Nepali virus?

I had two alarms wih Avast I had a paid Avast but it ran out recenty but Istil lhave Avast installed
So while surfing I had two alarms I am not sure if I clicked disconnec for both anyway I went into Blogger to make a blog and when I type I get the text changing from English to this language हाउ तो मके अ ब्लॉग Nepali or someone said it was Nepali

I also did a scan with Acast and then Hitman Pro but nothing is detected. I have to say also that my brother asked me to transfer someting from my computer to his pen drive and I read something could be transferred that way but I onl read that briefly when Googling Nepali virus

HELP What is it and how to remove please?

Since nothing has been detected during scans, there is nothing to remove.
Please post a HijackThis log here and let us check it.

How do I d a hijack this please?

Have a look HERE

The language is Hindi, curtsey of Google translate, “A blog, How then still make”

http://translate.google.com/#auto|en|हाउ%20तो%20मके%20अ%20ब्लॉग

Whats the virus ? LOL

Looking now for that Hijack this

Would it not be better to just do a system restore to the day before?

Do you think a system restore would do the trick?

Personally I don’t think that system restore is reliable enough for this and it can have unexpected consequences; we have seen in the forums after using system restore the avast services aren’t working or reporting a problem; this has resulted in people having to do a clean reinstall of avast.

Whatever this is I have never seen a virus that changes your language even temporarily as first you would have to have that language pack/font installed and I somehow doubt you have Hindi installed.

Before doing anything else post the contents of the hijackthis log as Eddy asked.

Then - If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS, http://www.superantispyware.com/portablescanner.html, no installation required.

I have Super anti spyware installed and the paid version and did a scan but this too has run out of yearly subscription when I did the scan however it is still in my computer of course

You don’t have to have the pro version, the free versions does all you need other than being resident. However the SAS Pro license is a one off payment and not an annual renewal, it is what I use. You should also download, update and run MBAM.

It is now time for some actions on the suggestions and post the logs.

OK the log highlighted this file
and I think it suggested it was not in Microsoft so to delete it but I have not yet deleted it here it is

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

However the SAS Pro license is a one off payment and not an annual renewal, it is what I use.
@DavidR they have both....

SUPERAntiSpyware - LIFETIME SUBSCRIPTION
Save Now - Upgrade SUPERAntiSpyware to a lifetime subscription for a $9.95 one-time fee instead of our usual renewal fee of $14.95/year.
This includes free program updates and definition updates for the life of the product!

Wow, anyone would be crazy to go for an annual subscription then. Certainly when I bought mine it was only a lifetime one of fee.

And the virus results???

So here is info on the selected item (what I posted above)

A registry value that has been created and is not present in a default Windows install nor needed possibly resulting in a changed IE search page start page search bar or search assistant
(action taken Registry value is deleted)

Should I delete it?

We don’t see any information posted, either copy and paste the contents of the log file or attach the log files to the post.

  • When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.

I also get this message when starting scan

FOr some reason your system denied write access to the hosts file
IF any hijacked domains are in this file Hijack this may not be able to fix this

We are waiting for information in the form of the logs of the scans suggested, without information we simply can’t help. A drip feed of snippets of information won’t help us to help you.