Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects, Will Not Allow Auto Update, Many Bsod's, ...


  • Please log in to reply
61 replies to this topic

#1 Elizabeth123

Elizabeth123

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 25 May 2008 - 06:16 PM

Began with browser redirects to //www.system-defender.com/. Then computer froze and I could not even Ctrl, Alt, Del to bring up task manager. When I tried to , I got an error that said that the administrator would not allow, although I am and was signed on with Admin priveleges.

Upon restart, got a fatal exception, bsod - after several of theses, and some apparent missing files, I reinstalled windows, which took about 1.5 hours.

After reinstall, continued BSOD's redirects, dll errors, would not allow auto updates, every time I tried to turn them on to automatic through Computer Management Services, it would allow me to click automatic but then as I would click okay or apply it woulkd revert to disabled.

It seems there are no restore points. browser repeatedly opens a new window with
//www.system-defender.com/freeware/2/?wmid=6010&mid=MjI6Mzc6MTgxNjM=&lndid=37&p=01

I have read and done all the requirements painstakingly slow as I would get a BSOD half way through things in fact if I dont hurry this up I will get one again and lose everything i typed - PLEASE HELP

Attached Files


Edited by KoanYorel, 25 May 2008 - 08:11 PM.
to disable hot link URLs above


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 28 May 2008 - 06:33 AM

Hello Elisabeth123 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 29 May 2008 - 05:33 PM

Here are the reports you asked for.
I truly appreciate your help.

Notes: Combofix did not reset my clock to regular time, left it at military time, not that it matters to me, but it might mean something. Also, could not get computer to connect to internet until I uninstalled Kaspersky Internet Security (6 mo. Trial version) so I did that.

Attached Files


Edited by Elizabeth123, 29 May 2008 - 05:37 PM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 30 May 2008 - 03:43 AM

Hello Elisabeth,

Don't worry about those clock settings,
we'll fix that at the end. :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/140278/fake-security-center-removal/
Collect::[9]
C:\WINDOWS\system32\opnmKDVo.dll
File::
C:\WINDOWS\WSYS049.SYS
C:\WINDOWS\trfntw32.cfg
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1484B8EF-CD80-492C-867A-DA93220A9ED6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62DE0A87-06AB-481D-8919-1178C2D967E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75236691-7435-480D-908E-CB58B6B45119}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D1EDE8-7BCB-4B84-8CF6-4744F53F3DA8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DB0F0B-1F87-4E8E-8F69-4D9F31E8D9F2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKDVo]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Env76.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqX75.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nwF32.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qyh87.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uen54.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vdk75.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\viU82.sys]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 30 May 2008 - 04:56 AM

Hello Thunder,

Thanks for continuing to work with me.

Here are the reports you asked for and a log was submitted after running Combofix.

Yes I am still having problems.

I still cannot turn on Automatic Updates.
Computer is very slow when it starts up, it hangs for a long time on the screen where you login. After I put in my password and click on the arrow it take a good 3-4 minutes before it starts up.
Still being re-routed to fubar.com, as well as others that I did not direct my browser to go to

I will start keeping a detailed report and send that information with my next post. But things are getting a little better slowly.

I am a little concerned about having had to uninstall a Virus Protection (Kaspersky 6 mo. trial) program and have no virus protection right now but am being very careful.

Any suggestions for a free virus protection program to use? (funds are a little tight right now). I do have an AOL account and I believe that they have mcAfee available to me also I have CA Internet Security available to me from Time Warner, is one better than the other and should I install one of them? Will wait to hear from you before making any of those decisions.


Thanks again,
Elizabeth

Attached Files



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 31 May 2008 - 05:24 AM

Hello Elisabeth,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Go to Start > Control Panel > Software > Add/remove programs and uninstall Kaboodle Toolbar
Reboot your PC.

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

What problems remain after this cleanup ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 04 June 2008 - 03:27 AM

Hello Thunder,

Well I went through the steps above and am still having a few issues.
1. I cannot update windows. I have automatic updates turned on and everytime I go to shut down the computer it tells me not to turn it off that there are 75 updates being installed but never installs them.
2. Upon starting up at login screen where users come up and you enter your password, the computer hangs for about 2-3 minutes before starting up windows.
3. I cannot seem to get flash working in IE, here is a message i get: Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. Get the latest Flash player. I then go to the download site and download or try to but never successfully.

Do you need a fresh HJT log.

P.S. I did not uninstall the Tools that we used in this process yet, so they are still available to use, if you want me to uninstall and they may be causing the program then just let me know.


Thanks Elizabeth

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 04 June 2008 - 04:07 AM

Hello Elisabeth,

Yes please, first remove all tools and uninstall ComboFix.

Next, download and unzip Dial-a-Fix to its own folder on your desktop:Open the Dial-a-Fix folder, launch the program by clicking on the blue cog-wheel icon.
First, click the "Policies..." button on the bottom.
If anything is found, make sure it's checked and then, click the "Remove" button and click the "Close" button to close that window.
Now click the green, double check icon (Check all) on the bottom.
Then click on 'GO' at the bottom.
Click "Exit" and restart your pc when Dial-a-Fix has done.
Are those updates getting installed now ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 09 June 2008 - 01:00 PM

Hello Thunder,

Well I tried what you suggested and I got nothing but error after error in Dial A Fix. I copied the errors (screen shots) and have saved them as a combined jpeg. I have attached the file and numbered them in the order that I got them. I was not sure where all of the suggested fixes were and thought it best to wait and see what you say about them all. After the 23 errors and restarting, the updates will still not install.

Elizabeth

Could not attacjh file so i placed it here for you to see.
h**p://www.adoptasaint.org/errors/errors.jpg

Edited by Elizabeth123, 09 June 2008 - 01:17 PM.


#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 09 June 2008 - 04:44 PM

Hello Elisabeth,

Looks like you have a permissions problem. :thumbsup:

Let's see if we can fix that :

First thing to do is check wether you can open the registry editor :
Go to Start > Run and type regedit, click OK/Enter.

If registry editor appears, do the following:[#] Right-click on the HKEY_CLASSES_ROOT key, and choose Permissions.
[#] If "Everyone" is not listed in the "Group or user names" pane, click "Add", type "Everyone" in the box, and click OK.
[#] Select "Everyone" in the user names list. Next to "Full Control", checkmark the box under the "Allow" column. Click OK. This procedure will take quite a while, and you may receive errors. Drill-down in the HKEY_CLASSES_ROOT key until you come to .exe.
Right-click the .exe key, choose Permissions, and make sure that any (or as many as you can get) of the following have Full Control over the .exe key: "Everyone", <your user account>, Users, Administrators, Administrator.
Now run the repair permissions tool in Dial-a-Fix :[#] Open the Dial-a-Fix folder, launch the program by clicking on the blue cog-wheel icon.
[#] Click the Tools button (Hammer icon) on the bottom.
[#] Now click to select the Repair permissions line.
[#] Then click on 'GO' at the bottom.
[#] When finished, click "Close" and "Exit" and restart your pc.
Now you should be able to run Dial-a-Fix again and run the procedure described above.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 13 June 2008 - 12:58 AM

Hello Thunder,

Did everything you asked in last post, unfortunately after restarting, I was and am still unable to connect to the internet at all. Also I am unable to turn off or change in anyway "Windows Firewall". That is all I have noticed so far, I have tried every way imagineable to restore my internet connection to no avail. Although it looks to be connected, showing sent and received numbers in status window and also able to access other computers (2) that are on the "home network". Each time I try to open IE I get an "Internet Explorer cannot display the webpage" It gives me a more information option if you need more info. Still unable to do all updates needed. Every now and then it will do 1 or 2.

I have checked cable, using it now on this computer so it is not the cable. :thumbsup: :) :thumbsup: At this point I am on a borrowed computer to access this site.

Any help is appreciated.

Elizabeth

#12 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 13 June 2008 - 01:05 AM

Hello Thunder,

Did everything you asked in last post, unfortunately after restarting, I was and am still unable to connect to the internet at all. Also I am unable to turn off or change in anyway "Windows Firewall". That is all I have noticed so far, I have tried every way imagineable to restore my internet connection to no avail. Although it looks to be connected, showing sent and received numbers in status window and also able to access other computers (2) that are on the "home network". Each time I try to open IE I get an "Internet Explorer cannot display the webpage" It gives me a more information option if you need more info. Still unable to do all updates needed. Every now and then it will do 1 or 2.

I have checked cable, using it now on this computer so it is not the cable. :thumbsup: :) :thumbsup: At this point I am on a borrowed computer to access this site.

When I try to access firewall settings I get this:

Restrictions
This option has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
OK



Any help is appreciated.

Elizabeth

Edited by Elizabeth123, 13 June 2008 - 03:13 AM.


#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 13 June 2008 - 09:31 AM

Hello Elisabeth,

Lets check some settings on your system :

Go to Start > Settings > Control Panel.
If you are using Windows XP's Category View, select the Network and Internet Connections category, otherwise double click on Network Connections.
Right click on your default connection, usually local area connection (LAN), and left click on Properties.
Click the Networking tab.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems

Next go to Start > Run, and type cmd and hit OK
In the command window that opens : type ipconfig /flushdns (that space between g and / is needed)
then hit Enter, type Exit and hit Enter to close the window.

Can you connect to the internet now ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#14 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 13 June 2008 - 11:54 AM

Well imagine my surprise when I went to open the control panel and it was missing! I did not notice it was missing. I did some searching and found others with a missing control panel and did like they did and dl/ran combofix again. I did get the CP back and followed instructions above.

Still no internet :thumbsup:

Elizabeth

#15 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:03:10 PM

Posted 13 June 2008 - 08:19 PM

An added note;

Called Toshiba and got 2 hours of phone tech support and still no internet. They are blaming my network card (computer just went out of warranty) which I hear is part of the motherboard, BUT I am able to connect when I login in safe mode w/networking. We tried adding new user and still no internet in regular mode but perfect in safe mode.


Any ideas??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users