Okay, darn it. I’ve been hoping to find something that could help me easily get rid of this annoying problem, but haven’t yet found anything precisely right, so I guess I’ll scream for help.
I keep getting a redirect, almost always when I try to visit reuters.com (once it was another site, and only once so far), that tells me I need to update my flash player. It’s an obvious malware page, with a different url every few days (it’ll be something like premiumfreeupdate.com or something similar). MBAM, Avast!, and JRT find nothing, but adwcleaner finds and removes the same things every time, a few browser extensions and one registry key.
Once adwcleaner runs, I usually run for a couple of days, then it pops up again. I’m a bit of a newshound, so I check reuters regularly.
I’d attach the last adwcleaner log, but can’t find them. Which should tell you how little I know about all this.
Hi there, do you use a router ? If so do any other computers using it experience the same problems
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
We do have a router. The other machines on the network have not experienced the redirect, although my wife’s machine did have a PUP problem a couple of months ago that seems to have been resolved by MBAM.
Two comments:
The items removed by AdwCleaner are the same items it has removed in previous runs.
About half an hour after running the initial set of scans, I had a blue screen error. Said something about detecting a system modification before it auto-restarted.
Hmm time for a bigger hammer. Are you still getting the popups ?
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
Two reboots since running combofix. Google and avast forum still inaccessible through IE. Nothing in restricted sites list. Can access other AV sites like mcafee and trendmicro (tried that just out of curiosity).
As it stands, it appears that the avast forum, Facebook, and google are the only sites I can’t open. The first two were those I’ve had open today for the most part. Google is my default IE search engine.
Okay, been doing a bit more playing around. Turns out it’s any site that defaults to https. Google, FB, and this forum all do so, and I’ve now tried a couple of bank sites that do the same, and I’m blocked. Would combofix mess with IE security settings?
Been doing even a bit more playing around. Found this page http://support.microsoft.com/kb/972034 and ran the “fix it” program to reset the Hosts file back to default. It seems to have done the trick.
Now tell me whether or not I should have done that!
Where that leaves me for the original problem, I don’t know.
Yes, resetting the host file cured the IE problem. I was able to access secure sites (like this one) in IE right up to running combofix, could not access this forum upon reboot from combofix. Once I realized it was all secure sites I couldn’t access, found the fix and ran it, I was immediately able to access them again after restarting IE. Obviously I have no idea what happened there, but I guarantee the event sequence is correct and there were no confounding variables (at least nothing I did).
The original problem always appeared every couple of days. Let’s call it tentative at this point. If I don’t see it again today or tomorrow (or if I do), I’ll come back and repost to this thread to continue the process or call it solved.
Thanks very much yet again. Would you be willing, by the way, to have a glance at my wife’s computer (she doesn’t use Avast for some reason I’m not precisely sure of) to make sure her PUP problem is cleaned up?
The popup has occurred on www.reuters.com every time but one, and the one was perhaps a month ago. So far no repeat performances.
New information on the IE problem: my wife experienced the same problem, inability to access secure sites in IE. She noticed the problem yesterday afternoon a bit after 3 pm CDT. I downloaded combofix at 2:46 pm CDT and ran it immediately.
So did combofix anger a malware program that may perhaps reside partially in the router? Or is it entirely unrelated? There were no warnings indicating any kind of update yesterday.
