Infected with malware

[ken545]

This is what you have
XP x64 is really a version of Server 2003, they share common code. This is not your usually home computer operating system. Most of our tools will not run on server 2003.

You have Firefox installed, you can use it to download programs we may need

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Double click to run.
*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.





Download the HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper left corner.
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then drag the set up copy of Malwarebytes to the trash and download a fresh copy and see if it will install and run

 

[nbarleen]

Windows Automatic updater installed 9 updates.

I did the flush.bat and the HostXpert.

MalwareBytes installed and updated just fine.

I ran the quick scan the log is posted below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5489

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

1/9/2011 3:37:02 PM
mbam-log-2011-01-09 (15-37-02).txt

Scan type: Quick scan
Objects scanned: 191018
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[ken545]

Great. Tell me what your experiencing now that may have you think your infected ?

 

[nbarleen]

My primary problem was that Windows updates wouldn't load, Antivirus updates wouldn't load and other programs in general would not update (Acrobat reader, Flash player). It seems as though that is working now.

The only thing that seems irregular to me, it may be perfectly fine, is when I check gmail (www.gmail.com) Firefox keeps loading stuff. I look at the bottom of the Firefox window and I get a constant stream of transferring data, waiting for, etc. that don't seem to be related to gmail. I don't know if that makes sense at all and it may simply be a gmail thing.

I appreciate your help so far.

Is there anything to do about the flags raised by ESET scanner? I think you noted that they were in the Java cache?

 

[ken545]

You can try this, it may be laid out a bit differently on your system but it should be there

1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.





See if you can run this program

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

 

[nbarleen]

I cleared the java cache according to the directions that you listed.

I was able to run Goored. Here is the log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:05 on 10/01/2011 (Nathan_2)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

H:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:19 16/04/2008]

H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\91hpr8m7.default\extensions\
moveplayer@movenetworks.com [16:02 05/04/2009]
{20a82645-c095-46ed-80e3-08825760534b} [19:45 04/07/2010]
{28197867-b1ef-4140-8e3b-55c45b9c8460} [19:29 05/01/2011]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [11:12 30/06/2010]

H:\Documents and Settings\Nathan_2\Application Data\Mozilla\Firefox\Profiles\o4qdcc3a.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:11 22/08/2009]
"jqs@sun.com"="H:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff" [04:54 11/01/2011]

-=E.O.F=-

 

[ken545]

Any better ?

 

[nbarleen]

I still see a lot of data moving when I go to my gmail.

gmail loads normally then Firefox acts like it is continually being refreshed. at the bottom of the window I see downloading from or waiting for and a rapid succession of random files. Most seem to be blogspot, flickr, wordpress, feedburner, or quantserve. I don't use any of those websites so I don't know why it would ever be downloading anything from there.

I only see those messages when I am on my gmail so I don't know if they are happening at other times as well or if it is specific to gmail.

 

[ken545]

The sites that are loading may just be putting tracking cookies on your system, you can try opening up Firefox and go to Tools. Privacy and remove them.

http://forums.mozillazine.org/viewforum.php?f=38
You can try posting here with help removing and blocking cookies, let me know how it went

Ken

 

[nbarleen]

I deleted all cookies in Firefox and also checked my Windows firewall.

There was an exception for google that I removed.

I don't have the file transfers when I check email now.

Everything seems to be updating as it should.

Things seem to be pretty much back to normal.

 

[ken545]

That's great, thanks for getting back to me and letting me know. Bookmark that Firefox forum and use it for any browser issues you may have in the future.


Open OTL and click on Cleanup and it will remove most of the tools we used to clean your system

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.