Completely removing "Whitesmoke"

Discussion in 'ESET NOD32 Antivirus' started by m_albert, Jan 5, 2012.

Thread Status:
Not open for further replies.
  1. m_albert

    m_albert Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    5
    Location:
    Fairbanks, AK
    Gurus,

    I was infected last night with some Whitesmoke components, after installing some freeware that at first glance, looked legit enough.

    I have Nod32 v5, and as soon as I opened Chrome and toolbars started installing, Nod32 sprang to life, blocking, cleaning, etc., and the toolbars were gone, and as far as I can tell most of the "bad" parts were gone. I immediately ran a full scan with Nod32, which found nothing, and a full scan with MalwareBytes, which also reported nothing.

    However, when I use Chrome (haven't tried another browser yet), a lot of my pages are still redirected, and I can't do searches in the omnibar, Whitesmoke immediately redirects me to a whitesmoke URL and Nod32 blocks the page from going there.

    Any ideas on what I can do to fully remove the lingering traces of Whitesmoke that still remain?

    Thanks for your time,

    -Michael
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. m_albert

    m_albert Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    5
    Location:
    Fairbanks, AK
    Thank you Cudni!
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Also: submit the site to ESET for further analysis. WOT scorecard for Whitesmoke
     
  5. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    Also check your network settings as it may have changed your DNS servers
     
  6. m_albert

    m_albert Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    5
    Location:
    Fairbanks, AK
    Thanks folks for your great advice. It seems that Nod32 did indeed prevent any major intrusion by the Whitesmoke stuff. My ongoing problems with Chrome were finally solved by simply uninstalling Chrome, rebooting, and re-installing.

    After that, no more page redirects or warnings from Nod32.

    Thanks again for all the help!

    -Michael
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome for the assistance, I have submitted an infected file to ESET for analysis since the offending content is blacklisted
     
Thread Status:
Not open for further replies.