[Inactive] Virus/malware Gmail, Yahoo mail, Facebook --> "cannot display the webpage"

[jkramer578]

Hi,

When I try and go to these sites my browser gives a ""...cannot display the webpage" error. These sites were NOT working on IE, Mozilla, and Chrome, but since I ran your Prelim Malware Removal tools only IE has issues now. I have copied/pasted the 4 logs, which are requested.

Please advise.

Thanks.

 

[Bobbye]

While I'm checking the logs, do this:

Go to the Control Panel> Internet Options> Security tab> Highlight the Internet Zone> Customize> Set level to Medium> Click on Reset.

Then go to the Privacy tab> In the Settings section click on the Sites button> Make sure none of these sites have been blocked.

When you have finished that, please run the following:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.

Please paste this log into the next reply.
The logs you left previously were attached, not pasted.

Edit: I noticed a lot of timing out errors. Are you noticing any other delays with connections or problems with the ISP?

 

[jkramer578]

1. I tried to paste the logs, but I exceeded the max amount of space.
2. I definitely have some issues with my wireless router, especially when I am not very close.
3. ComboFix Log attached not pasted as "The text that you have entered is too long (26420 characters)"...

Thanks

 

[Bobbye]

"The text that you have entered is too long (26420 characters)"...

Next time, split the log.

Please run the Eset scan and give me the log.

 

[jkramer578]

Issues pasting log

Thanks.

I installed Eset and scanned my computer. Apologies, but the log is 37mb and it won't let me paste anything. Suggestions? Thanks.

 

[Bobbye]

You are suppose to just run the online scan! I have the entire Est Nod32 paid program installed and the program is only 11.76MB. The Active X Control puts the scan in your add-on. It doesn't install a full program. The Malwarebytes shows no malware. I don't think there is any way you could have so much malware that the log would be 37MB

This scan is not a 'download save to the desktop, double click on the setup to run. Please uninstall whatever you got and do a right cick> delete on the log.
=========================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[jkramer578]

I did the online scan the other day and did NOT uncheck "Remove found threats" nor unchecked the "Scan unwanted applications" options although issue is still happening in IE.

Here is the log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7e6f3c519238b74eac781ba6dfbf4537
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-31 02:26:08
# local_time=2010-07-31 09:26:08 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190958
# found=0
# cleaned=0
# scan_time=3876
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7e6f3c519238b74eac781ba6dfbf4537
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-01 11:03:42
# local_time=2010-08-01 06:03:42 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=192426
# found=0
# cleaned=0
# scan_time=3508

Thanks.

 

[Bobbye]

2. I definitely have some issues with my wireless router, especially when I am not very close.

This is not a malware problem. You will have to check the router and the connection setup.

Gmail, Yahoo mail, Facebook --> "...cannot display the webpage"

This does not appaear to be a malware problem. Either the sites or blocked or the servers are busy at the time you try to access the sites. If it continues, you will need to contact your ISP and ask if they have a Domain block on for these sites.

Custom CFScript[/B

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Please go into Add/Remove Programs in the Control Panel and uninstall all Java except v6u21.

Your system may be slow because you have so many processes loading on boot. They will then run in the background. This will eventually slow you down> if long enough, the system will crash if it uses all the available RAM.

Have you tried accessing any of those sites recently? Results?

 

[Broni]

Message from Bobbye:

Due to family matters that require my time and efforts, I am unable to continue helping with malware cleaning at this time. If and when these matters are resolved, I will return to the board.

Since the only other helper in the Virus and Malware forum is Broni, I will ask him to pickup the open threads I have going, if and when he can.

=========================================================================

You're all mine now