Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92370 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Google Redirect/Invalid Security Certificate


  • This topic is locked This topic is locked
39 replies to this topic

#16 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 26 November 2009 - 12:54 AM

Formatting is a fresh install of your operating system - overwriting all data and programs.

I'm not sure if the malware caused it or not - running a Combofix script not written for your machine can't have helped the situation though, unfortunately.

Please try the program from the following link, typing in your product code as required etc.

http://www.microsoft...?displaylang=en
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

    Advertisements

Register to Remove


#17 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 26 November 2009 - 08:20 PM

It keeps saying my product key is invalid. I put the product key that is on my computer tower in the program and it said it is invalid. But when I look at the microsoft diagnostic tool, the product key they have doesn't match whats found on my computer.

#18 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 28 November 2009 - 08:25 AM

Hi,

Raktor is away for a few days and has asked if I would assist you with this:

Please visit this Microsoft site:

http://support.micro....com/kb/328874/

follow the steps to remove the invalid key and replace it with your valid key

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#19 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 28 November 2009 - 11:08 PM

I performed the steps in that article and it still said the product key is invalid

#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 28 November 2009 - 11:12 PM

I think at this point, your best bet is to contact Microsoft directly and see if they can resolve this issue for you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 02 December 2009 - 11:40 AM

I was told to get the recovery disks for my computer and reninstall windows that came with my computer using the recovery disks. When I get them, what do I do to get the stuff I have already on my computer. Right now I have office and windows professional. Do I have to uninstall those first before using the recovery disks? I know my computer is still infected so I will post here again when I get windows xp genuine again. Just wondering what I should do to get ready to recover my computer back to factory settings and get this counterfeit copy of windows professional and office off my computer (took it to a computer shop and they installed this on my computer). Thanks for your continued assistance.

#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 02 December 2009 - 05:27 PM

As long as you have your MS Office installation disks you don't need to uninstall anything. Backup your important documents, pictures and music to an external hard drive.

We have an excellent tutorial on how to reformat here

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 04 December 2009 - 01:19 PM

Ok, I just installed windows xp again and I am starting out fresh with factory settings and ready to make sure my computer is clean. What are the next steps to take. Thanks.

#24 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 December 2009 - 02:29 PM

Did you do a reformat and reinstall? If so, then you shouldn't have any remaining infection. Have you loaded any programs and such from backups? Do you have antivirus and antispyware installed? Please download and post a fresh DDS log and Attach.txt and advise if there are any issues with your machine still or if you are looking for recommendations for programs to assist in protecting your computer in the future.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#25 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 05 December 2009 - 03:22 PM

I just used the disks and did a fresh reinstall of windows. Not sure about the reformat part. I have dowloaded antivirus program and about to dowload malwarebytes, superantispyware, and spybot. What is a DDS log?

    Advertisements

Register to Remove


#26 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 05 December 2009 - 03:31 PM

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#27 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 05 December 2009 - 04:10 PM

DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 17:09:13.07 on Sat 12/05/2009 Internet Explorer: 6.0.2800.1106 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.227 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\udsi.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://srch-qus8.hpwis.com/ uDefault_Page_URL = hxxp://qus8.hpwis.com/ uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/ uSearch Bar = hxxp://srch-qus8.hpwis.com/ mDefault_Page_URL = hxxp://qus8.hpwis.com/ mDefault_Search_URL = hxxp://srch-qus8.hpwis.com/ mSearch Page = hxxp://srch-qus8.hpwis.com/ mStart Page = hxxp://qus8.hpwis.com/ mSearch Bar = hxxp://srch-qus8.hpwis.com/ uInternet Settings,ProxyOverride = localhost BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [KYE_UDSI] "c:\program files\usb storage rw\udsi.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [PS2] c:\windows\system32\ps2.exe mRun: [BCNT] c:\progra~1\aws\weathe~1\BCNT.EXE mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll LSP: SpSubLSP.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260047669765 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2xtuljrz.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-12-4 22360] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-12-4 45416] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-4 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-4 185089] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408] S2 mrtRate;mrtRate; [x] =============== Created Last 30 ================ 2009-12-05 21:52:26 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-05 21:52:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-12-05 21:36:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-12-05 21:36:46 0 d-----w- c:\program files\SUPERAntiSpyware 2009-12-05 21:36:46 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com 2009-12-05 21:32:53 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-05 21:31:22 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2009-12-05 21:31:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-05 21:31:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-05 21:31:11 18520 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-05 21:31:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-05 21:16:06 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2009-12-05 21:16:05 217816 ----a-w- c:\windows\system32\wuaucpl.cpl 2009-12-05 21:16:05 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2009-12-05 21:16:05 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2009-12-05 21:16:03 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2009-12-04 21:09:21 178 ----a-w- c:\windows\system\hpsysdrv.DAT 2009-12-04 21:08:10 13952 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-12-04 21:08:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-12-04 21:08:07 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-12-04 21:08:04 5888 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-12-04 21:08:03 77440 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-12-04 21:08:02 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys 2009-12-04 21:08:01 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-12-04 21:08:01 142208 ----a-w- c:\windows\system32\drivers\aec.sys 2009-12-04 21:07:59 2816 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-12-04 21:07:59 159360 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-12-04 21:07:58 56832 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-12-04 21:07:40 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-12-04 21:07:40 55680 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-12-04 21:07:40 50560 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-12-04 21:07:37 57856 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-12-04 21:07:37 134272 ----a-w- c:\windows\system32\drivers\portcls.sys 2009-12-04 21:01:04 348195 -c--a-w- c:\windows\system32\dllcache\msjetol1.dll 2009-12-04 21:00:59 81920 -c--a-w- c:\windows\system32\dllcache\msado26.tlb 2009-12-04 20:57:54 8192 -c--a-w- c:\windows\system32\dllcache\cidaemon.exe 2009-12-04 20:54:18 0 d-----r- c:\windows\Offline Web Pages 2009-12-04 20:22:10 0 d-----r- c:\documents and settings\all users\Documents 2009-12-04 20:21:58 5120 -c--a-w- c:\windows\system32\dllcache\winnls.dll 2009-12-04 20:20:58 92672 -c--a-w- c:\windows\system32\dllcache\oeimport.dll 2009-12-04 20:19:55 0 d-----w- C:\I386 2009-12-04 19:40:11 0 d-----w- c:\program files\Avira 2009-12-04 19:40:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2009-12-04 19:17:02 0 d-s---w- c:\documents and settings\owner\UserData ==================== Find3M ==================== ============= FINISH: 17:09:55.46 ===============

Edited by mekap04, 05 December 2009 - 04:11 PM.


#28 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 05 December 2009 - 04:14 PM

I have attached the other file you requested

Attached Files



#29 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 05 December 2009 - 04:21 PM

Hi,

Things look good.

You may wish to download Adobe Reader, Flash and Shockwave

http://www.adobe.com/downloads/ (the downloads you want are under readers and players)

and also Java - version 6 update 17

http://java.com/en/download/manual.jsp

You might want to consider a third party firewall as well.

Herw are some free ones (only choose one)

Outpost Firewall Free
Comodo
Sunbelt Kerio


Now you should be good to go.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#30 mekap04

mekap04

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts

Posted 06 December 2009 - 07:59 AM

OK, I have done what you suggested and downloaded the programs. I also ran a scan with avira and it found 5 detections. Should I be worried about this? Also with the firewall, I downloaded comodo but a lot of pop up messages come up when I download anything about whether to allow it or not. How do I minimize the number of prompts. I have to say OK about 10 times for each thing I download whether to allow it or not. Thanks

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users