Browsers compromised

Viruses and worms
21

Bad Luck! >:(

Russian sites are back.

Internet Explored is compromised again in the third computer.

I will run the tests again.

22

Here they go.

Good night for all.

23

This is just in IE ?

24

Good morning.

I uninstalled Chrome from computer #3, after yesterday’s cleaning. All simptoms disapered for some time. But then both IE and Firefox were compromised again.

I’am using computer #1 and so far its browsers seem OK.

25

Ooops. Firefox has been compromised on computer #1 too. I used it for quite some time after yesterday’s removal processth with no problems at all. But it now infected too. :cry:

26

The problem may be in the router I feel

Could you reset the router… There should be a small hole at the back labelled reset. Use a biro to press and hold until the lights start flashing

27

I reset the router and ran IPCONFIG /flushdns on computer #1. The problem with firefox on computer # 1 persists.

28

OK that one may be the root cause. Could you run FRST on that one again please

29

I got a ERUNT access violation error when I first tried Farbar Recovery Scan. But then it worked OK. It happened yesterday too but I forgot to report.

I checked my router’s configuration and it uses a couple of DNS servers that belong to my Internet Provider (I checked through whois). My router’s DNS server is set through my Internet Provider’s DHCP server.

Here go Log files from computer #1.

30

One more thing. Now that computer #1 is compromised, when I try to load some pages I get error messages telling me I don’t have an Internet Conection at the moment. That may be a network problem or maybe something creepy. :-X

My Internet connection is usually very good.

31

I’ll be more specific about these page errors.

I have just got an error message while trying to access this forum’s very page in Firefox telling me “the authenticiy of the data received could not be verified”. Firefox tells me “that reporting forum.avast.com’s address and certificate will help it block malicious sites.” Firefox gives me the option to relate this kind of event automatically. That’s Creepy.

32

This is the one with McAfee which is sometimes a bit wayward with net connections

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-03] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-03] CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

33

That’s for computer #1 right?

34

Here goes the log file. :wink:

35

Are the redirects still evident ?

36

Computer #1 seems fine now.

Computer #3 is still infected. Should I try something on it or maybe should I wait and see if the situation is stable?

37

Nope lets look at 3 again :slight_smile: with FRST

38

There you have them.

Those log files are from computer #3.

39

OK lets run this and see what occurs :slight_smile:

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

40

Done!

Now computers # 1, 2 & 3 seem fine! :smiley: