Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Access Www.google.com Anymore...


  • Please log in to reply
5 replies to this topic

#1 fretman

fretman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 01 June 2008 - 10:33 AM

Hi Folks,

I知 hoping someone can give me a hand with this problem I知 having. This past weekend I was NOT able to log into the site www.google.com anymore. As well, any site that had the name google.com associated to the URL met with the same problem.

When I try to enter www.google.com I get what I consider a fake Google Security page saying that infected files are found on my computer and that they have to be cleaned before I can access their Google site. The page does a quick scan and says that the following infections are present

1. Spyware - Spyware.IEMonster.d
2. Adware - Zlob.Googl.MS.Yah.block
3. Spyware - Spyware.IMMonitor
4. Spyware - St.Worw.Hack
5. Backdoor - Win32.Rbot.fm
6. Trojan - Infostealer.Banker.E
7. Dialer - Dialer.Xpehbam.biz_dialer
8. Trojan - Mail.Spm.Ass.exe

The page then opens up a dialog box asking me to download and run the following program 窶廬nstaller_GLE.exe窶. I did some research on the net and found that this may be a program to install even more spyware or viruses on your computer.

I also tried doing some research on the net to find if anyone else was having or had the same problem. There were only a few individuals who posted on some other forums regarding this but they never were able to correct the problem.

I have tried running several programs to remove spyware, malware, viruses, Trojans with no luck. I have tried Ad-Aware, Spybot, SpyWare Blaster, AVG Anti-Virus, AVG Anti-Spyware, and Ewido. Some minor issues were detected such as tracking cookies but nothing has helped because I am still having the same problem.

I did try a program called XoftSpySE and when it did a scan it did find something resembling my problem with www.google.com. It found some Agent Trojans but I was not able to remove them because every time I did a scan again the same Trojans would appear.

I am asking for your assistance in helping me with this problem. If you require further information please let me know. I thank you for your attention to this matter. I am running Windows XP Professional SP2 with IE 6.0. I tried Mozilla Firefox and I had the same issue.

Based on the information I致e given you should I be concerned right now about using my computer? Should I start removing all my important files from my hard drive? Or is this issue more of an annoyance than anything else.

Thanks.

Edited by fretman, 01 June 2008 - 10:39 AM.


BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 June 2008 - 10:47 AM

please try these two scans but first I suggest you empty your temp internet files folder;


Superantispyware; guide on how to install and run


If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the 祖heck for updates 奏ab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the 創ext tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click 創ext


A notification should appear that

倉uarantine and removal is complete

click 双k
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer痴 normal mode I suggest you reboot to enable the 素ix the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the 宋iew log tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

.........................................................


malawarebytes
you need to be ON line to start this process and please run the scan in computer痴 NORMAL mode

http://www.besttechie.net/tools/mbam-setup.exe


alternate download link 1

http://malwarebytes.gt500.org/mbam-setup.exe


alternate download link

2
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html




suggest; download the exe to your downloads folder so you know where to find it;

create from that folder a shortcut to your desktop

.
Double-click on the to install the application.
The installation is relatively straight forward; just follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
The Program will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, you may manually download them from
here
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

On the main interface you will see different tabs at the top of the program?

Select each to see what they ask of you and what they each represent;
When you are ready to scan you will be asked to select the drives you wish to scan? The program should recognise ALL your drives ; if it does not I suggest you select all drives

You will be asked to select either a quick scan or a full computer scan my recommendation is to do a full scan so your search does not miss anything

Click the start button and let the scan run; it will show you how it is progressing, what section it is on and the elapsed time I ran a full trial scan on my relatively empty XP for a 壮ampling ;your scan may take about an hour or so to run;


When the scan is complete a message box will say "The scan completed successfully. Click on 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
On the Main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Ensure everything is checked,

click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log should be saved automatically and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.


Note: please be aware ;

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

once those scans are run we can see better what IS going on but do you do any banking etc on this comp?

I suggest you remove to somewhere safe (back up) anything you can

#3 fretman

fretman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 01 June 2008 - 03:14 PM

Thanks for the feedback Ruby1. I ran SUPERAntiSpyware and Anti-Malware as you suggested. There were a few detections which were removed but I am still having the same problem of trying to access the google.com sites.

Here are the logs you requested. Thanks for the help.

==================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2008 at 02:26 PM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type : Complete Scan
Total Scan Time : 00:36:58

Memory items scanned : 154
Memory threats detected : 0
Registry items scanned : 5142
Registry threats detected : 0
File items scanned : 17469
File threats detected : 47

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BEARSHARE.LNK
C:\DOCUMENTS AND SETTINGS\JIMMY\DESKTOP\BEARSHARE.LNK

Adware.Tracking Cookie
C:\Documents and Settings\Jimmy\Cookies\jimmy@kontera[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@te.kontera[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@1.marketbanker[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@xiti[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@xiti[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@enhancedperfection[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@rb4.worldsex[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@ads.ak.facebook[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@cassava[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@mediaonenetwork[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@asiafriendfinder[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.windowsmedia[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@porn[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adultbouncer[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@bizrate[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@windowsmedia[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@media.cmt[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@rb4.worldsex[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@ad.yieldx[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@ads.monster[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@xiti[3].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@ad.flux[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@rb4.worldsex[3].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@kontera[3].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adstats.cdfreaks[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@clonedvd-2-exchange-serial-code-online-key-125237[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@warezreleases[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@crackserialkeygen[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@worldsex[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.halstats[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.w3counter[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@savorwinecountry[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adserver.toptenreviews[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adcentriconline[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.porncovers[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@adecn[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@porncovers[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@mediaonenetwork[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.sexymomstown[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@sex[2].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@www.insex[1].txt
C:\Documents and Settings\Jimmy\Cookies\jimmy@tracking.citibank[2].txt

=====================================

Malwarebytes' Anti-Malware 1.14
Database version: 812

3:25:45 PM 6/1/2008
mbam-log-6-1-2008 (15-25-45).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 89079
Time elapsed: 23 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jimmy\Local Settings\Temp\2881989757.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spywarewarning2.mht (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 June 2008 - 05:29 PM

suggest you empty your temp internet files folder; fully update superantispyware, reboot; rerun super and I suggest you quarantine all it finds ;

do you know you have P2P programs on there?and the risks associated WITH the use OF such programs?

BearShare File Sharing Client


http://www.google.co.uk/search?hl=en&q...earch&meta=

are you actively doing downloads?

#5 fretman

fretman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 01 June 2008 - 07:34 PM

OK....I'll try what you mentioned again. I don't actively do downloads but every now and then I will do one with BearShare.

The first time I did empty my temp folder completely but and when I ran those programs I did NOT quarantine BearShare.

Thanks again.

#6 fretman

fretman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 05 June 2008 - 07:59 PM

I solved my problem. I ran CWShredder and it fixed it. Thanks again for all the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users