Malware redirects my IE-can't access Gmail

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by imiller1, Aug 13, 2009.

  1. imiller1

    imiller1 Private E-2

    I have run the XP removal proceedures and still have a problem. Would be great if any of you could help this old guy out. Thanks, logs are attached.
     

    Attached Files:

    Last edited: Aug 17, 2009
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You did not attach the requested log from RootRepeal. Please attach it now.

    Please remove MGtools.exe from the below location. It does not belong there and could be detected as malware being located here:
    C:\Documents and Settings\Owner\My Documents\Downloads\Programs\MGtools.exe

    As stated in step 4 of the READ & RUN ME, you MUST NOT use MSconfig to control startups. You need to re-read those instructions and stop using MSconfig and deal with them as instructed.

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.


    Uninstall Viewpoint Media Player (Remove Only) as requested in the cleaning procedure.

    Also if you did not purchase Uniblue RegistryBooster 2009 then uninstall it.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

    After clicking Fix, exit HJT.

    Now delete the below folder
    C:\Documents and Settings\All Users\Application Data\59046dd


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  3. imiller1

    imiller1 Private E-2

    Hi chaslang,

    I want to start by saying that I appreciate the fact that you took the time to reply to my post...for that I am grateful.

    I'm new to the forum and can't figure out how to attach the RootRepae log for you to look at...sorry, I'm trying, but obviously challenged. If you have an email box that I can send it to that would be fine, or if you can tell me how to upload it to you on the forum, that would be fine also.

    Please let me know...I work during the day so I can only reply in the evenings...I am in NY.
     
  4. imiller1

    imiller1 Private E-2

    Tim,

    Here are the files that you asked me for...please let me know if you think I still have a problem.

    Many thanks,

    Ira
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Note: You should not be running Spybot's Teatimer and Spyware Terminator. We recommend that Teatimer be disabled.

    Why did you edit your first message to delete the original MGlogs.zip file. You should not be doing this and it is totally unnecessary. You remove our work history when you do this and can make it more difficult for us to help you when more severe issues exist.

    You did not heed my last instructions either. You MUST NOT save MGtools here:

    C:\Documents and Settings\Owner\My Documents\Downloads\Programs\MGtools_2.exe

    We specifically tell you in the READ & RUN ME and I stated in my last message that it must not be there and that it must be saved to your root folder. You should have C:\MGtools.exe when saved properly.

    Now all that being said, your logs are basically clean. Only one possibly item in your RootRepeal log is questionable and that is the below;
    Code:
    Name: [B]vfoa.sys[/B]
    Image Path: vfoa.sys
    Address: 0xF7565000 Size: 61440 File Visible: No Signed: -
    Status: -
    Do you see this file located in either the C:\Windows\system32 or C:\Windows\system32\drivers folder? If yes, I would like to get some more info on the file. Right click on it and select Properties. Now see if there is a Version[ tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.
     
  6. imiller1

    imiller1 Private E-2

    Hi Tim,

    This is in response to your 8/20 email.

    I edited my first email because I thought that what I had originally sent was wrong and that it might be confusing....my goal was to make it easier for you guys. The absolute lates thing I would want to do is make this more difficult for you. If that is what I did than I am sorry.


    I thought I was following your instructions regarding MGtools...how and where are the correct location for this program?

    I promise you that I have read the Read and Run me several times...obviously I just did not understand.

    Not everybody (and certainly not me) is as good with this stuff as you and your team are...I'm trying, but obviously have a long way to go. If you did not get my previous reply, I once again want you to know how grateful I am for your imput..my computer seems to be working much better. What should I do (if anything) about the "vfoa.sys" that showed up on my recent RootRepeal log?

    You have also said I should not use msconfig to control the start up...what should I use?

    Thanks again..I appreciate your help and understanding.

    Ira
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Tim is not working on your thread. I am.

    It was already to late to change it since we were already working your thread.

    Exactly where the instructions tell you which is C:\MGtools.exe

    We understand this; however, we have to be stubborn about procedures being followed because it can be the difference between success and failure. ;)

    You need to do what I stated in my last message and get me the Properties/Version info if there is any.

    Also covered in the READ & RUN ME step 4.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds