Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Certain Website Do not Open

This is a discussion on Certain Website Do not Open within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I have asked in a browser thread about this issue, and I have been referred over here for more


 
 
Thread Tools Search this Thread
Old 03-09-2016, 01:50 AM   #1
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Hello,

I have asked in a browser thread about this issue, and I have been referred over here for more help. We have checked host files, cleaned cookies and whatnot. Sadly, none of these measures helped resolve the issue of certain websites not opening or complete loading. The main website belongs to World of Tanks MMO game and its sub pages. It has also come to my attention that internet speed websites do not open as well.

The original thread is: https://www.techsupportforum.com/foru...y-1099929.html

In the original thread there is a copy of my hosts file. There is also a specific copy from ESET's log file, which prompted the admin to ask me to check with you. Otherwise, I am attaching the DDS files with this post.

Thank you for your time.
Attached Files
File Type: txt dds.txt (17.6 KB, 23 views)
File Type: txt attach.txt (5.2 KB, 13 views)
ekawalaski is offline  
Sponsored Links
Advertisement
 
Old 03-10-2016, 12:27 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, If you're ready let's get started, shall we?

Did you set this proxy yourself?
Quote:
uProxyServer = localhost:8080
__________________
tekir06 is offline  
Old 03-10-2016, 12:48 AM   #3
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Hello, Tolga,

I did not set up the proxy. I use ESET Smart Security, which comes with its own firewall. I also use Spybot Search & Destroy to immunize my web browsers. Either one of those two may have done it.
ekawalaski is offline  
Sponsored Links
Advertisement
 
Old 03-10-2016, 01:03 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

Ok. Thanks for the info. Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 03-10-2016, 01:41 AM   #5
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



# AdwCleaner v5.101 - Logfile created 10/03/2016 at 04:30:37
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Boogster - WHITE-HOUSE
# Running from : C:\Users\Boogster\Downloads\programs\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [718 bytes] - [10/03/2016 04:30:37]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [819 bytes] - [10/03/2016 04:28:57]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [902 bytes] ##########
Attached Files
File Type: txt FRST.txt (59.6 KB, 14 views)
File Type: txt Addition.txt (31.9 KB, 17 views)
ekawalaski is offline  
Old 03-10-2016, 04:31 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features

========================================================

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
ProxyServer: [S-1-5-21-177676234-1493093105-2100487672-1000] => localhost:8080
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
RemoveProxy:
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 03-10-2016, 05:41 AM   #7
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Boogster (2016-03-10 08:36:32) Run:1
Running from C:\Users\Boogster\Desktop
Loaded Profiles: Boogster (Available Profiles: Boogster)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
ProxyServer: [S-1-5-21-177676234-1493093105-2100487672-1000] => localhost:8080
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
RemoveProxy:
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-21-177676234-1493093105-2100487672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-177676234-1493093105-2100487672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-177676234-1493093105-2100487672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 4.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:37:52 ====
ekawalaski is offline  
Old 03-10-2016, 06:51 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

How is the machine behaving now? What problems do you still have?

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
__________________
tekir06 is offline  
Old 03-10-2016, 07:15 AM   #9
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Hello Tolga,

I first want to thank you for your time and help. I have checked a few of the websites that did not open before, and now they open just fine. I am now able to open World of Tanks on both NA and EU normally. I am also able to view and run internet speed test on Ookla website.

What seem to be the issue though? Was it actually a virus? ESET Smart Security reported that it had stopped an invasion, so could that be only a residue? I take pride in my cyber security in my household. I do make sure that everything is protected with genuine and original products. As such, we have not been at direct risk or had issues before.. Thank you very much.

I am attaching the files you have asked for.
Attached Files
File Type: txt Addition.txt (32.0 KB, 15 views)
File Type: txt FRST.txt (59.0 KB, 14 views)
ekawalaski is offline  
Old 03-10-2016, 02:30 PM   #10
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Do you see anything in the logs why nvidia driver is crashing my computer?
ekawalaski is offline  
Old 03-10-2016, 10:57 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

I'm glad to hear that. The problem stemmed from the proxy setting. We fix it. Some malware can change the proxy settings. I did not see anything suspicious in the your reports will set the proxy setting. But we'll check.

Quote:
Do you see anything in the logs why nvidia driver is crashing my computer?
If you look under the title of the event log errors (Addition.txt) for NVIDIA you can see three errors. But I don't know if this will cause a crash errors. I'm no expert this issue.

==========================================================

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 03-11-2016, 01:18 AM   #12
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Scan was performed. No threats were detected, and as such no fix was required and no restarts. Log file is attached here.
Attached Files
File Type: txt MBAM-log.txt (1.0 KB, 16 views)
ekawalaski is offline  
Old 03-11-2016, 01:54 AM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Thanks fo the log. Please do the following.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 03-11-2016, 03:44 PM   #14
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



C:\Users\Boogster\Documents\Vuze Downloads\Cities Skylines [RePack]\Setup.exe Win32/Adware.Adverttraff.A application
ekawalaski is offline  
Old 03-14-2016, 01:44 AM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski. Sorry for delay.

Please copy all text in the code box below and paste it into Notepad:

Quote:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Boogster\Documents\Vuze Downloads\Cities Skylines [RePack]\Setup.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
save the Notepad file to your desktop and name it delfiles.bat
save type as "All Files"
on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

Please tell me what it says in your next reply.

========================================================
__________________
tekir06 is offline  
Old 03-14-2016, 08:27 AM   #16
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



Deleted Successfully !!
Press any key to continue...
ekawalaski is offline  
Old 03-14-2016, 05:44 PM   #17
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7



I have repeated the ESET online scanner step. No threat was found..
ekawalaski is offline  
Old 03-15-2016, 12:29 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

Ok. İt's good.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop


    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 03-15-2016, 03:31 AM   #19
Registered Member
 
ekawalaski's Avatar
 
Join Date: May 2012
Posts: 42
OS: Windows 7


Thumbs Up

Tolga,

Thank you so very much for all your help. My browser is not having any issues. The websites are opening as intended.

I already run WOT and AdBlock Plus. I check for Microsoft updates almost daily, but manually as automatic update check gets in the way of my gaming.

Thanks again. You've been awesome.
ekawalaski is offline  
Old 03-15-2016, 06:19 AM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ekawalaski,

You're welcome! Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
eword files cannot be open
my word files cannot be open. when i try to open it says: This error message can appear if the document you are attempting to open is corrupt. It is possible to recover a corrupt file or its content by using either the Recover Text converter (may require installation) or the Open and Repair...
roslina Microsoft Office support 1 07-20-2011 09:15 AM
Netgear FVX538 Firewall
Hi All, I am a newly joined to these forum, hopefully this is the correct section to post my inquiry. could anyone help me secure my network. we are running windows server 2003. the services installed are exchange 2003, AD, DNS, and our antivirus is Escan. When i am blocking some ports...
pdelcast Networking Support 3 02-07-2011 04:34 PM
Cannot access our own website or emails
Hi I came on here a few weeks ago with a related posting (see thread here: https://www.techsupportforum.com/forums/f31/solved-internet-phone-network-issues-542784.html). Very shortly after we thought it was (SOLVED), the issue is now very much (UNSOLVED)! We are now losing business due to...
truffle32 Networking Support 9 01-28-2011 07:06 AM
Lush website hack 'exposes credit card details'
Luxury cosmetics firm Lush has ditched its UK website in response to a sustained hacking attack which left users vulnerable to credit card fraud. The firm warns that credit card details submitted to the Lush.co.uk site between 4 October and 20 January may have been compromised by the assault by...
sjb007 Computer Security News 0 01-21-2011 10:59 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:18 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts