Searching for websites within Internet Explorer has become hijacked. When I search for a particular keyword(s) using Google or Bing the proper list of search results are returned, but clicking on any of the links redirects the browser to either an internet dating site, shopping site, or dodgy “your computer is infected” site. This behaviour seems to indicate some kind of malware infection, but a thorough scan using Norton 360 (fully updated) does not find any infections. The computer is running Windows Vista Home Edition with Internet Explorer 8.

You are quite correct that the described symptoms indicate a malware infection on the computer. It is surprising that Norton 360 did not detect the infection, but unfortunately there are no 100% accurate antivirus scanners on the market which can detect any infection on the computer, given the predicative and heuristic measures involved when detecting viruses and malware on the computer. You can generally rest easy when you have such a security program installed on the computer, since they can usually detect the vast majority of threats. However, there is always the chance that your computer becomes infected with more of a niche infection which falls through the cracks of the scanner, which seems to be the case in this situation.

Nevertheless, we need to remove this malware from your computer. It appears that this is a browser hijacking piece of malware which hijacks a portion of the web browser and redirects to other internet sites. I suggest that you download Ad-Aware Free (www.lavasoft.com) and Spybot Search & Destroy (www.safer-networking.org). You may have read in previous columns that I also recommend downloading Windows Defender (www.microsoft.com/downloads). This is not necessary if you are running Windows Vista or Windows 7, as Windows Defender comes pre-installed with those versions of Windows. However, for the benefit of other readers, if you are running Windows XP then you would need to download this separately, as Windows XP does not come with Windows Defender pre-installed.

Once you have downloaded and installed these three utilities, launch the first utility (it doesn’t matter which one). Tell the program to check for updates, so that you download the latest malware definition and detection files. Once this has finished, complete a full system scan and remove any detected threats. I then suggest that you restart the computer and complete another scan using the same utility. This will help check that all the detected threats were removed and have not returned. Additionally, if any residual elements of the threat could not be removed on the first scan then this will provide another opportunity for the removal of those elements. Once you have completed the scan and removal process with the first utility, repeat this procedure with the other two utilities. By the time you have finished with all three utilities hopefully the problem has been fixed.

Even though the problem may be removed through using the anti-malware utilities, I always remain cautious after the computer has been infected with a virus or malware. In actual fact, I am of the belief that once a computer has been infected that computer can never be trusted again. This is because you can never be 100% certain that the threat has been removed. The antivirus and anti-malware utilities do a good job at removing most threats, but it is always possible that something has remained behind and is still running in the background (with no obvious signs) but is still perhaps gathering data or logging your computer activity. Since computers are often used for sensitive transactions, such as internet banking and other financial-related business, I am not willing to take this risk. As such, my recommendation after having an infection on a computer is to backup any important data that you wish to keep (such as documents and email) then re-partition and reformat the hard drive and then reinstall Windows from scratch. As you are re-partitioning and formatting the hard drive, this will remove all data from the drive, including threats such as viruses and malware. In many cases, this is a much easier and more reliable method of removing the threats from the computer, since it is guaranteed to work first time.

Users often ask when backing-up data from an infected computer whether that can result in the infection also being backed-up and then transferred across to the new computer. In most cases, so long as you are only backing up documents and other non-executable files you should fine. Viruses and other malware require executable files, as they contain the code which can complete operations on your computer (such as displaying advertisements or hijacking the web browser). Additionally, these files need to be executed (i.e. run) otherwise they won’t do anything. Most virus and malware infections are a combination of these two items – executable files which have been configured to automatically run when Windows starts or when something else occurs (such as when Internet Explorer starts). These executable files are generally located within system directories on the computer, so if you are only backing-up selected directories (such as the My Documents folder, the email store folder, etc.) then these should not contain the virus or malware files. That said, if you want to be completely certain then it would be worthwhile running a virus and malware scan over your backup drive before plugging this into your newly refreshed computer. I assume that you are backing-up your data to an external USB hard drive (or like), as some viruses automatically infect external drives when they are connected to the computer. They will generally place an AUTORUN.INF file on the drive, together with the virus executable file. The AUTORUN.INF file allows drives and discs (such as CDs and DVDs) to automatically run an executable file or program when the drive is connected or disc inserted into the computer. You may have noticed this happening when you insert a program CD or DVD into the computer and how it automatically loads the installation program to allow you to install the application. Unfortunately, this also means that if a virus copies an AUTORUN.INF and executable file to an external drive or disc then that virus will be run when the drive is connected or disc is inserted.

However, it is not as easy as it sounds to run an antivirus or antimalware scan on the drive prior to plugging the drive into your refreshed computer, since any time you connect the drive to a computer that computer could potentially be infected (if there is a virus on the drive). Fortunately there is an easy way around this issue. At this point we are mainly interested in ensuring that there is no virus on the backup drive which could automatically run when the drive is connected. There may be other virus executable files on the drive itself, but these would have no way to automatically run so we can worry about those later – for the moment we will concentrate on the more problematic issue of a virus which could automatically run. Once you have finished backing-up your data onto the external hard drive, view the root directory level of the drive. In other words, the lowest directory level on the drive which contains the first-level of sub-directories. If there is an AUTORUN.INF file then it will be present on this level. However, the file could be hidden so we need to enable the viewing of hidden files and folders. Go to the “Tools” menu > “Folder Options” and click the “View” tab. Enable “Show hidden files and folders” then disable “Hide file extensions for known file types” and “Hide protected operating system files”. Click OK. A warning may appear that you have enabled the display of important system files and you can safely dismiss that warning.

Now, check the root level of the external hard drive and ensure that there is not AUTORUN.INF or other executable files there, which you did not place there yourself. Assuming that all is good, safely eject the drive from the computer and then disconnect the drive. Before doing anything further, double-check that you have backed up all data you wish to keep, as this is now the point of no return (since you are about to wipe and format the hard drive in your computer, which will delete all data on your computer hard drive). Once you are certain that all data you wish to keep has been backed-up, you can commence the reformat and reinstallation of Windows.

After Windows has reinstalled, the first task which you should complete is ensure that the Windows Firewall is enabled on your network and internet connection (which can be done through the Control Panel). Then, install antivirus with the latest virus definition updates. Next, you should download the latest updates for Windows so that all important security patches and updates are downloaded and installed. Once Windows has been fully patched you can connect the backup hard drive to the computer. As the first order of business I suggest that you use your antivirus software to scan the hard drive in case any virus files managed to find their way into the folders which you backed-up. If there are virus infected files on the backup drive then the files should not do anything unless they are double-clicked and executed. Therefore, make sure that you don’t run any such files otherwise you could reinfect your computer! Once the antivirus software has completed the scan and removed any detected threats, you can commence copying the backed-up data back onto your computer.