Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recommended for you ads and pop ups


  • Please log in to reply
25 replies to this topic

#16 ladyluna

ladyluna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 16 May 2012 - 07:24 PM

"hosts" file looks the same as before.

You said you were able to delete "hosts" file.
Are you sure you deleted "hosts" file not "hosts.txt" file?


Yes...actually, the text file is still there.

BC AdBot (Login to Remove)

 


#17 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 AM

Posted 16 May 2012 - 07:26 PM

hosts.txt is irrelevant.

Since you said you're able to delete "hosts" file from normal mode, please do it again.
Do nothing else afterwards but post new System Look log rna with the same script as in my reply #8.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#18 ladyluna

ladyluna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 17 May 2012 - 04:08 AM

hosts.txt is irrelevant.

Since you said you're able to delete "hosts" file from normal mode, please do it again.
Do nothing else afterwards but post new System Look log rna with the same script as in my reply #8.



It's impossible. I've tried in both modes and it won't work. All it says is "access denied" and that I need permission as and administrator. I've check the security tab of the etc folder and it seems as I can't have total control of the etc folder even as an administrator ( it won't let me touch anything). "Take ownership" shows up in my right-click menu and a little black window pops-up when I click on it but it closes so fast I can't even check what it says.

The adds are still there. :-(

#19 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 AM

Posted 17 May 2012 - 10:49 AM

For 32-bit systems please download GrantPerms.zip and save it to your desktop.
For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#20 ladyluna

ladyluna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 17 May 2012 - 04:59 PM

For 32-bit systems please download GrantPerms.zip and save it to your desktop.
For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.



Here is the log of the GrantPerms 64

GrantPerms by Farbar
Ran by Raquel (administrator) at 2012-05-17 23:37:56

===============================================
\\?\C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Owner: BUILTIN\Administradores

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administradores FULL ALLOW (I)
BUILTIN\Usuarios READ/EXECUTE ALLOW (I)


And since it said it was successfully unlocked, I went back and tried to delete the hosts files....AND.....here are the results of my last MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Raquel (administrator) on 17-05-2012 at 23:54:16
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****



:thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup:

Anything else I need to do to make sure everything is in order? I also went to the windows link to reset my hosts file. :-)

#21 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 AM

Posted 17 May 2012 - 07:03 PM

Perfect!

How is redirection?

Couple more steps...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#22 ladyluna

ladyluna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 19 May 2012 - 05:58 PM

Perfect!

How is redirection?

Couple more steps...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.



Sorry for the delay. I needed time to run Eset.:-) Both came clean so they didn't produce logs. The adds have not shown up anymore and I has't redirected me either.

Edited by ladyluna, 19 May 2012 - 05:59 PM.


#23 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 AM

Posted 19 May 2012 - 06:16 PM

Good news :)

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

=======================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==============================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current (including Service Pack 1 installation!!!)

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#24 ladyluna

ladyluna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 21 May 2012 - 03:40 PM

Thank you SO very much for your help! I'm taking notes so it won't happen again. :thumbsup:

#25 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:58 AM

Posted 21 May 2012 - 07:03 PM

You're very welcome Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#26 MxpZz

MxpZz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 22 May 2012 - 08:52 AM

Hi!!

Maybe I shouldn't post here, but I have the same problem as her, should I do the same as you said in your #2?

Tell me if I should open a new thread instead.

Thanks a lot!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users