Fake Antivirus Pop-Ups,Browser Redirected

[ken545]

It didn't take, this way will


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_01)
  
  
  :Services
  
  :Reg
  
  :Files
  
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[ru4real]

I ran the fix in OTL and after about a minute a window popped up saying "cannot create file c:/windows/system32/drivers/etc/Hosts". I clicked OK and nothing happened. At the bottom of OTL, under the green progress bar, it says "resetting HOSTS file. do not interrupt....." but nothing is happening. It has been that way for about 10 min.

[ken545]

Your hosts file is infected, has OTL fixed it yet ?

[ru4real]

No, it doesn't look like it. OTL stills says file is being fixed, but nothing has happened for at least an hour.

[ken545]

If OTL is still running than press Ctrl. Alt. Del and go to Task Manager and look for OTL and End Task


Then try this program to reset the hosts file

Download the HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper left corner.
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

[ken545]

How are you coming along ?

[ru4real]

I downloaded the new file and tried to run it but got an error message which said "error: cannot create file c:/windows/system32/drivers/etc/hosts". I clicked the OK button and the program completely closed down.

[ken545]

OK, lets do this, make sure you still have HostXpert on your desktop.

1. Please download OTM by OldTimer and save it to your desktop.
2. Double click the icon on your desktop.
3. Paste the following code under the area.
   Do not include the word "Code".
   
   
   Code:

   :Processes
   explorer.exe
   
   :Services
   
   :Reg
   
   :Files
   c:\windows\system32\drivers\etc\hosts
   
   
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot]

4. Push the large button.
5. OTM may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now run HostsXpert


Restore Microsoft's Hosts file <-- You will get a message stating that there is no hosts file available do you want to create one SAY YES

[ru4real]

Yeah!!! Looks liked it worked. Here is the log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. c:\windows\system32\drivers\etc\hosts scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.Johnson-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janice Child
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5760252 bytes
->Java cache emptied: 14639772 bytes
->FireFox cache emptied: 137121685 bytes
->Flash cache emptied: 1746 bytes

User: Public

User: Riley

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2119 bytes

Total Files Cleaned = 150.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 01212011_150653

Files moved on Reboot...
File move failed. c:\windows\system32\drivers\etc\hosts scheduled to be moved on reboot.
File C:\Windows\temp\klsE127.tmp not found!

Registry entries deleted on Reboot...

[ru4real]

When I ran hostsXpert I got the same error as I did before...."error: cannot create file c:/windows/system32/drivers/etc/hosts".