Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INTERNET BROWERS INFECTED WITH ANTI VIRUS PLUS


  • Please log in to reply
13 replies to this topic

#1 mabel6

mabel6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 11:00 AM

My internet browers Firefox and Google are infected with I think Anti virus Plus when I try to access one favourite website. I can access other websites without problem This one website brings up fake alerts which keep changing but say I need to run antivirus plus or system security plus and my computer is infected. The firefox browser brings up easywinscanner17.com on this favourite website. I have run Bullguard my usual virus checker and malwarebytes both of which showed nothing. Spybot shows nothing. I ran Spyware Doctor which showed Trojan.Generic and fixed it. How can I clear my browser?

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 11:03 AM

Hello.

Please do the following for me.

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Let me know how it goes.

With regards,
extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 11:08 AM

ATF Cleaner is for XP and Windows 2000. I am using Vista but have also run CC Cleaner first. Should I just go ahead with malwares bytes again.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 11:20 AM

Hello.

Run CCleaner's Cleaner option. DO NOT use the registry option cleaner. Run CCleaner instaed then and then run MBAM.

Post the results once it's done.

with regards,
extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 11:30 AM

The scan still shows my computer as being clear:

Malwarebytes' Anti-Malware 1.34
Database version: 1881
Windows 6.0.6000

21/03/2009 16:27:12
mbam-log-2009-03-21 (16-27-12).txt

Scan type: Quick Scan
Objects scanned: 85279
Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Please let me know what to do next

#6 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 11:57 AM

Hi
Are you still around to help me with next step as I'm keen to resolve this as quickly as poss. Thanks

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 11:57 AM

Hello.

Okay. What is the link that you get redirected to the fake AS page? Is it ONLY that ONE page?

Please provide the link in this post. Kill the link in case it's a bad one. To kill the link just put two xx replaced with tt.

eg: hxxp://www.google.ca/

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 11:58 AM

Hello.

Are you still around to help me with next step as I'm keen to resolve this as quickly as poss. Thanks

Yes, but please be patient. I have other things to do as well, and I cannot sit in front of a computer for 24 hours straight. I also have other members to help out, which is not only you so there WILL be delays in my response.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 12:08 PM

yes it seems to be only one page. The link is hxxp://www.abersoch.co.uk

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 12:44 PM

Hello.

hmm... It's only one site. Let's see what we can do. Without any log I'm not sure what's the problem. We many need to move you to the Malware Removal forum to have an idea of your computer and the problems it may have or may not have.

Disable Realtime Protection

Realtime security programs are important for keeping out malware. However, they can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run HostsXpert

Some infections will put malicious lines into your hosts files. We will reset your hosts file with HostsXpert.
  • Please down load HostsXpert.zip to your desktop and unzip the contents.
  • A folder named HostsXpert will be created. Open it and run HostsXpert.exe by double clicking it.
  • Click on the botton Make Writeable? .
  • Click Restore Microsoft's Hosts File.
  • Close out of the window.
If you have added modifications to your hosts file, they will need to be re-added

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 21 March 2009 - 01:06 PM

probably messed this up as when I did it first time got error message cannot create file C\Windows\system32\Drivers\...\hosts could not read my writing for ... so did it again then it accepted it without error message

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 March 2009 - 01:46 PM

Hello.

Did that make any difference at all? Do you still have that same problem?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 mabel6

mabel6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 22 March 2009 - 11:54 AM

You're a genius it works! When I entered site this message was displayed which also explains
Abersoch.co.uk Hacked! - Update! (22/03/2009)
Last week the company that hosts this website had its security breached which resulted in hundreds of its customers having their websites altered for a short time so that browsers were directed to dodgy porn sites or anti virus websites. Unfortunately, abersoch.co.uk was one of the sites that had some of its pages changed. Once this was discovered, all files on abersoch.co.uk were checked and the offending pages removed. However, there was still an issue whereby accessing the site via google was directing people towards the dodgy websites. We have just been informed (Sunday lunchtime) that the google issue has also now been resolved and all is normal on the site. Many apologies for any inconvenience and confusion caused by this, but we hope you appreciate that this event was totally beyond our control

Thanks for your help.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 22 March 2009 - 05:47 PM

You're welcome.

That makes sence now. I thought it was also hacked too because it was only that ONE website. Infections don't usually target just ONE site, it's usually more.

Glad I could help and good luck!

Some prevention tips.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users