[Resolved K] WINDOWS 7 OS FIREWALL WILL NOT TURN ON SEARCHES REDIRECTED

[kevinf80]

Thanks for the logs and update, continue as follows :-

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
  
• Doubleclick on to run the application.
  
  
• The "Ready to scan" window will open, Click on "Change parameters" 
  
  
  
  
  
  
• Place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
   
  
  
  
  
  
  
• Select "Start Scan"

• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Kevin

[sshiple2]

No reboot was required..1 suspicious object found; I skipped.

File is zipped and attached; was far too large to cut up.

[kevinf80]

Are the re-directs specific to one browser?

[sshiple2]

The redirects were specific to mozilla firefox mostly.. I cannot remember if internet explorer did the same (I think it might have).
However, I just did some extensive browsing-first explorer; then firefox. I encountered NOTHING. Everything seems to be working fine after all you have had me do. There definitely has been a change on my system since we started. I can tell it.
 
Does it look to you like everything is gone?

[kevinf80]

The latest logs are clean, you did say there were still redirects; that was the reason I asked for TDSSKiller to be run. The file flagged as suspicious returned clean when I had the MD5 checked.

The system looks good to me, but I have to listen to what you say.....

Run final scan with ESET, if this is good we`ll clean up tools and set you free. Be aware this scan is very thorough so can take several hours to complete. It is well worth the time and effort..

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Kevin

[sshiple2]

Very interesting...

C:\_OTL\MovedFiles\04252012_010735\C_ProgramData\YouTube Downloader\ytd_installer.exe   Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\04252012_010735\C_Users\Shipley\Downloads\YouTubeDownloaderSetup34.exe   a variant of Win32/Toolbar.Widgi application

[sshiple2]

btw a defrag was run weds morning the 25th at 0700 hrs
Didnt know if that helps you

[kevinf80]

Those files listed by ESET were moved by OTL and are already quarantined, nothing to worry us there. How is your system responding, any remaining issues?

[sshiple2]

Okay, everything seems to be running just fine. I haven't run into any more issues at all actually!

[kevinf80]

OK, if all OK we can clean up, do the following:

Step 1

Remove Combofix now that we're done with it

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Remove ESET online scanner:

• Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  
• Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.
  

Step 3

• Download OTC by OldTimer and save it to your desktop. Alternative mirror
  
• Double click icon to start the program.
  If you are using Vista or Windows 7, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
• This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Step 4

Go here http://www.filehippo.com/updatechecker/ and run the Fileippo Update Checker, update all applications as suggested by the Checker, ignore any suggested Beta updates.

Step 5

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
• If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin

[sshiple2]

Everything seems to be ok. ComboFix was already gone, as is everything else now. The hippo and tfc remain on my desktop 
I like them alot!
Eutopia has been found.

[kevinf80]

That is good news, if no more issues just one last task to complete:

Create a new restore point:

   1. Right-click on Computer and go to Properties.
   2. Next click on the System Protection link.
   3. The System Properties dialog screen opens up and you will want to click on Create.
   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
   5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

   1.      Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
   2.      If prompted, select the drive that you want to clean up, and then click OK.
   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
   4.      If prompted, select the drive that you want to clean up, and then click OK.
   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
   6.      In the Disk Cleanup dialog box, click Delete.
   7.      Click Delete Files, and then click OK. Re-Boot your PC.

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol  This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
 
Firefox,

Opera, and

Chrome.
 
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when its OK to close out your thread,

Take care,

Kevin

[sshiple2]

Thanks alot Kevin!

I really appreciate it.

You may close the thread now.

Keep up the good work,

Seth

[kevinf80]

Since this issue appears to be resolved the topic has been closed. Glad we could help. 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.