Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security problem


  • Please log in to reply
6 replies to this topic

#1 markiz

markiz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 31 October 2010 - 04:39 AM

so apparently i can not star a new topic in security forum, so i will ask here and beg for mercy..

My sister (and it really is her) got infected by security master av. there is a guide on bleepingcomputer which i followed and i removed it. but for some reason, even after i replaced changed hosts file with a clean default one, browsing in any browser still does not work. the only webpage that loads is gmail (she says it was opened when she clicked all those "clean my system" or whatever crap dialogues).

so if it's myabe an easy fix, it would be great. I did search these forums, but found no helpful information.

Thanks!

Edited by hamluis, 31 October 2010 - 10:19 AM.
Moved from Win 7 to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 dodes

dodes

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 AM

Posted 31 October 2010 - 09:11 AM

First of all, which browser(s) are you using? What versions are each of the browsers you're using? And which OS are you running?

1) Reset IE.
Start > Run > inetcpl.cpl
Advanced tab > Reset > check the "delete personal settings" checkbox if you see it > reset > close and reopen IE.

2) Verify the hosts file has remained clean.
Start > Run > %windir%\system32\drivers\etc
Open notepad with administrator privileges (Vista/7)
Drag the "hosts" file onto the notepad window to view its contents. As far as I'm aware the hosts file should not be hidden by default, but may be after a malware infection, so in order to see it you may have to "show hidden files". I've even seen cases where it was necessary to "show protected operating system files". Configure both of these by:
Start > Run > control folders > View tab > "Show hidden files, folders, and drives" and "Hide protected operating system files"

In my anti-malware work elsewhere, oftentimes I've seen infections like Security Master AV accompanied by additional infections (such as additional trojans and downloaders, etc). It's very possible residual infections may be to blame for the behavior of your browsers. It would be a good idea to rule out the possibility that your system contains more infections before you troubleshoot any further. I would tell you to get in touch with a Malware Response Team member to talk about searching your system for more infections, but then why can't you start a new topic over in the security forum?
Windows 7 Pro x64
Biostar TH55B-HD
WD Corsair Black 500GB | Samsung Spinpoint F3 1TB
G-Skill 2x2GB 1066 DDR3 SDRAM
NVIDIA GeForce GT 240

#3 dodes

dodes

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 AM

Posted 31 October 2010 - 09:18 AM

Furthermore, before you post anything else, please read:

http://www.bleepingcomputer.com/forums/topic18366.html

It will be easier for everyone here to help you if you follow those guidelines.
Windows 7 Pro x64
Biostar TH55B-HD
WD Corsair Black 500GB | Samsung Spinpoint F3 1TB
G-Skill 2x2GB 1066 DDR3 SDRAM
NVIDIA GeForce GT 240

#4 markiz

markiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 31 October 2010 - 11:43 AM

i honestly do not mean to be rude, and i am grateful for your reply, but assuming everyone with a problem is a total.. newbie.. is getting old. i am far from being expert in these matters (or i would have solved this), but when has reseting IE settings done any good? the settings and cache for all of the browsers were cleaned and reset.

Browsers i tried are latest opera and chrome. System is up to date with all of the windows updates. i cleaned computer with malewarebytes and superantispyware both in safe mode and normal. also with avast free antivirus. also i thoroughly cleaned computer with ccleaner3 and tuneup utilities 2010. i also manually searched for all the files security master av leaves, just in case (there were none left, and also it was security master av). hosts file is clean since i copied it (the whole etc folder actually) from my laptop.

I have college and i also work, so i do not really have much time for others peoples problems (be it my sister or someone else) but i will look into what combofix is, since i see it mentione a lot here.

anyway, if anyone has any advice, i will be grateful and will check back here regularly.

poz

#5 markiz

markiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 31 October 2010 - 05:06 PM

it was a proxy!
i disabled it, and everything is peachy now!

#6 dodes

dodes

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 AM

Posted 02 November 2010 - 03:39 AM

Lol, resetting IE to its default settings would have removed any proxy configured via IE. IE is not configured by default to connect via proxy.
Resetting IE, and removing personal settings (when possible, whenever the IE reset dialogue presents you with the option) is always a viable troubleshooting option - there are several issues that an IE reset can fix. You need to understand that there's a difference between "assuming everyone here is a newbie" and leaving no stone unturned. So yes, resetting IE does more "good" than you might think...

And TuneUp Utilities 2010? I hope you didn't pay for that...
Windows 7 Pro x64
Biostar TH55B-HD
WD Corsair Black 500GB | Samsung Spinpoint F3 1TB
G-Skill 2x2GB 1066 DDR3 SDRAM
NVIDIA GeForce GT 240

#7 markiz

markiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 04 November 2010 - 01:10 PM

well actually, my sister is using opera, which comes with it's own proxy settings. but yes, if resetting IE wipes proxy settings, i did leave stones unturned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users