Firefox 4 'hangs', Google re-direction - follow-up advice?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by veganseeds, Apr 1, 2011.

  1. veganseeds

    veganseeds Private E-2

    Bonjour,

    Came to your forum while experiencing some bad computer problems. I've carefully read and followed the instructions posted for "Google Redirection" and then, when it didn't solve my problem, ran through the "READ AND RUN ME FIRST" instructions. Upon running CCleaner my problems appeared to be solved. I finished the READ AND RUN instructions and I've run through the "Windows XP Malware Removal/Cleaning" instructions up to step 3. Before I finish, I'd like to find out if I've done everything correctly and cleaned up the computer successfully. Would someone be willing to look at the logs that I've generated through following these steps?

    Here's our situation, briefly:

    I tried to update Firefox to the new Firefox 4 a few weeks ago. Something happened during installation and I was never able to finish the installation (I'm sorry, I don't remember what it was - didn't seem so important at the time!) After that, Firefox refused to open. Or rather, double-clicking would not lead to Firefox 4 opening, but Windows Task Manager showed that the firefox.exe process was running. Internet Explorer still worked.

    We un-installed and re-installed Firefox 4 a couple of times. We ran SpyBot and kept getting RightMedia (as usual), which would never properly 'fix.' Tried Avast scans, tried to open Firefox in Safe mode - nothing worked. I admit I ran ComboFix, but didn't know what to do with the results. So finally, went back and carefully went through all your steps, checking after each one to see if Firefox would open without 'hanging' in the background. Finally after CCleaner, it opened.

    A few months ago we were having problems with Google redirections, but thought we had fixed it. We would also periodically have Firefox open with an error message about "proxy server"; Internet Explorer would still work at those times. So, I'm wondering if either of those things had to do with Firefox 'hanging'? Also - this is probably going to sound ridiculous - but on the advice of one of the owners of the company which provides us internet service, we had our Firewall OFF for about a month - she said it would "help us connect better" to their service. We realized after a little while that this was a BAD IDEA (and also didn't help or hinder our connection, clearly) and have since re-instated it. Guess we let in a lot of bad stuff while it was off?

    At any rate my sincere and most gracious thanks to you folks for posting such helpful tutorials for people like me (who otherwise would have to pay for a technician to do this cleaning). THANK YOU. Really, really appreciate the time and energy that you all have put in to helping others keep their computers safe and working well.
     

    Attached Files:

    veganseeds, Apr 1, 2011
    #1
  2. veganseeds

    veganseeds Private E-2

    Here's the MGlog attached.
     

    Attached Files:

    veganseeds, Apr 1, 2011
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We need to use ComboFix to cleanup some more!
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 2, 2011
    #3
  4. veganseeds

    veganseeds Private E-2

    Ok!

    Again, thank you so much. Good karma!!

    Attached are the logs. The computer re-booted partway through the ComboFix scan. Made sure to close all programs including the Avast antivirus while scanning.

    The computer seems to be running very well now. No redirected websites. Internet connection runs quickly and Firefox works perfectly (oh and the new Firefox 4 is nice).

    Another time I have to say 'thank you.' The way the computer was behaving was the worst I've seen it, and I didn't think we could fix it without having to bring it to a computer store. One of our friends just had a computer 'cleaned' at a cost of $180!

    So (if everything looks good) can I go ahead and finish the steps for "Windows XP Malware/Cleaning" procedure? Do we keep any of these programs that I've downloaded, or the logs they've produced?
     

    Attached Files:

    veganseeds, Apr 2, 2011
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are clean.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Apr 2, 2011
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds