Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot conect to the real google.com website


  • This topic is locked This topic is locked
14 replies to this topic

#1 billyn4

billyn4

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 February 2014 - 11:58 AM

Hi everyone. 

 

When trying to access google.com using Google Chrome, I keep getting the following message: 

 

Cannot connect to the real www.google.es

 

Something is currently interfering with your secure connection to www.google.es.

Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.

If you were to visit www.google.es right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.es.

 

 

After going through some forums including this one, I came to the conclusion this error could be due to a malware infection.

 

The antivirus software installed on this compuer (Avast) has detected the following malware:

 

- Win32:Rootkit-gen [Rtk]

 

- Win32:Malware-gen

 

- VBS:Malware-gen

 

After instructing it to clean these threats, the error still persists.

 

I hope someone could assiste me in order to resolve this issue. 

 

I haven't performed any other scans as I understand each computer is different and therefore may require a different solution.

 

Thanks in advance. 

 

 



BC AdBot (Login to Remove)

 


#2 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 16 February 2014 - 12:49 PM

Also run Malwarebytes, Superantispyware, spybot s&d 1.6.2 version.....run these in safemode and run full scans then remove anything they find. Then reboot and recheck your system.



#3 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 February 2014 - 07:18 PM

Also run Malwarebytes, Superantispyware, spybot s&d 1.6.2 version.....run these in safemode and run full scans then remove anything they find. Then reboot and recheck your system.

Thank you very much for your reply. 

 

I have run all the mentioned scans in safe mode but I still get the message on Google Chrome.

 

What would be the next step in order to locate the problem?



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:30 AM

Posted 17 February 2014 - 04:19 AM

Hello billyn -

Please run through these programs in the order they are listed.

Be sure to Fully Read the instructions for each item, and ask if you are not sure about anything.

After each one please Copy and Paste the result of the scan back here.

Please be sure to download all programs to Desktop, not to other folders.

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

 

Next -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

Now:

Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and the paste this log in your next post.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

If you have Malwarebytes' Anti-Malware installed, just Update it and run a Full Scan.

Or -

Download Malwarebytes' Anti-Malware Free (aka MBAM)

* Do not accept any Free Pro Trial Versions at this time.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.
The latest version of the program now scans archive files which were previously not scanned.

 

Click on the word GOOGLE in my signature below and see if that takes you to Google.

Or set a Home Page to http://www.google.com/


Edited by noknojon, 17 February 2014 - 03:27 PM.


#5 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 17 February 2014 - 03:32 PM

Hi,

 

Here are the reports in the order you've mentioned:

 

Securitycheck

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Espere mientras se instala WMIC. 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 HijackThis 2.0.2    
 CCleaner     
 Java™ 6 Update 6  
 Java version out of Date! 
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Minitoolbox
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Administrador (administrator) on 05-01-1980 at 05:02:24
Running from "C:\Documents and Settings\Administrador\Escritorio"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Configuración IP de Windows
 
 
 
Se vació con éxito la caché de resolución de DNS.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Adaptador de red 1394 = Conexión 1394 (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Conexiones de red inalámbricas (Connected)
Broadcom 440x 10/100 Integrated Controller = Conexión de área local (Media disconnected)
 
 
# --------------------------------------------- 
# Configuración de la interfaz IP               
# --------------------------------------------- 
pushd interface ip
 
 
# Configuración de la interfaz IP para "Conexión de área local"
 
set address name="Conexión de área local" source=dhcp 
set dns name="Conexión de área local" source=dhcp register=PRIMARY
set wins name="Conexión de área local" source=dhcp
 
# Configuración de la interfaz IP para "Conexiones de red inalámbricas"
 
set address name="Conexiones de red inalámbricas" source=dhcp 
set dns name="Conexiones de red inalámbricas" source=dhcp register=PRIMARY
set wins name="Conexiones de red inalámbricas" source=dhcp
 
 
popd
# Fin de la configuración de la interfaz IP
 
 
 
 
Configuración IP de Windows
 
 
 
        Nombre del host . . . . . . . . . : fouad
 
        Sufijo DNS principal  . . . . . . : 
 
        Tipo de nodo . . . . . . . . . .  : desconocido
 
        Enrutamiento habilitado. . . . . .: No
 
        Proxy WINS habilitado. . . . .    : No
 
 
 
Adaptador Ethernet Conexión de área local          :
 
 
 
        Estado de los medios. . . .: medios desconectados
 
        Descripción. . . . . . . . . . .  : Broadcom 440x 10/100 Integrated Controller
 
        Dirección física. . . . . . . . . : 00-17-08-42-00-73
 
 
 
Adaptador Ethernet Conexiones de red inalámbricas          :
 
 
 
        Sufijo de conexión específica DNS : 
 
        Descripción. . . . . . . . . . .  : Intel® PRO/Wireless 3945ABG Network Connection
 
        Dirección física. . . . . . . . . : 00-18-DE-A3-30-A8
 
        DHCP habilitado. . . . . . . . .  : No
 
        Autoconfiguración habilitada. . . : Sí
 
        Dirección IP. . . . . . . . . . . : 192.168.1.6
 
        Máscara de subred . . . . . . . . : 255.255.255.0
 
        Puerta de enlace predeterminada   : 192.168.1.1
 
        Servidor DHCP . . . . . . . . . . : 192.168.1.1
 
        Servidores DNS . . . . . . . . . .: 62.81.16.213
 
                                            62.81.29.254
 
        Concesión obtenida . . . . . . .  : sábado, 05 de enero de 1980 4:51:07
 
        Concesión expira . . . . . . . . .: sábado, 05 de enero de 1980 5:51:07
 
Servidor:  62.81.16.213.static.user.ono.com
Address:  62.81.16.213
 
Nombre:  google.com
Addresses:  173.194.34.193, 173.194.34.192, 173.194.34.197, 173.194.34.196
 173.194.34.199, 173.194.34.195, 173.194.34.206, 173.194.34.194, 173.194.34.198
 173.194.34.201, 173.194.34.200
 
 
 
Haciendo ping a google.com [173.194.34.201] con 32 bytes de datos:
 
 
 
Respuesta desde 173.194.34.201: bytes=32 tiempo=9ms TTL=55
 
Respuesta desde 173.194.34.201: bytes=32 tiempo=10ms TTL=55
 
 
 
Estad¡sticas de ping para 173.194.34.201:
 
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
 
    (0% perdidos),
 
Tiempos aproximados de ida y vuelta en milisegundos:
 
    M¡nimo = 9ms, M ximo = 10ms, Media = 9ms
 
Servidor:  62.81.16.213.static.user.ono.com
Address:  62.81.16.213
 
Nombre:  yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Haciendo ping a yahoo.com [206.190.36.45] con 32 bytes de datos:
 
 
 
Respuesta desde 206.190.36.45: bytes=32 tiempo=261ms TTL=45
 
Respuesta desde 206.190.36.45: bytes=32 tiempo=220ms TTL=45
 
 
 
Estad¡sticas de ping para 206.190.36.45:
 
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
 
    (0% perdidos),
 
Tiempos aproximados de ida y vuelta en milisegundos:
 
    M¡nimo = 220ms, M ximo = 261ms, Media = 240ms
 
 
 
Haciendo ping a 127.0.0.1 con 32 bytes de datos:
 
 
 
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
 
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
 
 
 
Estad¡sticas de ping para 127.0.0.1:
 
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
 
    (0% perdidos),
 
Tiempos aproximados de ida y vuelta en milisegundos:
 
    M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
 
===========================================================================
ILista de interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 08 42 00 73 ...... Broadcom 440x 10/100 Integrated Controller - Minipuerto del administrador de paquetes
0x3 ...00 18 de a3 30 a8 ...... Intel® PRO/Wireless 3945ABG Network Connection - Minipuerto del administrador de paquetes
===========================================================================
===========================================================================
Rutas activas:
Destino de red        M scara de red   Puerta de acceso   Interfaz  M‚trica
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.6  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0      192.168.1.6     192.168.1.6  25
      192.168.1.6  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255      192.168.1.6     192.168.1.6  25
        224.0.0.0        240.0.0.0      192.168.1.6     192.168.1.6  25
  255.255.255.255  255.255.255.255      192.168.1.6               2  1
  255.255.255.255  255.255.255.255      192.168.1.6     192.168.1.6  1
Puerta de enlace predeterminada:       192.168.1.1
===========================================================================
Rutas persistentes:
  ninguno
 
========================= Event log errors: ===============================
 
Application errors:
==================
 
System errors:
=============
Error: (01/05/1980 04:52:26 AM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
Error: (01/04/1980 09:23:13 AM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
Error: (01/04/1980 09:20:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio EventSystem con argumentos ""
para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/04/1980 08:38:40 AM) (Source: Service Control Manager) (User: )
Description: El controlador de inicialización siguiente no se cargó correctamente: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
SASDIFSV
SASKUTIL
 
Error: (01/04/1980 08:37:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio EventSystem con argumentos ""
para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/04/1980 07:47:28 AM) (Source: Service Control Manager) (User: )
Description: El controlador de inicialización siguiente no se cargó correctamente: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
SASDIFSV
SASKUTIL
 
Error: (01/04/1980 01:39:42 AM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
Error: (01/04/1980 00:03:10 AM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
Error: (01/09/1980 07:53:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
Error: (01/08/1980 06:54:32 PM) (Source: Service Control Manager) (User: )
Description: El servicio wscsvc no pudo iniciarse debido al siguiente error: 
%%1083
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30586)
Adaptador de red LAN inalámbrica Broadcom 802.11 (Version: 4.170.25.12)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 8.1.2 - Español (Version: 8.1.2)
Adobe Shockwave Player (Version: 11.0.0.429)
Ares 2.2.4 (Version: 2.2.4-Build#3048)
Ask Toolbar (Version: 12.10.2.3530)
avast! Free Antivirus (Version: 9.0.2013)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.04)
CCleaner (Version: 3.27)
DAMN NFO Viewer Setup (Version: 2.10)
ESET Online Scanner v3
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.5)
HashTab 2.0.8 (Version: 2.0.8)
HijackThis 2.0.2 (Version: 2.0.2)
Java™ 6 Update 6 (Version: 1.6.0.60)
K-Lite Codec Pack 3.9.0 Standard (Version: 3.9.0)
Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - esn (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
Skype™ 6.3 (Version: 6.3.105)
SoundMAX (Version: 5.10.01.5210)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.7.1018)
Synaptics Pointing Device Driver (Version: 10.0.13.2)
TaskSwitchXP (Version: 2.0.11)
UnHackMe 7.10 release
Unity Web Player (Version: )
VLC media player 2.0.5 (Version: 2.0.5)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Messenger (Version: 8.5.1302.1018)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
XML Paper Specification Shared Components Language Pack 1.0
XPize Darkside 2.1 (Version: 2.1)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 1015.36 MB
Available physical RAM: 517.9 MB
Total Pagefile: 2440.93 MB
Available Pagefile: 1913.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.71 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:29.29 GB) (Free:18.61 GB) NTFS
2 Drive d: () (Fixed) (Total:24.41 GB) (Free:22.33 GB) NTFS
 
========================= Users: ========================================
 
Cuentas de usuario de \\fouad
 
Administrador            Asistente de ayuda       ASPNET                   
Invitado                 SUPPORT_388945a0         
Se ha completado el comando correctamente.
 
 
**** End of log ****
 
Rkill
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-1980 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/05/1980 05:08:14 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * Your %Temp% folder is set to C:\Windows\Temp, which can be dangerous. Skipping termination for this folder.
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
Checking Windows Service Integrity: 
 
 * wscsvc (wscsvc) is not Running.
   Startup Type set to: Automatic
 
 * Alerter [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\mshtml.dll : 3.591.680 : 05/11/2008 07:54 PM : 38ff5050d7bc47f344ae271b6c250201 [NoSig]
 
 * C:\WINDOWS\System32\mspmsnsv.dll : 27.136 : 05/11/2008 07:28 PM : c51b4a5c05a5475708e3c81c7765b71d [NoSig]
 
 * C:\WINDOWS\System32\setupapi.dll : 1.436.672 : 04/14/2008 06:48 AM : b31e39edf8b9926ff013bb85c1ddbad2 [NoSig]
 +-> C:\WINDOWS\XPize Darkside\Backup\setupapi.dll : 1.000.960 : 04/14/2008 06:48 AM : 7fbd75db6aeb0768c41299da7034c249 [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll : 220.160 : 05/11/2008 07:29 PM : 60ec27b523f189f955af4819cc392914 [NoSig]
 
 * C:\WINDOWS\System32\wininet.dll : 826.368 : 05/11/2008 07:54 PM : 39e5aa52b667bdd18690336e7e410eaf [NoSig]
 
 * C:\WINDOWS\explorer.exe : 1.698.816 : 04/14/2008 06:48 AM : c6c729770d9c3a0ad4d2d28788e71684 [NoSig]
 +-> C:\WINDOWS\XPize Darkside\Backup\explorer.exe : 1.036.288 : 04/14/2008 06:48 AM : 7522f548a84abad8fa516de5ab3931ef [Pos Repl]
 
 * C:\WINDOWS\System32\Drivers\tcpip.sys : 361.344 : 05/11/2008 07:29 PM : c2bdea3b5e025fadb79fd3deb23b8f53 [NoSig]
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 01/05/1980 05:08:58 AM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
 
AdwCleaner
 

# AdwCleaner v3.019 - Reporte Creado 05/01/1980 en 05:17:04
# Actualizado 17/02/2014 por Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nombre de usuario : Administrador - fouad
# Ejecutado desde : C:\Documents and Settings\Administrador\Escritorio\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v7.0.6000.16640
 
 
-\\ Google Chrome v32.0.1700.107
 
[ Archivo : C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1978 octets] - [08/01/1980 17:20:10]
AdwCleaner[R1].txt - [2038 octets] - [08/01/1980 17:45:52]
AdwCleaner[R2].txt - [1150 octets] - [05/01/1980 05:12:31]
AdwCleaner[S0].txt - [2047 octets] - [08/01/1980 17:48:08]
AdwCleaner[S1].txt - [1066 octets] - [05/01/1980 05:17:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1126 octets] ##########
 
MBAM
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versión de la Base de Datos: v2014.02.16.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrador :: fouad [administrador]
 
05/01/1980 5:25:05
mbam-log-1980-01-05 (05-25-05).txt
 
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 202938
Tiempo transcurrido: 7 minuto(s), 26 segundo(s)
 
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
 
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
 
fin)
 

Thank you!



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:30 AM

Posted 17 February 2014 - 04:49 PM

Please update Java to Version7 Update51

Uninstall all old versions from Add / Remove in Control Panel
 

NOTE :Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Go - Start > Programs > Accessories > System Tools > Disk Defragmenter > Defragment.

Note that this will take quite a while to finish -

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions (only post the link)

 

You have many other programs that need updating -

 

Check Windows Updates -



#7 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 18 February 2014 - 07:29 PM

I have update Java and defragmented the disk. At the end of this process it said some files couldn't be defragmented.

 

I can't update windows as the copy installed on this computer is not legit.

 

Here is the Speccy snapshot: http://speccy.piriform.com/results/R6C1I2KrzUPmISx8pnGX2eR

 

I still get the message on Google Chrome.

 

Thank you.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:30 AM

Posted 18 February 2014 - 08:06 PM

I do not work on computers unless they are legal -

the copy installed on this computer is not legit.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 18 February 2014 - 09:03 PM

The 3 malware findings above are backdoor malware and a worm that infects any drive or email.

VBS:Malware-Gen
Win32:Malware-gen


 

Rootkits component and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?"
"Where to draw the line? When to recommend a format and reinstall?"
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 19 February 2014 - 05:14 PM

Thanks for your recommendations boopme.

 

If the malware has been removed, why do I keep getting that message on Google Chrome? Is re-formatting the ultimate solution in this case?

 

Thanks again.


 

I do not work on computers unless they are legal -

the copy installed on this computer is not legit.

 

Thanks for your remark, however this computer is not being used for illegal purposes and I would much appreciate you continuing the help process.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 19 February 2014 - 08:35 PM

Yes, the best course of action is to wipe the drive clean, reformat and reinstall the OS. That is the only guarantee of security.
Sorry, I don't care to post that but it is the honest answer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 billyn4

billyn4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 21 February 2014 - 07:29 PM

Yes, the best course of action is to wipe the drive clean, reformat and reinstall the OS. That is the only guarantee of security.
Sorry, I don't care to post that but it is the honest answer.

I have just finished formatting this computer and reinstalling the OS, however I still get the SSl error on google chrome, but not also on internet explorer.

 

What else could I do? Please help me as this is starting to become quite desperate. 

 

 

Thank you very much.



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 22 February 2014 - 09:16 PM

Best option is to post a DDS log and get a deeper look.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.

Include this link back to this topic.
http://www.bleepingcomputer.com/forums/t/524509/cannot-conect-to-the-real-googlecom-website/#entry3295418
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 larryhyman

larryhyman

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 23 February 2014 - 10:24 AM

Did you check your system clock?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:30 PM

Posted 23 February 2014 - 03:51 PM

New topic
http://www.bleepingcomputer.com/forums/u/878201/billyn4/


Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users