when I run them back to back. I've never had more than a couple bugs to quarantine when I've run this sort of software and now each time I run it I have 10+ red alert level bugs. It's crazy, and neither of these programs have eliminated it, the suggestions I've found online for removing it are completely useless and some from malicious sites themselves.

    Can Anyone Help me?

Comments:

  1. User picture
    • leofelix on Sun 15 Jan 2012
    • 02:46:19 AM UTC

    RE: How do you get rid of MediaShifting redirect virus

    hello
    please download TDSS Killer (by Kaspersky)
    http://support.kaspersky.com/faq/?qid=208280684
    Unzip and run it (possibly in safe mode)
    Then read here
    http://www.bleepingcomputer.com/forums/topic434663...

    festina lente (hurry slowly)

  2. User picture
    • c۞g on Tue 17 Jan 2012
    • 06:22:19 AM UTC

    RE: How do you get rid of MediaShifting redirect virus

    MediaShifting requires a bit more defining...

    Similar problem on an older XP SP3 machine
    it started out as fave AV, acquired here: meetonearth

    Once the Fake AV was removed, what was left is a [rootkit?] which:
    * blows up your RAM = process: services.exe is extemely huge in size (70% of available RAM) also causing high CPU usage (90 - 100%).
    * After time, generally about 3 hours, services.exe reduces to about 40 - 50% of your available RAM; CPU usage drops to about 20 - 25%
    Any browser, do a search on any site (google / bing / yahoo! / etc) and you are presented with significant results, but are redirected to other non-related sites with high HTTP requests utilizing various trackers. You can close your browser(s) and wait awhile, return and you'll see IE pop-ups from various advertisors.

    TDSKiller = no detection
    RKil = no detection
    SmitFraudFix = no detection
    DDS / HijackThis = no detection
    MBAM = no detection
    SuprAntiSpyware = no detection
    Avira Premium 2012 = offered some warnings at initial detection, but failed to stop the malware installation; further scans = nothing detected.

    Infection date was 08 Jan 2012
    Continuous updates for MBAM / SAS / Avira still result with no detection.

    Today the HDD failed to boot, so...
    I decided to break out an old 80GB Seagate drive, low-level format it, and install a new copy of XP SP2 (had one laying around, suppose it was time to break open the shrink wrap), then came XP updates - took longer than HDD reformat and OS install...
    Now the old drive is drive E:/ but XP refused to read files / directories; had to go into SafeMode as Admin and force User Permissions on the old drive

    It appears that this malware
    * hides quick launch / start menu / Administration tools / and a few other system folder contents and places them into temporary storage locations - you do NOT want to delete temporary riles or run CCleaner (for example) - so you *think* items are "gone."
    * Once you remove the FakeAV, then temp folder permissions are changed and in a few instances, some of the files *are* deleted.

    My mistake was from laziness (or old age...)
    I opened Opera after a recent update and forgot to go into the addons / plugins area and turn OFF (Sun) Java (old age) - shouldn't be an option for browsers, Java should be restricted to Intranets only. The laziness came in to play when I didn't open Opera in a sandbox environment.

    IF you have the same malware that I acquired, then my advice is to install a new hard drive and install your OS; start from scratch.
    Hopefully, you have one of those 2TB / 3TB USB drives that you backup your data onto, so there's really no "loss" just the time and trouble ...

    ∞ - and you and I Opto, ergo sum

  3. User picture
    • Mikehh on Wed 18 Jan 2012
    • 01:39:39 AM UTC

    RE: How do you get rid of MediaShifting redirect virus

    damn. thats destructive. What you could do though is remove it manual... nah that would be insane.

    - I wanna be the WOT!

  4. User picture
    • Jazspeak on Wed 18 Jan 2012
    • 01:10:43 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    Wipe the system drive, check the BIOS to make sure that the settings are as they should be, and re-install the OS. I hope that you have kept backups of your important files.

    ~Music is not just for the Masses~

  5. User picture
    • Dutch Mountain on Thu 19 Jan 2012
    • 12:24:07 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    @ G7W :
    If I understand you correctly, you have received this nasty one by visiting meetonearth ?
    Though the O.P. seems to have this from another site - A bit confusing situation IMO
    BTW : Which site the O.P. has visited would really be nice to know
    See : https://www.mywot.com/forum/19118-problem?comme...

    Raise the dike ( aka "Dutch mountain" ) ! Or the internet gets flooded and ends up as a stinking swamp ! - The fight for a durable world wide web goes on. Read more at : http://peterswebsafety.com

  6. User picture
    • Soleiloquy on Sun 12 Feb 2012
    • 10:55:05 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    WOW! Thanks so much for all of your help!

    I just got the notice that there were replies re this topic. I thought WOT would email me letting me know, but I just noticed as I was here looking up a website.

    I was super desperate to get the virus off my computer, as it was spreading and there were more and more every time I ran malwarebytes, so when I didn't get a response right away I just kept hunting until I came across the thread on "bleeping computer" the combo of tdsskiller and combo fix as they suggested worked like a charm. I did have to use Malwarebytes to remove the last of the rootkits as tdsskiller didn't for some reason, but after combofix nailed the core problem I just kept running alternations of tdsskiller, malwarebytes and superantispyware until there weren't any traces left.

    As of now I haven't had any perceivable problems, and my pc is pretty much back to normal minus the fact that it seems to be running a little slow.

    I don't recall exactly what website caused the problem, but it was a torrents free software type of site. I certainly learned my lesson. I read many blogs, comments and advice after I foolishly infected my pc by clicking the wrong button on a sketchy website. Now I'm much much more careful, and I know what to look out for. I am incredibly grateful to all the super computer savy people out there who take the time to inform those of us who are novices.

  7. User picture
    • Dutch Mountain on Mon 13 Feb 2012
    • 05:50:32 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    Originally posted by: Soleiloquy

    As of now I haven't had any perceivable problems, and my pc is pretty much back to normal minus the fact that it seems to be running a little slow.

    Slow? I should keep a sharp eye on that, until you're 100% sure that the machine is clean.
    Maybe your hard disc needs to be defragmentated after all these scanning actions.

    ** Too bad you don't know the source website anymore.
    We should have rated that one deep red.

    Raise the dike ( aka "Dutch mountain" ) ! Or the internet gets flooded and ends up as a stinking swamp ! - The fight for a durable world wide web goes on. Read more at : http://peterswebsafety.com

  8. User picture
    • Jazspeak on Mon 13 Feb 2012
    • 07:14:57 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    Originally posted by: peterbosch
    "...100% sure that the machine is clean."

    The best way of ensuring 100% cleanliness of the machine is to do as I suggested in my posting above.

    ~Music is not just for the Masses~

  9. User picture
    • Soleiloquy on Sun 25 Mar 2012
    • 05:41:46 AM UTC

    RE: How do you get rid of MediaShifting redirect virus

    @Jazspeak I appreciate your advice, but I don't want to wipe my hard drive and have to reinstall the OS and a ton of software; so if at all possible I would not do that. If my computer was dying and that was my last resort I would-but otherwise I don't consider that a viable option.

    In general my computer is back to normal. It could use another clean out, but the advice found on the Bleeping Computer thread did the trick. =)

  10. User picture
    • evilfantasy on Sun 25 Mar 2012
    • 06:26:21 AM UTC

    RE: How do you get rid of MediaShifting redirect virus

    @ Soleiloquy

    Check your Private Message's please.

  11. User picture
    • Jazspeak on Sun 25 Mar 2012
    • 01:00:09 PM UTC

    RE: How do you get rid of MediaShifting redirect virus

    Originally posted by: Soleiloquy
    "...don't want to wipe my hard drive and have to reinstall the OS and a ton of software..."

    It is really quick and easy to do.

    If you have a spare hard drive that is large enough to clone you system drive onto then you can do so using this software, and when the drive you use is infected, or even only suspected of being infected, then you just make the clone the boot drive and you have your computer back to a clean state complete with OS and all of the software installed when the drive was clean. Then use the partition software to wipe the infected drive and copy the clean clone back onto the original drive, and reselect the original drive as the boot drive. Disconnect the clone from the system and carry on as if nothing had happened.

    ~Music is not just for the Masses~