1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser stays white after rogue attack.

Discussion in 'Virus & Other Malware Removal' started by nlaska, Dec 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    What happened before the browsers wont work: 2 days ago a brandnew rogue antivirus (Antivirus Scan) slipped into my computer and went rampaging around showing fake virusses on my pc, made it unable for me to open my taskmnr, showing pop-ups and messed up my browsers saying that it would be "dangerous" to browse around. Took me a whole night to figure out how to get rid of the mallware... i downloaded mallwarebytes but it coudnt find the virus (it was outdated for 7 days and could not update) in the end i solved the problem by opening ccleaner in safe mode and disabled the autorun, searched back the pad, deleted the file and then after a update let mallwarebytes do the rest on a leftover registery key and file which was found.

    Problem: When i open my browser now (explorer9 32&64bit & firefox4 64bit) it wont get me anywere. It keeps loading and it stays blank. Strangly though, Songbird (who has a build-in firefox-like browser) and HP's own internet browser do work. Furthermore when i clicked the activationlink to use my account on this site firefox opened with a blank page yet when i tried again in the buildin browser off songbird it did sayd the account was already activated.

    I tried: -messing with the proxy, it was on auto detection but turned it to no proxy. (i dont have a server here)
    -reinstalling explorer and firefox and installed chrome to test if it was only with previous installed browsers. resetting browsers.
    -browsers are not set as work offline.

    I have a: HP DV6 3040us withMS Windows 7 Home Premium 64-bit

    I have no idea what else i could try, i hope its enough info, thanks in advance for helping. (even without a solution a reply to show this thread is been looked trough is well appreciated)
     
  2. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    I also tried to disable all add-ons but still all without success.

    And please read the thread before moving it to another section. The virus is old news, the issues lie with my browser that's why i put it in internet & networking the 1st place.
     
  3. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    good new year to you all. Thought i send another message since my problem is still not solved. I noticed the 2 browsers want to load a few links in an extreme long time. (10-30sec+ and the links are shown really broken, html text everywere, no background, links and text in a standard font etcetc)

    I would really appreciate it if someone could solve this problem.
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Hiya and welcome to Tech Support Guy :)

    Looks like this thread has been moved to Malware for some reason, so lets check fully on that side :)


    Can you firstly post the contents of the MBAM log. If you run the program, at the top select the Logs tab, then click on the log shown, and select Open. Then copy/paste the contents here.

    eddie
     
  5. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    Its in Dutch to bad, (tried changing language of Mallwarebytes to english but that doesnt changed the logs language,. was worth a try ;P) Not that it would make any difference i guess. To comfort the reading I translated some parts for you, i wrote those changes starting with "edit".

    P.S: arsggpjlajb.exe (Trojan.Dropper) which was in my bin back then used to be in my Temp files before i tracked it manually and deleted it. this tut. on bleepingcomputer.com i found a guide which discribes the rogue. I did not used Rkill that time since i did not know of the program that time (nor followed the removal guide).

    http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Thanks for editing it (y)

    Looking at the link you gave, did you manage to use RKill?

    Can you post a HijackThis log, so I can see what is there:

    Please go here to download HijackThis.
    • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
    • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
    • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
    • Save the log file to your desktop. Copy and paste the contents of the log in your post.
    Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary..


    eddie
     
  7. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    No i have not used Rkill at all. During the scan i only had Songbird opened (my browser atm).
    I tried to change as much as possible (like my start page) back to normal again as well after the quarantine of the infection.

     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Okay

    Re-run HijackThis and press Do a System Scan Only, and select this one in the list:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=94.211.135.196:80

    And then press Fix Checked

    Restart and see if that helps.

    eddie
     
  9. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    scanned, fixed, reboot but to bad wasnt the cause. HP webbrowser and Songbird still work fine, firefox and explorer (and most likely chrome, and maybe safari ecetc.) do not.

    But still thanks allot for taking time looking for my computer its problem. Hope you have more suggestions or ideas.
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Okay, lets look a bit deeper :)

    Firstly, do this:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Then, run this program:


    Please download DDS by sUBs to your desktop from one of the following locations:
    http://www.techsupportforum.com/sectools/sUBs/dds
    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt

    Save them both to your desktop and then proceed on to the next step.


    Copy and paste the contents of the DDS.txt file.
    Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions

    eddie
     
  11. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    -I downloaded and ran TFC.exe
    -rebooted
    -deinstalled MBAM so SUPERAntispyware woudnt get confused with possible quarantines or whatever
    -downloaded and scanned with SUPERAntispyware
    -and tried to download DDR.scr, but your 1st link brings me to the homepage, 2th i can download but when i open it, it opens an notepad with a huge list of only special characters and does not create any attach.txt files (seems i cannot "open with…" the .scr file either, computer sees it as an AutoCAD Script) and the 3th link goes to a webpage with the same sort text as the 2th one.

    How do I open .scr correctly which also gives me the ddr.txt and attach.txt?

     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Hmmm, lets see if this fixes the file associations:

    Download SREng
    • Extract it to Desktop and double click SREngLdr.EXE to run it
    • Select System Repair from the left pane.
    • Click on File Association
    • Select all entries that has an Error status click [Repair]
    • Refer to this image for an example:

      [​IMG]
    • Close SREng now.


    If not, try this program instead:

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    eddie
     
  13. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    Now i stupidly didnt tested my browsers after i ran the tfc.exe file or scanned with SUPERAntiSpyware. And when i ran SREng Comodo firewall popped up telling it was a virus or maybe PUP (assuming a false possitive) with the folowing link for more information. And Firefox opperated succesfully.

    http://cima.security.comodo.com/report/4974fc6996e5eb8148061633c64654b6fceaa984.htm

    Tested again on explorer and everything works well. What exactly the reason would be i dont know, temp file which was messing with my browsers? i cleaned all cookies ones before i ran Superantispyware.


    Anyway, thank you very kindly for helping me out. You have been a great help to me. On school i needed Explorer for a program which annoyingly only works with Explorer, so it was hard to use my laptop during those classes.

    So i wish you a great day further and good luck helping out others.
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,777
    Glad to see its all working again :)

    It may just be that your temp folders needed cleaning up. Just deleting cookies doesn't free up much space.

    Also, thanks for that link, it looks like a false positive as we use that tool a lot.

    I would suggest runnng TFC monthly, and also doing this:

    Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the follwing:
    • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply and OK


    Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
    • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
    • It should start straight away, but if you have to select a drive, click on the C-drive.
    • Let it run, and at the end it will give you some boxes to tick.
    • All are okay to enable, then press OK and then Yes to the question after.
    • It will close after its completed.


    It just keeps your system running a bit smoother as well :)

    eddie
     
  15. nlaska

    nlaska Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    9
    Went to take a last peek since with some sites after you hit the Solve button you cannot post or even access the thread anymore. well dont know if u ment HD space or if the pc has some Temp file space (not RAM is it?), but on the C drive there still is 300gb~ left, so HD space should not be of any problem.

    Thanks for the advice with the regular temp file cleaning, personally i use Ccleaner from http://www.piriform.com/ already, a freeware program which does basicly the same. Options to clean browser histories, recycle bin, registry keys were left after removing something, it also has a drive wipe since short, a function to enable/disable programs which start automatically when you start up your computer and etcetcetc... Those same people from piriform also made a program which gives you a whole system summary of your pc (with log and clipboard options, i sometimes use this tool since my laptop likes to go over 75-80°C when running something heavy) and some other tools. Program is popular, so i guess you knew about the program already. But if not i would like to put my two cents in the forum. :p

    [​IMG]

    (Resized the picture a little, but apparently the site does the same already)
    Anyway, i'm getting way off topic. Thanks again for helping, i wont forget this site and your generosity. cya.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser stays white
  1. Brigham
    Replies:
    1
    Views:
    447
  2. JimHebert
    Replies:
    9
    Views:
    823
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971370

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice