Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer cannot display the webpage


  • Please log in to reply
No replies to this topic

#1 taverres

taverres

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 09 July 2010 - 07:53 AM

About 10 days ago I ordered something from TurntableNeedles.com. When I confirmed the order, AV popped up and warned about viruses and wanted me to order their protection. I don't remember exactly my first response but I recognized the threat as one that attacked my wife's computer in the past. I closed the dialog box but the damage had been done. None of my executable programs worked without initiating the warning of a virus. I used AVG to run a scan and then ran Malwarebytes and then the programs seemed to work okay. However, I tried Internet Explorer and every website I tried to access brings the message "Internet Explorer cannot display the webpage" except one and that was myMDAnderson.com. In the Title Bar that particular webpage there is an icon with a padlock. None of the other websites have this. I also ran CCleaner.

The affected computer is an HP zv5370us. I am trying to correct the problem using this Toshiba to get onto your website and follow some of the steps I have found. I started in Safe Mode with Networking. I downloaded FixExe.reg onto this computer and transferred it and ran it. I did the same with RKill. I also downloaded, transferred and ran SUPERAntiSpyware. However, the sick computer would not allow access for updating. So I downloaded, transferred and ran SUPERAntiSpyware Portable. I then ran Malwarebytes again. While SUPERAntiSpyware was not able to download updates on the infected computer, Malwarebytes did download updates. I'm confused.

The first logs (pasted below) from Malwarebytes and SUPERAntiSpyware show infections and the files that were taken care of. The last logs indicate a clean C drive. The computer seems to run fine. It became much faster after CClean was run. But accessing websites is still not possible except for the one mentioned. I'm wondering if maybe the malware is gone but it left me with a bad or missing file of some sort. Your help will be appreciated very much.

The logs from the MBAM and SAS scans are as follows:

---------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/2/2010 2:08:06 PM
mbam-log-2010-07-02 (14-08-06).txt

Scan type: Quick scan
Objects scanned: 168372
Time elapsed: 48 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aikfbxoi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aikfbxoi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Thomas Stellman\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

---------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4295

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/9/2010 5:30:11 AM
mbam-log-2010-07-09 (05-30-11).txt

Scan type: Quick scan
Objects scanned: 148724
Time elapsed: 24 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2010 at 00:01 AM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type : Complete Scan
Total Scan Time : 01:34:10

Memory items scanned : 281
Memory threats detected : 0
Registry items scanned : 9087
Registry threats detected : 8
File items scanned : 42122
File threats detected : 44

Trojan.Agent/Gen
HKLM\System\ControlSet001\Services\8efe78136aa9a140efa5c1d2
C:\WINDOWS\SYSTEM32\DRIVERS\8EFE78136AA9A140EFA5C1D2.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_8efe78136aa9a140efa5c1d2
HKLM\System\ControlSet002\Services\8efe78136aa9a140efa5c1d2
HKLM\System\ControlSet002\Enum\Root\LEGACY_8efe78136aa9a140efa5c1d2
HKLM\System\ControlSet004\Services\8efe78136aa9a140efa5c1d2
HKLM\System\ControlSet004\Enum\Root\LEGACY_8efe78136aa9a140efa5c1d2
HKLM\System\CurrentControlSet\Services\8efe78136aa9a140efa5c1d2
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_8efe78136aa9a140efa5c1d2

Adware.Tracking Cookie
interclick.com [ C:\Documents and Settings\Kids\Application Data\Macromedia\Flash Player\#SharedObjects\6WZKJEYF ]
C:\Documents and Settings\Kids\Cookies\kids@server.cpmstar[2].txt
C:\Documents and Settings\Kids\Cookies\kids@content.yieldmanager[3].txt
C:\Documents and Settings\Kids\Cookies\kids@webads.hookedmediagroup[2].txt
C:\Documents and Settings\Kids\Cookies\kids@interclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.booeep[2].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.bridgetrack[1].txt
C:\Documents and Settings\Kids\Cookies\kids@serving-sys[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.widgetbucks[1].txt
C:\Documents and Settings\Kids\Cookies\kids@adbrite[2].txt
C:\Documents and Settings\Kids\Cookies\kids@adserver.adtechus[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.pointroll[1].txt
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wjnyohcjkgo.stats.esomniture[2].txt
C:\Documents and Settings\Kids\Cookies\kids@advertising[1].txt
C:\Documents and Settings\Kids\Cookies\kids@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.predictad[1].txt
C:\Documents and Settings\Kids\Cookies\kids@pro-market[2].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.gamesbannernet[1].txt
C:\Documents and Settings\Kids\Cookies\kids@invitemedia[2].txt
C:\Documents and Settings\Kids\Cookies\kids@2o7[2].txt
C:\Documents and Settings\Kids\Cookies\kids@a1.interclick[2].txt
C:\Documents and Settings\Kids\Cookies\kids@ad.wsod[2].txt
C:\Documents and Settings\Kids\Cookies\kids@ad.yieldmanager[1].txt
C:\Documents and Settings\Kids\Cookies\kids@adlegend[2].txt
C:\Documents and Settings\Kids\Cookies\kids@apmebf[1].txt
C:\Documents and Settings\Kids\Cookies\kids@at.atwola[1].txt
C:\Documents and Settings\Kids\Cookies\kids@atdmt[1].txt
C:\Documents and Settings\Kids\Cookies\kids@bs.serving-sys[1].txt
C:\Documents and Settings\Kids\Cookies\kids@buildabear.122.2o7[1].txt
C:\Documents and Settings\Kids\Cookies\kids@collective-media[1].txt
C:\Documents and Settings\Kids\Cookies\kids@content.yieldmanager[1].txt
C:\Documents and Settings\Kids\Cookies\kids@doubleclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Kids\Cookies\kids@fastclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@imrworldwide[1].txt
C:\Documents and Settings\Kids\Cookies\kids@insightexpressai[2].txt
C:\Documents and Settings\Kids\Cookies\kids@network.realmedia[1].txt
C:\Documents and Settings\Kids\Cookies\kids@pointroll[2].txt
C:\Documents and Settings\Kids\Cookies\kids@revsci[2].txt
C:\Documents and Settings\Kids\Cookies\kids@videoegg.adbureau[2].txt
C:\Documents and Settings\Kids\Cookies\kids@specificclick[2].txt
C:\Documents and Settings\Kids\Cookies\kids@statcounter[1].txt
C:\Documents and Settings\Kids\Cookies\kids@tacoda[1].txt

---------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 02:30 AM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type : Complete Scan
Total Scan Time : 04:51:23

Memory items scanned : 304
Memory threats detected : 0
Registry items scanned : 8464
Registry threats detected : 0
File items scanned : 210232
File threats detected : 0
---------------------------------------------------------------

Edited by hamluis, 09 July 2010 - 02:15 PM.
Moved from Web Browsing/Email to more appropriate Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users