Email and browser hijack

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by isaac987, Aug 22, 2014.

  1. isaac987

    isaac987 Private E-2

    Hello


    Something is using one of my email accounts to send mail as I keep getting messages saying 'Mail Delivery System The following message was undeliverable". My browsers such as Firefox and Chrome give me a warning when I try to access the Google home page that I am being redirected and that it cannot connect to the real Google, that something is interfering with the connection. There are also many security warning when I try and surf other sites.


    I have tried going through the read and run me first guide for VISTA but the scans have not removed anything or fixed it.


    Is there anything else I can try?
     

    Attached Files:

    isaac987, Aug 22, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs. I suggest you use a different computer and change your password. Let me know if that helps.
     
    Last edited: Aug 22, 2014
    TimW, Aug 22, 2014
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 22, 2014
    #3
  4. isaac987

    isaac987 Private E-2

    Hello Tim thank you for looking and you suggestions, I tried setting everything to defaults as on the links but it makes no difference. Emails are still coming in saying Mailer-Daemon Delivery Status Notification Failure.

    CHROME
    Cannot connect to the real www.google.co.uk
    Something is currently interfering with your secure connection to www.google.co.uk.
    Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
    If you were to visit www.google.co.uk right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.co.uk.

    FIREFOX
    his Connection is Untrusted
    You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure.
    Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
    What Should I Do?
    If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
     
    isaac987, Aug 22, 2014
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I didn't find anything in your logs. Let's try this:

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
    TimW, Aug 22, 2014
    #5
  6. isaac987

    isaac987 Private E-2

    Hello Tim

    First time I tired it froze and stopped responding, second time it showed an error as my system clock seems to have changed to 2003, but third time it ran and I have the log. Thanks.
     

    Attached Files:

    isaac987, Aug 22, 2014
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo removed a few items. Tell me how things are running.
     
    TimW, Aug 23, 2014
    #7
  8. isaac987

    isaac987 Private E-2

    Hello Tim, unfortunately it has made no difference still the same messages from the browsers and emails. Any other scanners I can try?
     
    isaac987, Aug 23, 2014
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 23, 2014
    #9
  10. isaac987

    isaac987 Private E-2

    Hello, I tried the eSet online scan, but it found no threats the only thing it quarantined was:

    C:\Program Files\OpenDownloadManager\rkverify.exe
    C:\Program Files\HyCam2\hctoolbar.exe
    C:\MGtools\Process.exe

    Something is still using my email to send out emails and all the browsers still show warnings, this is what i get when I launch Explorer..

    There is a problem with this website's security certificate.

    The security certificate presented by this website has expired or is not yet valid.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    We recommend that you close this webpage and do not continue to this website.
    Click here to close this webpage.

    Continue to this website (not recommended).

    More information

    If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com. For more information, see "Certificate Errors" in Internet Explorer Help.
     
    isaac987, Aug 24, 2014
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you change your password for your email client? What are you using? Remind me.

    Have you tried other browsers?

    Let me talk with my colleagues.
     
    TimW, Aug 24, 2014
    #11
  12. isaac987

    isaac987 Private E-2

    I use Windows Mail, I have x2 email accounts on there, the main default account has not been affected, the other secondary account is an old account from an ISP that is now a different company so cannot change the password for it (only thing I can do is delete it and stop using it).


    All the browsers as effected, I am now using FlashPeak Slim Browser and Google Chrome Portable but they also coming up with security warnings. I tried going through the Fixing Google Redirection/ hijacking and other redirection problems guide but does not work either.
     
    isaac987, Aug 24, 2014
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    @ isaac987 - Please fix the clock on your PC. All of your logs show date/time of January 2003. You cannot run any kind of software that needs to verify authenticity when your clock is incorrect. It makes all security certificates non-valid. You are not having malware problems!


    @TimW - note the below items need fixing per nwktst.txt
    Code:
    =====================================================================================  
Checking Windows Firewall Service -MpsSvc- State 
.
   Windows Firewall Service is NOT running  
        C:\Windows\system32\FirewallAPI.dll exists  
=====================================================================================  
Checking Windows Firewall Authorization Driver Service -mpsdrv- State 
.
   Windows Firewall Authorization Driver Service is NOT running  
        C:\Windows\system32drivers\mpsdrv.sys exists
     
    Last edited: Aug 24, 2014
    chaslang, Aug 24, 2014
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Go to run, type in:
    services.msc

    When the window opens, scroll down to Windows Firewall and set it to automatic. Tell me if you have a problem with that.

    Does your Comodo security also include a firewall?
     
    Last edited: Aug 24, 2014
    TimW, Aug 24, 2014
    #14
  15. isaac987

    isaac987 Private E-2

    Thank you chaslang that has worked! I did notice the clock was January 2003 but I thought this was being caused by malware, I don't see any more strange emails coming in and I can now use any browser without any security warnings. I think I have a hardware mobo and memory fault causing the clock to change/lose time.

    Tim yes your right my Comodo already has the firewall enabled that is why I have the Windows Firewall turned off. Big thanks to both of you for your time!     :)
     
    isaac987, Aug 24, 2014
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Aug 24, 2014
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds