Socajowa Posted March 31, 2013 Posted March 31, 2013 (edited) [ATTACH=CONFIG]995.vB5-legacyid=1899[/ATTACH] Some of my internet pages have this problem where it says that the site is blocked I've tried scanning my computer with avg but nothing has come up, I've also deleted a variety of files but still nothing has changed, I'm really confused by this and how to get rid of it, any help would be much appreciated. Thanks Didn't know where to post this sorry for any inconvenience Edited March 31, 2013 by Socajowa Quote
KenB Posted April 1, 2013 Posted April 1, 2013 Hi and welcome to ExTS That looks like malware. If you use P2P software ( Limewire etc ) please remove this from your system as this is the most likely cause of any infection. Download MBAM from here: ( you want the free version ) click here Install > update > run the scan It will produce a log. Please copy this and post it here. I think ( from what I have read ) that this particular malware alters the hosts file too and this will need to be addressed by one of our malware experts. I will leave a message for one of our Security Experts to advise you further. (Even if MBAM appears to have fixed your problem you will still need further advice :) ) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted April 1, 2013 Posted April 1, 2013 Hi Socajowa Please follow the MBAM instruction given by KenB. Once we have the report we'll take it from there. I've also deleted a variety of files but still nothing has changed What files have you deleted? Does this happen on Internet Explorer as well? Quote Member of:UNITE
Socajowa Posted April 3, 2013 Author Posted April 3, 2013 What files have you deleted? Does this happen on Internet Explorer as well? I deleted a few programs such as steam, sony vegas etc also a few folders with some music i had downloaded a while ago, just anything that i didnt think was needed on my pc and yes it happens on all my browsers Quote
seedy21 Posted April 3, 2013 Posted April 3, 2013 Hi SocaJowa Have you Run Malwarebytes to see if it can see the infection?? Double click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Full Scan, then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
KenB Posted April 3, 2013 Posted April 3, 2013 Starbuck needs to see the MBAM log before he can assist any further :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Socajowa Posted April 3, 2013 Author Posted April 3, 2013 (edited) [ATTACH]998.vB5-legacyid=1902[/ATTACH]MBAM-log-2013-04-03 (01-40-02).txt Edited April 3, 2013 by Socajowa Quote
KenB Posted April 4, 2013 Posted April 4, 2013 I have attached the log - it is a bit easier :) You definitely need assistance to remove the malware ..... please wait for starbuck to advise. ================ Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.02.15 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 alex_2 :: ME-PC [administrator] Protection: Enabled 03/04/2013 01:19:17 MBAM-log-2013-04-03 (01-40-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 323082 Time elapsed: 17 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 49 HKCR\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken. HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> No action taken. HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken. HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> No action taken. HKCR\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken. HKCR\TypeLib\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken. HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> No action taken. HKCR\HBLiteAX.Info.1 (Adware.Hotbar) -> No action taken. HKCR\HBLiteAX.Info (Adware.Hotbar) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken. HKCR\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken. HKCR\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> No action taken. HKCR\HBLiteAX.UserProfiles (Adware.Hotbar) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken. HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> No action taken. HKCR\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken. HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> No action taken. HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> No action taken. HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken. HKCU\Software\hblitesa (Adware.HotBar) -> No action taken. HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken. HKLM\SOFTWARE\HBLite (Adware.HotBar) -> No action taken. HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> No action taken. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.SpyNet) -> Data: C:\Users\alex_2.me-PC.001\AppData\Roaming\install\Svchost.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Intell Management (Trojan.Agent) -> Data: C:\Users\alex_2.me-PC.001\AppData\Roaming\svchost.exe -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files (x86)\HBLite\bin\11.0.363.0\firefox\extensions -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. C:\Users\Alex\AppData\Roaming\HBLite (Adware.Hotbar) -> No action taken. C:\ProgramData\HBLiteSA (Adware.Hotbar) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken. Files Detected: 7 C:\Users\alex_2.me-PC.001\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. C:\Users\alex_2.me-PC.001\AppData\Roaming\install\Svchost.exe (Backdoor.SpyNet) -> No action taken. C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken. C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> No action taken. C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> No action taken. C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> No action taken. C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> No action taken. (end) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Socajowa Posted April 6, 2013 Author Posted April 6, 2013 Cheers and has starbuck been away because i really need to sort this out thanks Quote
Plastic Nev Posted April 6, 2013 Posted April 6, 2013 Hi, Starbuck is away till Monday he is moving house, however I will post asking etavares if he can have a look, he is in America so there will be some time differences. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Armageddon Posted April 7, 2013 Posted April 7, 2013 Hi I have seen your log and it says no action taken on all the malware posted could you possibly re run the scan then when its finished click deleted selected items on the bottom left Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted April 8, 2013 Posted April 8, 2013 Hi Socajowa Sorry for the delay. The report doesn't look very good i'm afraid. One or more of the malware items you have picked up is a backdoor, password stealing trojan. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation. Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. For more information read ....Here If you choose to format and reinstall read...... Here Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again. It's your call i'm afraid. Quote Member of:UNITE
Socajowa Posted April 9, 2013 Author Posted April 9, 2013 Thanks for the reply starbuck but i dont think ill be able to do the reinstall as ive already used the disk a certain amount of times it just doesnt work anymore so we may have to go for the other option and just try and clean the pc as much as we can Quote
Starbuck Posted April 9, 2013 Posted April 9, 2013 Hi Socajowa Ok, no problem. After i've posted this reply i'll move the thread to the malware removal forum where we can work on this a little easier. Step 1 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you may not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: Combofix.txt and both reports from OTL Thanks. Quote Member of:UNITE
Socajowa Posted April 10, 2013 Author Posted April 10, 2013 Thanks for the help with everything sir i retried the system restore disk and it worked! so everything is sorted now but thanks for all the help you guys where amazing Quote
Starbuck Posted April 10, 2013 Posted April 10, 2013 Hi Socajowa i retried the system restore disk and it worked! so everything is sorted now Glad to hear it and thanks for letting me know promptly. Any further problems, just give us a shout. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
KenB Posted April 11, 2013 Posted April 11, 2013 so everything is sorted now That is good to hear - you know where we are if you have any more problems :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.