Probs with Internet Connection...what I've done so far...help pls

Discussion in 'Software' started by jacknscoob, Feb 12, 2012.

  1. jacknscoob

    jacknscoob Corporal

    I am having problems opening certain internet pages. It's driving me mad.

    Eg. Trying to open Gmail...says it is taking to long to open then flips to 'Internet Explorer cant display this page'
    Wont open Ebay - 'Internet Explorer cant display this page'
    Trying to download a free small app on itunes - msg 'Network connection timed out'
    Facebook - opens but only shows first top half of screen
    Will not open any utube - 'Internet Explorer cant display this page'

    Luckily it can open this site, so there is def a connection.

    So far I have:
    Turned off my computer, left for 20mins, turned back on
    Same with modem (as above) and reset it
    The connection on my husbands wireless laptop works perfectly
    My internet connection says it is connected
    I have run several Trend full scans
    Run Windows Defender scan
    I have reset my security & privacy settings to the default
    I am lost as to what to do next. Any ideas??

    Could it be something as simple like a setting that is wrong??
     
  2. kipfeet

    kipfeet Corporal

    Yes, it could be a wrong setting somewhere, but your computer's symptoms are suspiciously like others whose computers had a malware infection of some sort, Trend Micro and Windows Defender scans notwithstanding. I suggest that you mosey over to the Malware Forum and run through the READ & RUN ME FIRST Malware Removal Guide to make sure you're not infected with some baddie. If all goes well there, post back here with that knowledge and some kind soul will help with your listed problems. If all doesn't go well with the Read and Run Me, post in the Malware Forum and the magicians there will very ably assist you. Good luck! Things like this are never fun and we've all had our share.
     
  3. plodr

    plodr Major Geek Super Extraordinaire

    1. What browser are you using?
    2. What browser is your husband using?
    3. What version of windows are you using?
    4. What version of windows is your husband using?
    5. Are you connecting wired or wireless?
     
  4. jacknscoob

    jacknscoob Corporal

    Thanks guys

    I will have a look at the malware forum.

    My husband and I are both wireless. Me using Windows Vista, my husband Windows 7 & Internet Explorer (same as me). Will have a look for the versions.

    Also, I will connect my computer direct to our ethernet cable, just in case.

    Will be back :)
     
  5. jacknscoob

    jacknscoob Corporal

    Hi Guys

    On another help site, someone sent me this link (to a newsletter), http://www.labnol.org/software/tutor...16/[/QUOTE]

    I have gone through the list doing what I can.

    Under Fix 1: I have found '
    127.0.0.1 localhost
    ::1 localhost
    these I shouldnt have

    I have got to
    Fix 3: Clear DNS Cache – The DNS cache keeps a record of sites that you have recently visited on your computer. If that gets corrupted, you may have issues opening sites that were previously accessible without problems.
    Type cmd /k ipconfig /displaydns in the Run window to see the cache entries. If that unreachable website is listed in the cache, type cmd /k ipconfig /flushdns to clear the cache.

    I have done this but it comes back saying 'the requested operation requires elevation' what does that mean? What's my next step.
     
  6. plodr

    plodr Major Geek Super Extraordinaire

  7. jacknscoob

    jacknscoob Corporal

  8. kipfeet

    kipfeet Corporal

    Jacknscoob__Regarding the 'Fixes' you cited, some clarification:

    "127.0.0.1 localhost" is your local computer. "127.0.0.1 localhost" MUST be the first executable line in your HOSTS file (lines that begin with # are not executable lines). If there are other executable lines above and/or below that line (or if that line doesn't exist), then the file is not the original one in function. IF needed, you can restore the HOSTS file's original function simply by removing anything above and below the "127.0.0.1 localhost" line. Stripped to bare bones the original HOSTS file would consist of one line---127.0.0.1 localhost---to conform to the originally intended function, followed by the "::1 localhost" line (see following).

    Some baddies will put redirects or exclusions in the HOSTS file, so if there are other lines in it besides "127.0.0.1 localhost" don't be afraid to delete those. (If the HOSTS file was deliberately modified by you or someone you know to exclude certain sites, modifiy the previous instruction accordingly. I have a custom HOSTS file with about 14,000 lines in it, all exclusions of known bad sites.) If you end up modifying the HOSTS file, make sure a file extension (txt, for example) does not get appended to the name when you save the file....it's simply HOSTS and nothing else; not HOSTS.TXT or other.

    Regarding the "::1 localhost" line in the HOSTS file, that is a legitimate entry for IPv6 (IPv4 being "127.0.0.1 localhost"), so it's a shorthand for "127.0.0.1 localhost" when IPv6 is implemented, the latter being currently in process.

    If in doubt about your HOSTS file, copy and paste the last 4 or 5 lines of the file into your next post and someone can tell you if the file looks original or not.

    Regarding clearing the DNS cache there are several ways of doing that: the command line way you cited is one. Another is to right-click on your Local Area Connection and choose "Status" then the "Support" tab, then the "Repair" button. Watch for the message assuring success. Sometime when things are boogered a "Repair" or /flushdns command will report that the DNS cache could not be flushed, then it gets a little messy to fix that.

    Also, CCleaner with its default settings will clear the DNS cache when you select "Run Cleaner" in the lower right of the main window (If you don't use CCleaner, you should as it does a lot of other good things like deleting windows log files, flushing Temp folders, etc. It also flushes your browser's cache and the browser cache can sometimes cause problems like you're having.)

    If your HOSTS file is good, and you've cleared all your caches and temp folders and still have problems, then malware is even more of a possibility per my original reply. Doesn't hurt to check out the above first, though.
     
  9. jacknscoob

    jacknscoob Corporal

    Hi Guys

    Thanks for all the comprehensive info..I am a tad confused. But here is where I am at.

    Re, '"127.0.0.1 localhost" is your local computer. "127.0.0.1 localhost" MUST be the first executable line in your HOSTS file' - When I did the displaydns command about 20 entries appeared and the '127.0.0.1' was the 2nd from the last :confused

    Also, we dont have a LAN, we are both independantly wirelessly connected to our modem. I couldnt identify CCleaner either.

    I am mystified why I can use web sites like this (thankfully) but not gmail, I can open gmail in basic HTML but cant open any of the emails. I can open Facebook..news, however when I click on a 'group' that I use regularly it only shows the top half of the page, and thats it. :cry:cry:cry
     
  10. kipfeet

    kipfeet Corporal

    I've got you thinking apples and oranges, it seems, so let's see if I can try not to confuse you further!

    The "/displaydns" command and the HOSTS file, though somewhat indirectly related, are not the same. The output of the /displaydns command is what you saw when you typed "ipconfig /displaydns". The HOSTS file is a file that lives in a folder on your hard drive. So that we can see the differences, let's do this:

    Below is a little batch file you can run that will create two files in the root of your C-drive (C:\). One will be named displaydns.txt and the other will be named hostsfile.txt.

    To create the batch file first create a new text file on your desktop and copy the contents between the two lines below---don't include the lines---to the new text file. Save the file. Now rename the text file "getinfo.bat"
    _________________________________
    @echo off
    ipconfig /displaydns>c:\displaydns.txt
    cd C:\WINDOWS\system32\drivers\etc
    attrib -r -h -s HOSTS.
    copy HOSTS. c:\hostsfile.txt>nul
    _________________________________

    Now run the batch file by double-clicking on it or by right-clicking and selecting "run as administrator," whichever works. You will see a command box flash on the screen and it will close fairly quickly. You now have the two files we want.

    Now, using windows explorer locate the two files that the batch file created and attach them to your next post. Both files will be in C:\. One will contain what you saw on screen when you first typed "ipconfig /displaydns." The other will have the content of your HOSTS file. If we can see both those files we'll much better understand what's going on with your system. Once we have the two files in question, it may be evident if there's some redirecting going on, etc. The thing that's really suspicious is the one screen displaying half a page...seems you'd either have a connection or you wouldn't! We'll see.

    And my apologies about not explaining CCleaner further---I just assumed that if one was on MajorGeeks one knew what CCleaner was! It's a small program that you will have to download and install. You can find it at http://majorgeeks.com/CCleaner_Standard_d5125.html Once you're able to view youtube videos again you can watch the tutorial that MajorGeeks made for it.

    Download and install CCleaner. Run the program, then without changing any parameters, click on "Run Cleaner" in the lower right. That action will clean/flush browser and DNS caches, temp files, windows log files and everything that is checked in the lefthand column of the main window. After it's done (10-20 seconds, usually) you can close CCleaner. You can also delete from your desktop the batch file you made if you want.

    All the above may end up not telling us anything, but it won't hurt a thing and could help us pinpoint your problem. And getting you acquainted with CCleaner is a good thing, for sure. Cross your fingers!
     
  11. jacknscoob

    jacknscoob Corporal

    Hi Guys / Kipfeet

    I am back on the case, Kipfeet, I am reading through your recent post, thankyou very much for taking the time, whatever my outcome I'll let you know what happens. I am downloading CCleaner and will execute. FYI any downloads I do are frequently interrupted and I have to click resume numerous times, like I am doing now for CCleaner. It happens for all downloads. Is that a factor?

    OK on my C:\Windows\System32\drivers\etc\hosts - I have located the file and the last 5 lines are:

    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ::1 localhost

    Do you still need the "ipconfig /displaydns" info? If yes, I will need to type it out as I dont know how to copy from DOS.

    My computer is set up that I am the administrater, usually just an extra confirm button.

    To help things, if I wanted to publish a screen print to show you exactly what I am seeing this end, is it possible and how do I go about it? I think it would help.

    Yes fingers and toes crossed :)
     
  12. jacknscoob

    jacknscoob Corporal

    More info on other things that arnt right with my webpages (when they load)

    - some images are not shown, just white boxes with red crosses
    - some pages eg ebay (when it opens), shows boxes/links in a linear fashion (not how they should be)
    - some button links, just show the word underlined
    - when I try to open gmail is says : This is taking longer than usual. Try reloading the page.
    If that doesn't work, you can: 1.Disable Labs and try again.
    2.If you're on a slow connection, try basic HTML view.
    3.For more troubleshooting tips, visit the help center.


    Prob a screen print will assist.

    PS: just in case, I plugged in the ethernet cable direct, all the same problems

    PPS: Have completed the CClean
     
  13. kipfeet

    kipfeet Corporal

    Thanks for trying your computer hard wired...I was wondering about that and you've eliminated that as a cause of the problems.

    Your HOSTS file appears to be original, therefore it's not the cause of your problems, either.

    And now that you've used CCleaner to clear temp files, caches, etc., let's just make sure that it's also clearing your DNS cache:
    Click Start>Run and type "cmd" (without quotes) in the box and press enter. A DOS box will appear.
    At the prompt type "ipconfig /flushdns" (without quotes). If successful, it will say "Successfully flushed the DNS Resolver Cache." I expect that is what you will see. If not, tell us what message you do see. Close the DOS box.

    Assuming the flush is OK, the next thing I'd try is a different browser and see if the same things are happening at the web sites you mention. So if you're using IE, download Firefox, for example, and install and run it and see how things are. (It doesn't hurt to have a backup browser installed anyway, just for instances such as yours).

    If you're having the same and/or similar problems with a different browser, then I think you need to look at the possibility of malware and I'll refer you to the RUN and READ ME Sticky in the Malware Forum. Run through it and if looks like malware is your problem, post in that forum. If the new browser doesn't show problems, then it's likely that your old browser has gotten boogered (advanced technical term!), so an uninstall and reinstall might be in order. I'm beginning to think it may be your browser that's causing your problems; trying a different one should tell us that or not.

    No need for screen shots yet...let's see if it's browser or malware first. Hang in there!
     
  14. kipfeet

    kipfeet Corporal

    And another thing (or two)....

    Yes, your interrupted downloads are telling us something, possibly that you're quickly losing and regaining your internet connection...but, that could be caused by a corrupted browser, too. Try the different browser if you can get it downloaded and let's go from there.

    Another (quick) thing to do is to run TaskManager and see if anything looks amiss there, like a program called 34ARG$5.exe or some such non-descript thing running...a strong clue toward malware or worse. From the RUN and READ Me Sticky just installing and running SuperAntiSpyware and AntiMalwarebytes can give you a quick take on the possibility of most malware, too.
     
  15. jacknscoob

    jacknscoob Corporal

    HIYA

    :):-D:):-D:):-D:):-D:):-D;)

    I dont wana count my smilies before they have hatched...lol.

    Where I am at:

    Couldnt download CHROME due to intermittant connection problems.

    Realised 'Safari' was on my computer already. Made it my default browser.

    So far have been able to open gmail (that works), it is the older version, but the links work. Have opened UTube, amazon, keepvid

    I have started a music video download, says it will take 5 hours but have had no interupted / resume connection as yet. Facebook is taking forever, but it is still thinking about it as is ebay.

    So far have not had the screen up saying 'cannot display this web page'. :)

    I will keep you posted as to the true outcome xxx

    Thanks for your time kipfeet
     
  16. kipfeet

    kipfeet Corporal

    Excellent! At least you now know that there's something wrong with IE...some decent progress, at least. Good show :)

    But you're quite correct in not counting your smilies or chickens just yet. The question is, how did IE get the way it is? Some sort of snafu with the program? Or malware that got into it and did something? I recommend a few more steps, in the order listed following.

    1) Download SuperAntiSpyware (SAS) and AntiMalwareBytes (AMB) from MGs and install and run them to scan your computer for nasties (I'd be very surprised if none were found). Before running the scans for each be sure you update the virus definitions so you have the latest and greatest (both programs issue new definitions 2-3 times per day). SAS will automatically fix nasty things that it finds but with AMB you have to actively tell it to fix things, so don't forget to tell it that at the end of its scan. Run "Full Scan" for each of the programs and try not to use the computer for anything else while they're running. Depending on the amount of stuff on your hard drive each scan could take 20-40 minutes, but it's well worth the time, believe me. Both programs will create log files (TXT) of the scans. If you have any questions about what the scans find, find the log files on the hard drive and attach them to your next post.

    2) Before updating Safari, etc., see what can be done with fixing IE. Download a new copy from M'Soft. Now uninstall the old IE from Add/Remove Programs. Then install the new copy of IE. Reboot and see how it does.

    If, before you get to all the above you find that Safari is getting flaky like IE, that's a strong indication of malware activity, so at that point drop everything else and run the mentioned scans.

    For future reference, since you have the luxury of two computers in your household, when having difficulty downloading something on a flaky computer, use the other computer to download and just copy the download over to the flaky one using a memory stick :)

    I'm not convinced you're entirely out of the woods yet, so just keep plugging along doing the above and eventually something will become clear one way or the other. But at least you are seemingly back in business for the time being.

    And you're very welcome...it's good to hear that things are getting back to normal :) And by all means let us know how it all ends up.
     
  17. jacknscoob

    jacknscoob Corporal

    Hiya

    Yes I am with you re IE...yes I can imagine, this isnt the end of all this. Thanks again heaps for your post.

    SO.............. I have download SuperAntiSpyware (SAS) and am running a full scan as we speak (prob take all night), am still downloading AntiMalwareBytes (AMB). Once I have scanned both, I'll find the log files on the hard drive and attach them to my next post :)

    2) Before updating Safari, etc., see what can be done with fixing IE. Download a new copy from M'Soft. Now uninstall the old IE from Add/Remove Programs. Then install the new copy of IE. Reboot and see how it does.
    I am already using Safari but will do as you suggested. From the looks of my SAS, I am up to 60 threats already:-orolleyes So defo not outa the woods.

    Plus I am still unable to download apps from ITunes.

    Will let you know how I get on :)
     
  18. kipfeet

    kipfeet Corporal

    Very good with SAS and AMB ...they can be very telling (unfortunately) and the logs will be interesting...Keep plugging away and keep us apprised :)

    One thing about installing a new IE that I forgot and was reminded about when I saw your other post: By all means export your favorites from IE before removing the program, if you haven't already done so. I know nothing about Safari, but I expect it will import favorites, etc., much the same as all the other browsers do, usually found under the "File" menu or equivalent.

    And the only reason I suggest getting IE back up to snuff is in case Safari starts getting weird like the old IE at least you'd have another fallback. Of course you could always download Firefox or something else later, too. Priority right now, though, in my mind, is what SAS and AMB find and what you'll need to do about that, if anything....you'll know soon enough.

    Keep at it...you seem to be getting there...the iTunes thing may solve itself eventually. I'm just hoping you don't have something really nasty, like a rootkit virus, etc. Fingers still crossed.
     
  19. kipfeet

    kipfeet Corporal

    Another thing....once your SAS and AMB scans are done, run CCleaner to clear out temp files, etc., then reboot and see where things stand.
     
  20. jacknscoob

    jacknscoob Corporal

    Hiya

    I thought I updated this thread yesterday...maybe it is being cleared via admin??

    So I wont repeat what I said yest just yet.

    I have downloaded Malwarebytes successfully. Am running a full scan...tbc
     
  21. satrow

    satrow Major Geek Extraordinaire

    It may have been caught up in one of the spam traps - especially if you used .... to join words ^^
     
  22. jacknscoob

    jacknscoob Corporal

    Satrow. Ah thanks for that, that might explain it.

    Kipfeet, I have run SAS, 70ish threats, various types. Afterwards, I did CCleaner and I think it wiped the log, so I dont think I can show you the result. Since that full scan I have done various quick scans and it appears clear.

    My husband has asked me why we pay for Trend aND I couldnt answer him, dohrolleyes

    Am still awaiting the malware results.

    Re itunes I was advised to uninstall and reload, yeah sounds simple, quick to uninstall but reckons it will take 3 days to download (its been one day so far) :cry:cry

    My internet is working now, however, downloads are fickle and are taking forever.

    tbc:)
     
  23. kipfeet

    kipfeet Corporal

    Nope, CCLEaner wouldn't have touched the SAS and AMB logs. Open each program and find your way to the Logs tab. There you will see the log of each scan performed. View the log, which will open in Notepad, then select File>Save As and save a copy to your desktop so you can easily find it. Then attach them to your next post. Be sure you attach the Full Scan logs and not the Quick Scan ones as the Full Scan logs contain the info we want to see. The logs will be named something like SUPERAntiSpyware Scan Log - 02-21-2012 - 08-06-27.log and mbam-log-2012-02-16 (11-15-51).txt , dependent on the date and time the logs were made.

    As for Trend, no AV is perfect---that's why SAS and AMB exist---and the nasties are getting more and more sophisticated and elusive as we speak. However, there are several reputable and excellent free AVs if you don't want to shell out the bucks for a (very slightly) better paid version. I wouldn't change a thing until your current issue is resolved, though.

    Hold off on the iTunes fix. Like I say, it may fix itself, but the main reason is to not change your setup any more than possible as that just increases the permutations and combinations of possible fixes.

    Your slow and intermittent downloads are telling me that something is still amiss, regardless of SAS and AMB findings and fixes. Get those scan logs posted and lets see where you are. You're making progress, so just keep plugging along :)
     
  24. jacknscoob

    jacknscoob Corporal

    Hiya

    Thanks for your post :)

    OK, re the full scan for SAS, I have found the file, it is an 'SBD file', when I double click to open, it opens in word, it opens in chinese, when I click 'windows default' it opens in gobbledigook (like below). If I right click and chose notebook to open it, it looks like ÝÝÀÍÍÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍÃÍàçÝßÂÜÔÂßÝÜßÍÀÍßÜ×ÜÔ×ÝÕͶڎՉÍÀÍÛÙßØÚàçÝßÂÜÔÂßÝÜßÍÀÍßÜ×ÜÔ×ÝÕͶڎհ͢ˆŸŒ™„ƒŠÍ¾”ž™ˆ€ÍÀÍÛÃÝ;½ÅÍßÃÝÍÄàçÝßÂÜÔÂßÝÜßÍÀÍßÜ×ÜÔ×ÝÕͶڎհ͡ŒƒŠ˜ŒŠˆÍÀÍŽÝÔÍÀÍÅͨƒŠ„ž…ÍŬ˜ž™ŸŒ„ŒÄÍÄàçÝßÂÜÔÂßÝÜßÍÀÍßÜ×ÜÔ×ÝÕͶڎÕ
    I have tried opening in different languages, however nothing legible.:confused

    Malware log reads as follows:
    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 6
    D:\HOLDING - need sorting\DPFMate (E)\DPFMate.exe (Trojan.Downloader) -> No action taken.
    D:\My Documents\u\DPFMate (E)\DPFMate.exe (Trojan.Downloader) -> No action taken.
    D:\eBooks\Lover Mine.exe (Affiliate.Downloader) -> No action taken.
    F:\Jack's Docs\My Documents\u\DPFMate (E)\DPFMate.exe (Trojan.Downloader) -> No action taken.
    F:\Jack's Docs\u\DPFMate (E)\DPFMate.exe (Trojan.Downloader) -> No action taken.
    F:\Jack's Docs\VistaOS\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> No action taken.

    Hold off on the iTunes fix. Like I say, it may fix itself, but the main reason is to not change your setup any more than possible as that just increases the permutations and combinations of possible fixes. Yep OK.

    FOI the internet downloads are not intermittant anymore just vvvvvv slow.

    tbc:wave
     
  25. kipfeet

    kipfeet Corporal

    You still have infections because you did not tell AMB to fix anything. Re-run AMB and when the scan is done click the correct button to fix the problems. If after the fix it says to reboot, please do so. Attach the log to your next post. Do not copy and paste it into the post as you did in your last post. See http://forums.majorgeeks.com/showthread.php?t=86880 for how to attach files to posts.Then run another scan with AMB to make sure everything was fixed. If not, fix them again.

    Regarding the SAS scan log, it is a plain text file. Follow instructions in the first paragraph of my last post to save it and attach it to your next post. If the previous log wasn't saved for some reason, rerun the scan and immediately save a copy of the log to your desktop (instructions in same referenced paragraph of last post), then attach it to your next post. You were correct in stating that CCleaner may have deleted the previous log---this is something new with CCleaner; previous versions did not delete SAS logs. To prevent that from happening open CCleaner and click the Applications tab (next to the Windows tab). Look under Utilities and if SuperAntiSpyware has a check mark in the box, uncheck it (the change will be permanent). Do this before you make your next SAS scan.

    You should run Full Scans until all infections have been found and fixed.

    What are your D: and F: drives? Are your two computers networked? Both computers need to be scanned if they are networked. If they are networked, you should disconnect the network connection when running scans, and they should not be reconnected until scans reveal no infections on both computers, else you'll just possibly keep reinfecting each other.
     
  26. kipfeet

    kipfeet Corporal

    Had time to do a little more digging. I'm taking your D: and F: drives to be either USB memory sticks and/or Digital Photo Frame devices. Some of the latter have a known history of being infected from the factory. In either case your D: and F: drives are infected and need cleaning. Then disconnect them from the computer(s). Advise not using the devices again. Anything new that plugs into a computer should be scanned immediately after plugging it in, and preferably first plugged into a computer that doesn't matter so much to do the scanning.

    Too early to tell yet, but these may be the root cause of most of your complaints.
     
  27. jacknscoob

    jacknscoob Corporal

    I have attached the 2 files, full scans for each. If the previous log wasn't saved for some reason, rerun the scan . I couldnt retrieve the original SAS scan, so this is the subsequent one.

    Then run another scan with AMB to make sure everything was fixed. If not, fix them again.As requested I am running a further full scan for each, I'll attached them in the morning.

    Our 2 computers are not networked.

    E drive - DVD drive
    F drive - external hard drive
    G drive - SD card

    My IPOD is there but it doesnt say a drive name

    I will run Full Scans until all infections have been found and fixed.

    FYI - on the AMB scan 'D:\eBooks\Lover Mine.exe (Affiliate.Downloader)', that is something I have downloaded about 3 wks ago and really all my probs started from then (I think).

    :wave
     
  28. kipfeet

    kipfeet Corporal

    OK, so you probably already know that the scan logs aren't attached. See post #25 for attaching files.

    I'm a little confused about your drive designations, but perhaps it will become apparent once you've posted your scan logs.

    If your SD card is showing a virus, copy the files off it that you want to a memory stick and remove the SD card if it's for a camera then format the card using the camera's formatting utility. Reformatting the card will erase any viruses that may be on the card. Leave the card out of the computer until other things are straightened out.

    Get the scan logs (first ones that you have) posted as soon as you can and we'll go from there. I may have to send you to the Malware Removal Forum if SAS and AMB scans don't take care of your problems...we'll see...plenty of time to panic later if need be :)
     
  29. jacknscoob

    jacknscoob Corporal

    Hiya
    I have attached 3 files, the SAS no.2 is the 2nd full scan.
    Hope that works.
     
  30. kipfeet

    kipfeet Corporal

    OK...now you're getting somewhere :)

    Nothing to worry about with what SAS found; CCleaner will take care of those. I imagine that SAS found plenty on the first scan but we'll never know. No worries.

    I'm even more confused about your drive designations now...is D: your SD card?

    Have subsequent scans with Anti-Malware shown that you are now clean (4 items quarantined are now gone)? If so, is your computer running better now? Internet or downloads still slow or other?
     
  31. jacknscoob

    jacknscoob Corporal

    Me again

    AMB came back completely clear:):):)

    I will do a CCleaner & another SAS today!

    Yes a shame I havent got the initial SAS full scan, I have it but it is gobbledigook

    tbc later today:wave
     
  32. kipfeet

    kipfeet Corporal

    That's good news on your last AMB scan.

    What about your SD card? Was/is that your D-Drive (see my last post)?

    Are internet and downloads better now (see my last post)?

    FYI, there's a new version of CCleaner out. Start CCleaner and click on "Check for updates..." in the lower right. That will take you to a download page. Download it to your desktop, then Run it as Administrator to install. It installs over the top of the old one. During the install uncheck all the boxes on the page that includes "Create desktop shortcut," "Create Quick Launch Icon," etc. (not sure about exact wording). You don't need to create new ones because you already have them.

    While I'm at it, a reminder to always update SAS and AMB before running scans. Takes only a minute or two each and keeps you up to date with the latest threats. May as well have the latest and greatest.

    More when we see your next SAS log. :)
     
  33. jacknscoob

    jacknscoob Corporal

    :):):):):):):):):):):):):):):):):):):):):):):):):):):):):)

    * * * and its all T H A N K S to K I P F E E T * * *

    :):):):):):):):):):):):):):):):):):):):):):):):):):):):):):)

    Update to follow :wave
     
  34. jacknscoob

    jacknscoob Corporal

    OK, the full SAS scan + 2 x quick scans resulted in the attached, all 3 are the same and it says that these tracking things are not harmful! So thats good (will that be OK?).

    Another AMB full scan says it is completely clear :)

    Trend says clear :)

    My internet is running much quicker.

    I am currently doing downloads and am timing them.

    So thanks heaps!

    I have 2 hard-drives C & D, my SD card I am on the case. My external HD was included in the full scan (I think) - I'll do it again, just in case.
     

    Attached Files:

  35. Tonyrush

    Tonyrush Corporal

    I've had lots of trouble with IE myself. I'm noy having trouble any more because I downloaded Mozilla Firefox, and things are great again. You might want to do the same. Here's the link. http://www.mozilla.org/en-US/firefox/fx/
     
  36. kipfeet

    kipfeet Corporal

    OK...good show :)

    Do you think everything is back to normal now? No bogdowns or lags? No redirects or anything like that?

    Tell me how things are going and we'll finish up with a few reminders and recommendations. :)
     
  37. jacknscoob

    jacknscoob Corporal

    Hiya

    Yes my internet is not showing any dodgy signs at all, nothing at all :). A further further SAS scan just shows the same adware unharmful tracking cookies - I guess they are OK, yes?

    The only thing that hasnt fixed is itunes. Just for the hell of it I have attached the diagnostics report. The problems it is having is that when my PC tries to download a free app, it says, 'There was a problem downloading xxx. The network connection timed out.'

    When I foned iTunes they said uninstall, then reinstall. I have done this (PS it took approx 30-40 hrs to download). The exact same problem is there, I will call them again tomorrow. As a novice what doesnt read true of the diag log is that it says
    'Online: Yes
    Using Modem: No
    Using LAN: Yes
    Using Proxy: No
    SSL 3.0 Support: Enabled
    TLS 1.0 Support: Disabled'

    I am wireless and using the modem, not sure what TLS is.

    Sorry, I am not meaning to drag this post out. ITunes should beable to fix it.

    Anyhow, thanks for all your support. I have downloaded the updated CCleaner:)
     

    Attached Files:

  38. kipfeet

    kipfeet Corporal

    That's good news that your internet seems ok now. You done good :)

    I can't help you much with iTunes. I did look around, however, and it appears that both SSL and TLS are required to be enabled. See

    http://support.apple.com/kb/HT3204

    Note about halfway down that page the square bullet point beginning
    "If SSL 3.0 or TLS 1.0 support is disabled, refer to iTunes for Windows...."

    Clicking on that link on that line will tell you what to do about it.

    If you're pretty sure that we're done with your other problems you may have to start a new thread regarding your iTunes problem if you can't get that fixed with help from the above links. That way you'd be sure to get some iTunes experts helping with that problem.

    FYI, a little tip when you're doing huge downloads, a la iTunes per your post: Hard wire your computer to your router with an Ethernet cable rather than download huge files wirelessly. Wireless has typically only about 1/2 the throughput as hard wired, so large downloads should go a lot faster if you are hard wired. (If you're downloading a small text file you wouldn't see much difference between the two, but really huge files/downloads you should see a marked, very measureable difference [hours in the case of iTunes reinstall].) Be sure you turn wireless off on your computer when you are hard wired---don't want to confuse it too much by having both connections :)

    Later today I'll post some recommendations for other things for your computer's security, protection, etc., for your reading pleasure. :) hah... and then we'll wrap it up if you have no problems other than iTunes. Check back later today, please, or tomorrow.
     
  39. kipfeet

    kipfeet Corporal

    Sorry, I forgot to answer your question in your last post about the tracking cookies.

    If they are indeed normal cookies, CCleaner should delete them when you run it, so run CCleaner>Run Cleaner and exit, and then, with browser closed, run another quick scan with SAS and see if they're gone.

    If they're not gone, let's not take any chances. Using Windows Explorer navigate to the two folders shown in SAS and delete everything in the folders. If the files won't delete, we may have more work to do. Be careful not to delete the folders themselves, just everything in them.

    Let me know how it goes.

    These may be cookies that remember your username/password for a google account, in which case you'll have to re-enter it next time you sign in. If this is the case, and after you've signed into google again, you can go to CCleaner>Options>Cookies and see the two cookies in the Cookies to Delete pane (left). Highlight the cookies and press the --> between the two panes and it will move them to the Cookies to Keep pane (right). Exit CCleaner. Then you won't have to re-enter your username/password the next time you sign into google.

    You can treat other cookies the same way. Just run your computer for a while and browse and do your normal thing. Before shutting down go to the pane in CCleaner described above and see what cookies you have. Any you want to keep move them to the right pane. This might be banks, yahoo, BBC, etc....anything that you use a lot and are sure that the site is safe is OK to keep the cookies. I allow about 10 permanent ones to exist on my system and delete the rest every day with CCleaner.

    Any questions about this, let me know.
     
  40. jacknscoob

    jacknscoob Corporal

    Hiya

    Yes tops news re internet :)

    I have been thru some of the itunes help, enabled TLS, now going thru the rest, straight away I see a problem as the itunes diag log says I am connected to a LAN and I am not (just wireless to the modem). In internet options / connection, LAN is disabled.:confused I have gota go thru it when it is more quiet here to concentrate :) FYI, under Internet options > connections > Broadband > settings, there is no data at all under 'automatic configuration' & 'proxy server'.

    Thanks for the advice about 'plugging in' for big downloads :):):)

    Also, I'll have a go at the CCleaner / cookies thingy when I can, thanks.:wave
     
  41. kipfeet

    kipfeet Corporal

    OK, I assume you're not having any problems other than with iTunes. The scans seem to have fixed some things for you but there could still be some things amiss that we don't know about yet. If your computer starts getting flaky again I suggest posting in the Malware Removal Forum so those folks can dig a little deeper than the two malware-scan programs you ran. If you do end up having to go to that forum, read the Read and Run Me Sticky in that forum and do everything it says before posting your problem.

    Other than the iTunes thing I think all else that remained for you to do is sort out the problem with your SD card (copy off what you want and reformat it) and seeing how IE runs now. Regarding the latter run it and see before doing the reinstall mentioned in a previous post as it's possible that the problems running it you had may have been taken care of with the scans you did. If not, uninstall IE and reinstall the latest version of it that your computer will run.

    To help keep things from getting out of hand again I suggest you read (meaning Study and Do!) the following
    http://forums.majorgeeks.com/showthread.php?t=44525
    which has excellent advise for anyone.

    A few miscellaneous things to keep in mind:

    1) Keep your AV and malware scanners updated. Occasionally those programs will update the program files as well as the definition files. When they alert you that a new program version is available, allow them to install it.

    2) Run quick scans with SAS and AMB regularly. if anything is found besides tracking cookies follow up with full scans.

    3) When your Trend AV runs out, switch to one of the free ones mentioned in in the above thread. Microsoft Security Essentials may be a good one for you but take your pick.

    I think that's about it. Sorry all this took so long, but at least you're better off than you were. All the above can help you keep it that way. If you're proactive in keeping your computer clean that's a lot easier than fixing it after malware breaks it again.

    Good luck to you :)
     
  42. jacknscoob

    jacknscoob Corporal

    Hiya

    Thanks for all the extra advice, I will keep on top of it as I dont want it all crashing again.

    But you're quite correct in not counting your smilies or chickens just yet. The question is, how did IE get the way it is? Some sort of snafu with the program? Or malware that got into it and did something?

    Yes wise words. After absolute hours speaking to apple re itunes to a senior person, we went through a very extensive process of elimination, some things I had already done, some new things. After having nearly exhausted them all, he asked me to download a new version of IE (you cannot uninstall IE), there was a problem with this. The outcome with apple was to go to the computer shop and get Windows re-installed.:cry

    We deduced that the virus has corupted IE and because itunes works via IE (whether it is your browser or not) that the virus has affected that too.

    I am not dragging this post out anymore. I will attempt to download IE again. ITunes is the only thing left that isnt working properly and I can live with that.

    However I am attempting to download Firefox as a browser back-up and will just keep doing all my malware scans etc.:wave
     
  43. jacknscoob

    jacknscoob Corporal

    I am looking through the Geek link you recommended Kipfeet, is it OK to have both Trend and SAS?
     
  44. jacknscoob

    jacknscoob Corporal

    Ummmn I am getting a little worried about the general well being of my computer. I have had the following error messages in the last few days, just tonight,
    1. Runtime error! \Jasc Software\Paintshop Pro 8\Paintshop Pro 8.exe Abnormal Program Termination, Paintshop pro has stopped working
    2. DVD Flick (authoring tool) - An error occured from cLsLog: Unable to create text file. Last DLL error: 5
    3. My desktop icons all disappeared except recycle bin - Catalyst Control Centre : Host application has stopped working
    4. I tried to download Firefox, after download it just said 'file corupt'

    I am currently trying for a second time to download IE, after that I am going to close everything & run all my full scans & CCleaner, then -
    If they are indeed normal cookies, CCleaner should delete them when you run it, so run CCleaner>Run Cleaner and exit, and then, with browser closed, run another quick scan with SAS and see if they're gone.
    Using Windows Explorer navigate to the two folders shown in SAS and delete everything in the folders. If the files won't delete, we may have more work to do. Be careful not to delete the folders themselves, just everything in them.
    :wave
     
  45. satrow

    satrow Major Geek Extraordinaire

    DON'T use any cleaner if you have icons, shortcuts, programs missing - you might lose them completely.

    This reads more like a return of some malware infection!
     
  46. kipfeet

    kipfeet Corporal

    Hello, again, jacknscoob...you just can't stay away from MG, can you? :)

    Bummer to hear about continued problems, though. :(

    To answer your question, there's no problem using Trend AV with SAS. SAS is a scanner, not an AV.

    To continue from that, see the first paragraph of my post 41 and hie thee to the Malware-Removal Forum without delay. Be patient as they're always busy over there. They are truly wizards, though. Besides, your computer may not be as bad as it appears; with any luck the Read and Run Me will cure most if not all of your ills and all you'll have to do is get the wizards to confirm whether or not you are clean. Let's just hope it isn't one of the real bad rootkit viruses that is going around. We'll see. Let us know how it turns out. And no need to panic or despair just yet...there's plenty of time to do those later :)
     
    Last edited: Feb 28, 2012
  47. sikvik

    sikvik Corporal Karma

    Yes as satrow said, leave any temp cleaning app alone. The infection has changed the attributes of these files that are missing to hidden +(H). Variants of some infection(s) dump these file to a Temp folder.
    You really need to work through the Read & Run and attach the requested logs in
    Malware Removal.

    Cheers..
     
    Last edited: Feb 28, 2012
  48. jacknscoob

    jacknscoob Corporal

    Hi Guys

    I am carefully going thru the READ & RUN.

    I am stuck at Step 7: Windows OS Specific Cleaning Instructions
    'Downloading tools'.

    SAS is already downloaded on my system, however I have gone to download the latest updates and it says 'Checking for Definition Updates - Failed' and Definitions Update Error Failed'.

    Should I uninstall and reinstall?

    Re: ComboFix, I have clicked on the download icon several times and it wont download, I have tried the 'Geeks, click here if it doesnt download', it just opens the page 'How to use ComboFix', I am not sure what to do next.

    Also, whilst I am awaiting a reply (I know you guys are busy busy) and later I wish to check my emails etc should 'Defrogger' be enabled or disabled?

    Should I move this post / repost to Malware-Removal Forum? (Ah I know Kipfeet will miss me, lol;):wave)

    Hope to hear from you x
     
  49. satrow

    satrow Major Geek Extraordinaire

    SAS has definition updates available here, try to install them and then see if SAS will scan.

    Try downloading Combofix from the link again, it's updated very frequently so there's always a chance someone can't reach it for a short time when the files are being changed on the server.

    DeFogger should in no way impact on your ability to check your emails, it's wise to limit your online activities while you may be infected though.

    It's best to create a new thread in Malware as soon as you have the necessary logs, or all the logs you can get. Make notes of anything unusual, errors etc. and add those comments to your new thread.
     
  50. kipfeet

    kipfeet Corporal

    Hello, again,

    Have you been able to download SAS definitions and ComboFix yet? If not, can you get on the 'net at all now (may be that the bugger has crippled your internet, too)? If you can no longer get on the 'net, do as much as you can and get as far as you can with the Read and Run sticky (taking notes, as suggested) and make your post in the Malware-Removal Forum. The wizards will fix you up. Hang in there and be patient as those folks are busy :)

    PS Suggest making all your work from now until fixed with hard-wired connection instead of wireless, just to eliminate as many variables as possible.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds