Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected- can't get to Gmail and google re-directing


  • This topic is locked This topic is locked
1 reply to this topic

#1 jahaka

jahaka

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 14 May 2009 - 09:00 AM

I'm new to the world of these nefarious infections and I'm floundering, so forgive my ineptitude at describing what is going on:

1. I'm unable to access the gmail login page. Error message:

Failed to Connect

Firefox canít establish a connection to the server at http://www.google.com.
Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computerís network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

2. I can't access using either Firefox or IE7

3. I can access login page with a neighbor's computer.

4. I can access all other google pages. When I get onto the google help forum, I can negotiate all pages, except when I click on the "Post a question" link I get the same error message as above.

5. When I try to get to the igoogle.com site I get this message:

Redirect Loop

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the siteís cookies does not resolve the problem, it is likely a server configuration issue and not your computer.


6. Doing a google search for gmail, and then clicking on that link, I get sent to bullz-eye.com via a "relevantwebsite.com" site.


What I run:
PC/Vista
Firefox 3/ IE7
wireless router
AVG free


What I've done:

1. I can access/navigate symantec, mcaffee and trendmicro sites
2. I've done Spybot
3. I've done Dr. Web- 0 results.
4. I've done Malwarebytes, as ordered, cleaned up 9 things, rebooted and here is the notepad result:

Malwarebytes' Anti-Malware 1.36
Database version: 2130
Windows 5.1.2600 Service Pack 3

5/14/2009 9:39:56 AM
mbam-log-2009-05-14 (09-39-56).txt

Scan type: Quick Scan
Objects scanned: 105325
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QW2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\User1\Application Data\Malware Catcher 2009 (Rogue.MalwareCatcher2009) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\GBGLCGJG\ReleaseXP[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\WebfettiSetup2.3.50.45.ZKfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\User1\Application Data\Malware Catcher 2009\cookies.sqlite (Rogue.MalwareCatcher2009) -> Quarantined and deleted successfully.


I'd appreciate any help you could provide. Thank you

UPDATE:

I've done ATF
I've scanned with SAS in safemode. The scan was completed but got a message I don't understand:

Delayed write failed. error caused by a failure of computer hardware or network connection

And I can't open the log file

Edited by jahaka, 14 May 2009 - 09:51 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:10 PM

Posted 14 May 2009 - 09:59 AM

You have a log posted in our HJT forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.


To avoid confusion, I am closing this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users