Adware problem - Megasearch Infection

Discussion in 'ESET NOD32 Antivirus' started by Bowmont, Dec 13, 2008.

Thread Status:
Not open for further replies.
  1. Bowmont

    Bowmont Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    2
    In spite of having NOD32 installed our PC has been infected with WIN32/ADWARE.BHO.Megasearch and this is causing many headaches whenever we go online ... we can be typing an email or posting on a forum when a new page suddenly pops up showing advertisements for anything from PC WORLD to ANTIVIRUS software (of all things).

    We run NOD32 after every internet visit and update it regularly so am not sure why or how our pc picked up this nasty infection. NOD32 won't get rid of it and just tells us that the file infected is in C:\System Volume Information\_restore (followed by a lot of numbers and letters)

    We "searched" online using the Key word MEGASEARCH and were guided to lots of sites that promised they could "fix" the problem. We chose one that we could pay in English currency and proceeded to spend £30 to have it installed. It then scanned our PC, reported 7 infections and then informed us they'd been "fixed" BUT the Megasearch one is still there.

    Can anyone tell us a way in which we can rid our pc of this annoying infection? We'd be eternally grateful. Thanks
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    What I can tell you is that the location Nod reports the infection to be in is System Restore. No anti-malware program will be able to clean it there. Right click My Computer, then left click on the Properties. Left click on the System Restore tab. Put a check mark in "Turn off System Restore on all drive". Then rerun your scans.

    Would be curious what program you bought to remove it. Hopefully not a "rogue" application. But that may be for another thread.
     
  3. Bowmont

    Bowmont Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    2
    I don't know about a "rogue" application ... it's named SPYDOCTOR and it hasn't done it's job so hubby is going to try and get a refund tomorrow and when that's done we will remove it from our PC. Meanwhile I am afraid your SOLUTION didn't work and we still have the little "pest" aboard.

    Once we are back to having just ONE virus software onboard we may retry your solution.

    Any advice you can give meanwhile would be much appreciated. Thank you
     
  4. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    Have u tried Malwarebytes? It's a good tool for removing malware.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Is THIS the one ? If so, I am sorry to say I think you may have been had and I would uninstall it immediately. Hope you can get your money back.

    Have you installed any software lately? Have any new search bars appeared in your browser? I am guessing you use Internet Explorer.

    What you seem to be infected with is not necessarily a virus, but spyware\adaware. There is a fine line between them but may be the reason Nod does not detect it. No one program catches everything.

    As suggested by CivilTaz you may wish to try THIS or THIS. Neither will cost you a dime for the free versions and are used by many members here.

    I think we are starting to move outside of the Nod32 realm so a Mod. may relocate this thread to a more appropriate forum. Be assured it will continue if\where ever it may be moved to.
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Are you still experiencing a problem?

    In order to help remove these types of threats, ESET has created a tool called ESET SysInspector which can be used to generate a log file of affected areas of the system.

    You can download a copy of ESET SysInspector from ESET's web site at http://www.eset.com/download/sysinspector.php, create a log file and mail it to support@eset.sk along with a link to this message thread for analysis and further assistance by a support engineer.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.