browser won't let me open mail.yahoo.com

Hi,

I believe I am having problems with a browser hijacker or some kind of malware.

I have two computers at home and one at work. Last July I could no longer access mail.yahoo.com with IE or Netscape or Firefox on my old computer. I wasn't worried as I bought a new computer so I never fixed the problem. I have been using my new computer since September with no problems. Then on December 22, my new computer would no longer access mail.yahoo.com and other websites.

The message is always: Problem Loading Page:Unable to connect Firefox can't establish a connection to the server at mail.yahoo.com.

I was using Norton Antivirus and Firewall on the old computer as well as Ad-aware and Spybot.

The new computer has McAfee Antivirus and Firewall as well as Ad-aware and Spybot. I tried a system restore on the new computer to an earlier date but that didn't fix the problem and firefox wouldn't run properly so I undid it.

I have started to try to clean my old computer. I downloaded all the programs and printed out your instructions from my work computer.

I started with the Special Removal instructions, generic solution for about:blank and HSA. From that I downloaded
Ad-aware SE update,

Spybot S&D which would not let me in to simply update so I deleted and reinstalled it and updated it,

HSRemover which ran itself when I tried to update it (since I ran that, my desktop picture has disappeared from the desktop and my browser opened today to hseremove.com website which had some odd stuff on it)

about:Buster - no update

Hijack this - no update

ADSpy - no update

Ccleaner - no update

Process Explorer

I then went back to the main explanation for removing malware.

I went through add/remove programs but did not have any of the listed programs.

I emptied norton antivirus quarantine and emptied my recycling bin.

I ran ccleaner through my only user account. (when I ran XP service pack 2 it created a user account that I have to log into but don't want and I tried many ways to get rid of it but couldn't.)

I enabled veiwing of hidden files, etc.

I downloaded getrunkey, shownew, spybot - see above, counterspy, AVG anti-spyware, Hijack This.

Then I went to safe mode with my internet unplugged and shut down all applications.

I ran ccleaner.

I ran spybot search and destroy but not Teatimer.

I tried to run Counterspy but couldn't as I had not run setup in the normal mode.

I ran AVG anti-spyware which found 4 adware and 3 tracking cookies.

I had to boot again in normal mode to run the online scans.

I went back and ran counterspy.

I ran bitdefender which found 1 virus, 2 infected files, 3 suspec files and deleted 5 files and saved the text file.

I ran Panda activescan and it said it found 4 files.

I ran the runkeys and shownew files.

From the command line I tried to ping www.yahoo.com and pcpitstop.com. the yahoo ping came back with 4 lines of 'request timed out' while the pcpitstop pings went through properly.

I also did a tracert with both sites and yahoo gave the first line and then times out over and over. Pcpitstop traced the whole route.

When I started IE this morning, it opened to the site 'info space' which I had never seen before. Also AVG and Sunprotect were trying to run and taking all my RAM so I shut them down.

I am hoping that whatever fix we do to this old computer will also fix my new computer.

Thanks
Pat

 

I couldn't find a .txt file for Counterspy.

Also, none of these programs has managed to fix my inability to get to mail.yahoo.com or some other sites.

Thanks
Pat

 

Sorry,

My first post does not appear to include the attachments so I will attach them again here.

 

Hi,

I did a Hijack This run and have the logfile attached.

I logged off my computer and then logged back on after a couple of minutes to make sure that everything was running as it should.

In the process of starting up, I was asked to approve a couple of active x programs but I blocked them. Then a red pop-up window appeared and told me that 'active protection had blocked IE ActiveX program Oscan8.ocx by Softwin. The only option in that window was to click 'silent' to stop being reminded. There was no other way to close the window but it went away by itself before I ran HJT.

The instructions said to close down unnecessary programs so I closed AVG Anti-spyware as well as Counterspy but I left Norton running.

Thanks
Pat

 

Thanks for your reply. I don't think it worked, though.

1. I have DSL on this computer and the other computer I run through a secured WIFI. When I opened firefox this morning, mail.yahoo.com opened but without the sign-in seal so I am assuming it is still hijacked. (We haven't started on the other computer yet, although mail.yahoo.com did start up on it this morning.)

2. I unistalled AVG and Counterspy. While I was uninstalling counterspy a Norton window came up with a High Risk Malicious Script warning for Windows Script Host Shell Object run C: documen~1... killrunning.vbs I clicked to stop the script.

3. I never put those items in my Trusted Zone. They are all Korean sites and should not be listed as trusted. I don't trust them. I tried to remove all the 015 when I ran HijackThis but it didn't delete them. I have tried to find where they were in Norton and in Firefox but can't find them there to delete. I would like to get rid of them. There are a few Korean sites that I access but none of them do I trust.

4. I deleted all the 016s that you had listed.

5. I uninstalled Java and Firefox and Surfer Network. Then I rebooted and and installed the current version of Sun Java and launched it. Then I installed Firefox and installed it.

6. I downloaded Hoster and ran it.

7. I successfully flushed the DNS Resolver Cache.

8. I downloaded Pocket Killbox and saved it.

9. I ran HijackThis and selected the 2 04 lines, all 015 lines, the 016 lines you indicated, and the 020 line and clicked to fix after exiting all browsers.

10. I copied the lines for the regedit fix but missed the last line of it because it printed on the next page of my instructions. I ran it without the last line. Then I realized what I had done, and I went back in to the fixMe.reg file, added in the last line and ran it again.

11. I ran killbox and deleted the selected files. The Dr. Watson dump and Sun Java cache were greyed out so I could not select them. Also, there were only 2 folders available for deleting: c:windows\temp and c:\temp. I pasted the two lines into killbox and clicked yes to delete and then stopped the reboot so I could add the second one and clicked yes to delete and reboot.

I am attaching the 3 log files to this email.

I have been doing trace routes in the command window and printing the screen if that would be helpful.

Thanks so much for your time and energy. I really appreciate the help.

Pat

 

I was going to attach a Word document that shows the websites and the tracert but it is too big and not acceptable. If there is some way to save a tracert and attach it, would it be helpful for you?

Although I can get into majorgeeks it still shows the system timeout at the 3rd step. This is consistent with all the sites that I go to that I know are not the real site. The yahoo site does not have the sign in seal on it. So I am not signing in to it.

I really would like to get rid of the 015 trusted sites as I never added them.

Whatever is on my computer is most likely a Korean malware. This is where I live and my service provider is a Korean company. Someone else infected my previous school computer with about:blank and the systems person used a Korean spyware program called Adspyder to get rid of it but it adds its own redbug.com hijacker.

Again, thanks for your help with this.

Pat