virus/malware keeps redirect google searches to cliccker.cn - Hardware & Software

[QUOTE=KorJax;16766036]You mean something doesn't exsist like that? I tried doing reg.exe but when I did the delete parameter it said "Access is denied".[/QUOTE] try running "reg.exe" in safe mode. Unless you did?

Nah I didn't. I'm thinking about just reinstalling XP or dual-booting into Windows7 here... it will be a huge pain in the ass to do with all the data I'll need to back up and reinstall but I'm sick of getting issues. My CD burner isn't working again and I'm starting to get BSOD's on windows startup in normal mode again (and chkdsk isn't fixing it this time).

My dad ended up with this virus not to long ago. Basically, it manages to hide itself and also prevents downloading and installing some virus cleaners/checkers. If it does get found on a virus scan and deleted, it somehow recreates itself straight away. Unfortunatly, I had to reformat, and so far that's the only "cure" I've found on the net so far.

[QUOTE=cdlink14;16751922]Ok, I found the true culprit. "Global Skynet Virus" ( seems to be completely new, unrelated to the 1994 virus ) and the cure, was to run hitman pro [url]http://www.surfright.nl/en/downloads/[/url] The virus creates the following files ( completely invisible to explorer ( rootkit )) C:\WINDOWS\System32/SKYNETmkidotgw.dll C:\WINDOWS\System32/SKYNETmqjbpfyk.dat C:\WINDOWS\System32\drivers\SKYNETonhqhxlv.sys C:\WINDOWS\System32/SKYNETdbosrqrs.dll C:\WINDOWS\System32/SKYNETtympmyod.dat Ran through with that, it found the skynet virus inside my pc. It then asked me to register to remove it. Instead I just clicked the " get 30 day trial key " it auto acquired the key, and then removed the virus. Afterwards I uninstalled the hitmanpro program, and everything is running smooth again.[/QUOTE] This worked for me also. THANKS!!

Hitman pro almost fucked my sistem even more for me...when you run it, it secretly installs itself to your c drive, forces an install registry key, and then forces itself to run at startup without it telling you. Because the program is highly unstable (not just from me but I've heard this when I googled it too), everytime it would stealth-start up on my PC to run a scan it would cause a BSOD and crash the system. I REALLY don't reccomend you use the program unless you feel confident that it will work and don't care that it may have the chance to permanently destroy your registry.

[QUOTE=KorJax;16779244]Hitman pro almost fucked my sistem even more for me...when you run it, it secretly installs itself to your c drive, forces an install registry key, and then forces itself to run at startup without it telling you. Because the program is highly unstable (not just from me but I've heard this when I googled it too), everytime it would stealth-start up on my PC to run a scan it would cause a BSOD and crash the system. I REALLY don't reccomend you use the program unless you feel confident that it will work and don't care that it may have the chance to permanently destroy your registry.[/QUOTE] I think that you're better off formating. Hitman pro worked out perfect for me, and the guy above you. So there has to be something else in the works here also...

Well it's not "just me" having the issue if this website is to be belived: [url]http://www.surfing-safe.com/spyware/hitmanpro.php[/url]

[QUOTE=KorJax;16780550]Well it's not "just me" having the issue if this website is to be belived: [url]http://www.surfing-safe.com/spyware/hitmanpro.php[/url][/QUOTE] That's a old article. Hitman pro used to be a script/macro that performed many of the programs shown on that page automatically. Since then it's evolved into it's own scanner.

My best bet is alot of the google redirection stuff is rootkits. I encountered a more comical and less malicious version fo this behavior at my work. Going into firefox and disabling scripts on Google.com with noscript resolved the issue. My supervisors made me reformat the computer anyways.

Check your hosts file in C:\windows\drivers\etc by opening it with notepad, if there's anything like "www.google.com*" or the like followed by "cliccker.cn" delete the line and save the file.

Neither entries exist in my hosts file.