Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect is fixed, windows firewall error


  • This topic is locked This topic is locked
22 replies to this topic

#1 jeane30

jeane30

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 15 January 2012 - 09:51 AM

Hello,
I finally managed to remove google redirect virus following the instructions from here:

http://www.bleepingcomputer.com/forums/topic436184.html


but I still have some problems like windows firewall which when I try to turn on I get error :Windows Firewall can't change some of your settings. Error code 0x80070424.
Also I need to mention that while I was on step 8 on the instructions I couldn't check some options on gmer and I don't know if this is important, but there is an attached picture of how gmer looked like while scanning at the bottom.At this point Im scanning my pc and there are about 12 adware tracking cookies and Trojan Agent/Gen-MSFraud.
Also,I would like to ask why I can't uninstall some programs that were installed while pc was infected, when I try to unistall them from control panel I always get error messages.
So thank you for your help till now, I hope you could help me with these additional problems.

Thank you in advance

Attached Files


Edited by Budapest, 15 January 2012 - 05:24 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 15 January 2012 - 08:27 PM

Can you post your GMER log?

Thanks

#3 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 22 January 2012 - 08:52 AM

Do you meant this one?


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 15:15:31
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\d8a25e83dbe6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@c42c03bb335c 0x29 0x9D 0x73 0xDC ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@e806884aff30 0xCE 0x43 0xB4 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d8a25e83dbe6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@c42c03bb335c 0x29 0x9D 0x73 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@e806884aff30 0xCE 0x43 0xB4 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\d8a25e83dbe6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@c42c03bb335c 0x29 0x9D 0x73 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\d8a25e83dbe6@e806884aff30 0xCE 0x43 0xB4 0xC2 ...

---- EOF - GMER 1.0.15 ----


Thanks in advance

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 22 January 2012 - 08:59 AM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Lets fix the firewall after making sure that PC is clean

Good luck

#5 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 22 January 2012 - 10:57 AM

Thank you ,but I would like to mention that I have install Microsoft Security Essentials and SUPERAntiSpyware , should I unistall these two first or it doesn't matter?

Thank you

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 22 January 2012 - 11:00 AM

it doesnt matter

#7 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 22 January 2012 - 01:50 PM

Ok here is the log file:


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 18:01:31
-----------------------------
18:01:31.232 OS Version: Windows x64 6.1.7600
18:01:31.232 Number of processors: 4 586 0x1E05
18:01:31.233 ComputerName: LOLA-PC UserName: lola
18:01:32.872 Initialize success
18:09:10.635 AVAST engine defs: 12012200
18:09:29.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:09:29.914 Disk 0 Vendor: WDC_WD1001FALS-40Y6A0 05.01D06 Size: 953869MB BusType: 3
18:09:29.941 Disk 0 MBR read successfully
18:09:29.946 Disk 0 MBR scan
18:09:30.014 Disk 0 Windows 7 default MBR code
18:09:30.018 Disk 0 MBR hidden
18:09:30.021 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
18:09:30.031 Disk 0 Partition 2 00 AF HFS / HFS+ 476837 MB offset 409640
18:09:30.053 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 476703 MB offset 977235968
18:09:30.077 Service scanning
18:09:30.688 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:09:31.349 Modules scanning
18:09:31.357 Disk 0 trace - called modules:
18:09:31.367 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:09:31.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d41790]
18:09:31.383 3 CLASSPNP.SYS[fffff88001abd43f] -> nt!IofCallDriver -> [0xfffffa8004bc4cf0]
18:09:31.390 5 PCTCore64.sys[fffff88001141094] -> nt!IofCallDriver -> [0xfffffa8004a9ce40]
18:09:31.398 7 ACPI.sys[fffff88000f43781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a99060]
18:09:32.780 AVAST engine scan C:\Windows
18:09:35.371 AVAST engine scan C:\Windows\system32
18:11:09.666 AVAST engine scan C:\Windows\system32\drivers
18:11:20.158 AVAST engine scan C:\Users\lola
18:12:06.666 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
18:12:06.675 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"


And unfortunately, the list of found threats here:

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Windows\assembly\tmp\U\800000c0.@ Win64/Sirefef.W trojan cleaned by deleting - quarantined


Thank you

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 22 January 2012 - 07:29 PM

I need you to run ESET online scanner once and post the result

To be on safer side before running registry fixes i would suggest you to


Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Now Download the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

http://www.mediafire.com/?3g2d9ijwwe5aa75

Download three files

Launch them one by one,click YES when you get a prompt


Launch and import them to registry

If it opens as a notepad,right click on them

Click on OPEN WITH

Click on BROWSE

navigate to C:/WINDOWS and select REGEDIT and click ok

Now you should get a UAC prompt,click YES

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Good luck

Edited by narenxp, 22 January 2012 - 07:29 PM.


#9 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2012 - 04:26 AM

Do you mean to run ESET online scanner again?Because I did the scan yesterday, and the results were these:


C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Windows\assembly\tmp\U\800000c0.@ Win64/Sirefef.W trojan cleaned by deleting - quarantined


like I posted yesterday.

Thank you

Edited by jeane30, 23 January 2012 - 04:56 AM.


#10 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2012 - 08:12 AM

I did the online ESET scanning again there were no threats found this time,but for second time it stopped at 93%,I have Windows running on a mac via Bootcamp so at this point it was scanning on E disc where is my mac partition,but I couldn't save results because my pc froze so I had to force shut down.

I m moving to next steps, I hope its ok.

Thank you

#11 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2012 - 08:31 AM

Ok I did all the steps and windows firewall works great now!Thank you so much for your help!

Is there anything else I should do?


Thank you again

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 23 January 2012 - 11:44 AM

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2012 - 01:31 PM

Ok done!


Many thanks for helping me! And yea I will be very careful from now on!

Thank you much!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:46 AM

Posted 23 January 2012 - 01:39 PM

You're welcome :)

#15 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 31 January 2012 - 02:03 PM

Hi, I just want to mention that my pc crashed two times ,also it fails to do updates and I m getting some error messages for some programs too.

Do you think this is related to the infection that had before? Can I do something about that?

I hope I did not post this in the wrong place,

Thanks in advance




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users