Errorsafe Problem .....again !!!

Hi folks !!!
It started from last night....when i was browsing ,, the errorsafe page appeared quite a number of times. Each time it appeared ,, i quickly closed the page down before anything could be executed.
Ran the Read And Run procedure,,,,,,,,,,,, couldnt run GetRunKey and ShowNewKey tool ,, cos when i try to get those tools,, it shows me this message :

I tried as that ipconfig /flushdns procedure.,, but still couldnt accesse the page.
When scanned with PandaActiveScan,, it founf nothing,, so no report for that. Below are the report that i got from the numerous scans.
Please help !!!

 

Thanx Halo !!!
Heres my runkey and shownew log.

 

My problems aint solved yet. Just after posting my runkey and shownew log,, the errorsafe page appeared.
Very very annoying. ,,,kindly help !!!

 

Please look in Add/Remove Programs for the following and uninstall them if found:

CasinoOnNet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/ search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/ search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\casino ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next...

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi bjgarrick !!! Thanx for ur reply !!!
Regarding the CasinoOnNet thing,,, i do have online poker installed on my computer,, but its not CasinoOnNet. Its goes by the name of SvenskaSpel.. and i doubt if the threat is coming from here. This i say because ,, my brother plays this online poker,,, and so does more than 50% of the people living in my country.
So,, i didnt delete the C:/casino folder.,,, but this is what i have done :

As per ur instruction ,, i scanned the system with hijackthis,, checked the items mentioned. (for some reason , i couldnt find O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto )

Then i closed all opened browser and fixed the selected item. Rebooted in safe mode (with the cable wire intact) , ran ccleaner,, rebooted in normal mode. Made the Web and Default Security Setting.
Disabled System Restore,, ran spybot S & D, just for the sake of it. Rebooted again. Enabled System restore.

And finally , ran hijackthis,, and attached the log.

EDIT : So far, no errorsafe appearing. But i.m still quite critical about it. This is because,, of all the past errorsafe problem i faced,, this seems to be the worse.

 

Your log looks good, are you having any current problems?

 

Im checking it right now. Been browsing for around 10 - 15 min now,, no sign of errorsafe. But as said earlier,, im still critical about it.
I would like to know ,, how avoid getting hit by errorsafe. Cos this threat seems to appear from nowhere.,, without any caution or notification from my Security protection.
I hope the problem is solved.
A sincere thanx for ur time and patience.

 

You should get updated, installed a firewall.

You should see this thread on How to Protect yourself from malware!

Surf Safely!

 

K thanx !!!
Got most of the tools mentioned in the given link.
I.ll get back ,,in case errorsafe problem appears again.

 

Not a problem, let us know if it comes back.

Surf Safely!

 

Man ..this errorsafe problem dont seem to leave me alone.
Just today morning, when i was checking out the reply for my thread in here.,, the errorsafe page appeared again.
I think i should clarify that most of the errorsafe page appeared this time,, was just a blank white page,, with the errorsafe URL in the address bar. Unlike , the past erorsafe that i had encountered. By past , i mean,, not this time... but when i was infected with errorsafe few months back.

Im very frustrated at the moment.. and would really like to get rid of this buster ASAP.
Kindly help me with this.

 

Run a Panda Online Scan and attach the log with a current HJT log.

 

In case it might help ,, this is the errorsafe URL that i got from the last attack :

 

Does it just popup without doing anything or does it popup while surfing?

 

Its does not pop-up,,, its more like a hijacker or whatever its called.
For example,, im browsing through Majorgeeks.com,, suddenly , i hear a clicking sound, and the majorgeeks page changes to errorsafe page, with the white blank page.
It does not do anything. Not like my past infections, that ask me to download certain tools to keep my PC secure and all that.

But still, its pretty annoying , and i would like to get rid of it completely.

 

Strange, go ahead and run the Panda Online Scan, attach this log with a fresh HJT log and we will see what appears.

 

Here u go. Panda scan couldnt find anything else than just tribalfusion.,,thats what i get when i visit this site. I think its just a cookie or something.
Please check my log.

PS : For some reason, i couldnt attach my activescan log. It says that i had already attached my activescan log in my other thread... which i did.. but that thread was 2 months old.

So, im gonna copy and paste my activescan log here.:

 

I don't see anything in those logs, let's see if AVG AntiSpyware can come up with anything.

Download AVG AntiSpyware, save to your desktop and double click to install once it completes.

Once you have installed the program, download the updates using the link below. Once downloaded, double click to install.

AVG AntiSpyware Updates

After you have installed the updates, run the program from the icon on the desktop. Once it has opened run a full scan removing all found objects. After the scan has completed reboot and attach the log.

 

AVG couldnt find anything either. I dont understand. Last night i had been surfing a bit, i found no sign of errorsafe.
I find it strange but, all the errorsafe page appeared this time, was when i was browsing through majorgeeks.com. And also, after closing down the page, when i run ccleaner, it finds tribalfusion cookie.
Is it just me or everyone else experiencing the same thing.
Anyways, heres my AVG log.

 

You can uninstall AVG and anything else I had you download and run. I"m not sure what exactly is going on here.

Just to be sure let's run this scan below...

Please download Blacklight to its own folder...

F-Secure Blacklight

After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with a fresh HJT log.

 

I just wanna say "Thank U" for being so patience with me. Really appreciate ur hard work.
I wanna ask that , is it normal that i get tribalfusion cookie when i visit this site.?

That said, heres my logs u asked for.

 

Your logs look good.

Everytime you open a browser you will have cookies, this is normal. Just run CCleaner on a daily basis and you'll be ok.

 

Kool !!!
Thanx for all ur effort u gave into. I hope my problem is solved.
But if it appears again, then dont be surprised to see me asking for help.
Thanx once again !!!

 

Not a problem!