1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Redirect, Gmail, and Blogger problems

Discussion in 'Virus & Other Malware Removal' started by mb123, Jan 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    Hello there, I'm having some issues with my internet and I just might punch someone (ok, kidding :cool:). I had a trojan infect my laptop a few weeks ago, and malwarebytes took care of that, but I am still having this problem (been like 2 weeks?) with the google redirecting, gmail not opening at all, and blogger not opening at all. Very annoying (error: The connection to www.google.com was interrupted while the page was loading).

    I've tried AVG, McAfee (my normal security I use), Malwarebytes, and Hitman Pro.

    I did everything that was requested, and those are attached, but I'm thinking the GMER didn't do as it was supposed to (it errored after scanning for about 25 minutes saying "GMER hasn't found any system modification) I included an empty ark.txt file just for the fun of it (y).

    Let me know what I need to to fix the GMER, and then I would really appreciate any help! I know you all do this by volunteering, and that's awesome, I will be so thankful if I can just.get.this.thing.to.go.AWAY! Have a good evening, and look forward to hearing from you!
     

    Attached Files:

  2. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    Bump.
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Did you recently uninstall McAfee?
     
  4. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    Yes, McAfee is my normal security software I use, but I uninstalled it to try AVG to get rid of this virus - AVG wouldn't let me install unless my other security software was uninstalled.
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya mb123

    You have remnants of McAfee still installed, also your Hosts file appears to be infected, as follows please :-

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      C:\Windows\System32\drivers\mfeavfk.sys
      C:\Windows\System32\drivers\mferkdk.sys
      C:\Windows\System32\drivers\mfesmfk.sys
      :Services
      mfeavfk
      mferkdk
      mfesmfk
      :Commands
      [EmptyFlash]
      [Purity]
      [EmptyTemp]
      [ResetHosts]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM

    Post the log from OTM, let me know if the re-directs have stopped.

    Kevin
     
  6. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    I just might fly over to wherever you are and give you a big ole hug. Seriously, just made my day. I see my gmail and tried several google searches that I know redirected me in the past, and no redirecting! I did see that firefox blocked a redirect when I went to blogger, not sure what that was about, but it blocked it so I guess that's good.

    My OTM blurb:

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Melissa\Desktop\cmd.bat deleted successfully.
    C:\Users\Melissa\Desktop\cmd.txt deleted successfully.
    File/Folder C:\Windows\System32\drivers\mfeavfk.sys not found.
    File/Folder C:\Windows\System32\drivers\mferkdk.sys not found.
    File/Folder C:\Windows\System32\drivers\mfesmfk.sys not found.
    ========== SERVICES/DRIVERS ==========
    Service mfeavfk stopped successfully!
    Service mfeavfk deleted successfully!
    Service mferkdk stopped successfully!
    Service mferkdk deleted successfully!
    Service mfesmfk stopped successfully!
    Service mfesmfk deleted successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Melissa
    ->Temp folder emptied: 8067920 bytes
    ->Temporary Internet Files folder emptied: 253585521 bytes
    ->Java cache emptied: 2397065 bytes
    ->FireFox cache emptied: 45303082 bytes
    ->Flash cache emptied: 2705 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 35163 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
    RecycleBin emptied: 9538222 bytes

    Total Files Cleaned = 304.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.17.2 log created on 01222011_091039

    Files moved on Reboot...
    C:\Users\Melissa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\XPC.mfl moved successfully.
    C:\Users\Melissa\AppData\Local\Mozilla\Firefox\Profiles\fjsehxfd.default\XUL.mfl moved successfully.

    Registry entries deleted on Reboot...
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    All hugs are accepted, you just fly to the UK and lay them on me...

    • Re-open Malwarebytes and check for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post the log from Malwarebytes quick scan, also let me know if there are any remaining issues.

    Kevin
     
  8. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    I guess there wasn't any results to show, or remove...I didn't see any anyways.

    As for remaining issues, I think I just might be cured!!

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5570

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/22/2011 9:34:32 AM
    mbam-log-2011-01-22 (09-34-32).txt

    Scan type: Quick scan
    Objects scanned: 166469
    Time elapsed: 2 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, just surf about and use as normal for a couple of hours or so, if all is OK come and let me know. You can mark thread as solved once you are confident your system is responding normally,

    Kevin
     
  10. mb123

    mb123 Thread Starter

    Joined:
    Jan 18, 2011
    Messages:
    6
    Kevin,

    Looks like I'm good to go, thank you SOOO much for your help. I really appreciate it. You guys are awesome.

    I'll marked this solved :D

    Thanks again,

    Melissa
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Melissa,

    Good to hear all is ok, one last task for you. Re-open OTM and hit the Clean up tab, follow the prompts and re-boot if requested. It will remove tools we may have used, also itself.

    Take care,

    Kevin
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975509

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice