AV sites still blocked after completing all XP Clean Procedures

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jay Berry, Oct 11, 2008.

  1. Jay Berry

    Jay Berry Private E-2

    Cleaning a friend's XP machine infected with several trojans from bogus programs such as Micro AV 2009. Successfully removed numerous viruses using tools found here. Pop ups are gone and machine working much better now with the exception of certain "AV" sites are blocked in IE7 including Major Geeks. Also, if I google an AV site and click an AV related link in the results I am redirected back to another google screen.

    I started out installing a new "off the shelf" copy of NAV 2008 which he purchased. My goal is to correct this last problem with the blocked sites, perform a successful liveupdate for NAV2008(currently blocked), re-enable NAV scanner and remove all the "free" tools. (except for Spybot maybe)

    I am transferring my logs with a USB drive to this laptop for posting.

    All tools now give me a clean report.

    My driver/etc/hosts file appears to be normal>127.0.0.0 localhost

    I have successfully run the fixwareout file>dnsbak.reg

    Here are the first three logs for:

    SAS
    Spybot
    MBAMW

    Thanks in advance for your assistance. I have fixed several computers searching other threads here in the past. This is my first post.
     

    Attached Files:

    Jay Berry, Oct 11, 2008
    #1
  2. Jay Berry

    Jay Berry Private E-2

    Here are the logs for:
    Combofix
    MGzip
     

    Attached Files:

    Jay Berry, Oct 11, 2008
    #2
  3. Jay Berry

    Jay Berry Private E-2

    I have also run:
    CWshredder
    TM rootkit buster

    both were clean

    some of my trojans were:
    yur28b.exe(SAS repaired this I believe)
    w32.trojan-gen(other).....combofix found this on a boot scan but it failed my responses to repair, delete or move to chest......however, it was never found again on subsequent scans
     
    Jay Berry, Oct 11, 2008
    #3
  4. Jay Berry

    Jay Berry Private E-2

    pardon me:

    my hosts file contains:
    127.0.0.1 localhost
     
    Jay Berry, Oct 11, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Per the first instructions in the READ & RUN ME, you must not have more than one antivirus installed. You need to uninstall either Avast or Symantec immediately before doing anything else.

    The per step 1 of the READ & RUN ME, you need to uninstall Ask Toolbar


    Now we need to use ComboFix in a different way.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Oct 13, 2008
    #5
  6. Jay Berry

    Jay Berry Private E-2

    Looks like this PC had some stealthly little varmints.

    I thought turning off the NAV scanner while working with Avast would prevent any problems associated with running 2 av programs simultaneously. I had reset IE7 to default settings which I thought removed add-ons.

    Next time I will follow directions more accurately.

    Unfortunately I had to reload and return the machine to my friend already.

    I expect this forum will be a handy resource next time.

    Thanks for your help and thorough response.
     
    Jay Berry, Oct 14, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Oct 17, 2008
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds