Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sever Busy....Retry Popup & Slow Response

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Sever Busy....Retry Popup & Slow Response

Unread postby Elrond » January 27th, 2009, 6:08 pm

Does your computer get redirected if you try to search with Google while using FireFox?


GooredFix

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


GooredFix-Option 2
Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

I do know that your computer is infected with Goored but I am asking you to do me the favor and run the cleanup the way I instructed. I need for my own education to see what the log of option 1 looks like for an infected computer as I am also teaching students how to clean up the junk.

Please post both logs in this thread.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Re: Sever Busy....Retry Popup & Slow Response

Unread postby laserman » January 27th, 2009, 11:50 pm

Hi Elrond,

I normally use IE rather than FireFox so I had to try to search with Google in Firefox to answer your question... When I try to search in Google, the search itself works fine. However, when I click on a site in the search results, I am redirected to a site with more sites related to the original search rather than the site I clicked on in the Google search results... very strange... I would have never discovered this problem since I rarely use FireFox. Anyway, here are the two logs you requested. The Goored.exe program names both logs "GooredLog.txt" so I ran option 1, renamed that log, and then I ran option 2. Here they are:

**********************
GooredLog.txt for Option #1
**********************
GooredFix v1.83 by jpshortstuff
Log created at 22:35 on 27/01/2009 running Option #1 (Administrator)
Firefox version 1.5 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D276E6FE-F3B9-4722-A544-69946222EE91}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{D276E6FE-F3B9-4722-A544-69946222EE91}\"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 1.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\Plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 1.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\Components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D276E6FE-F3B9-4722-A544-69946222EE91}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{D276E6FE-F3B9-4722-A544-69946222EE91}\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{62D07DBF-97CF-49A0-9B9F-882A6D91E847}"="C:\Documents and Settings\cwdipro.CWDIPRO1\Local Settings\Application Data\{62D07DBF-97CF-49A0-9B9F-882A6D91E847}" (Folder Missing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

**********************
GooredLog.txt for Option #2
**********************
GooredFix v1.83 by jpshortstuff
Log created at 22:37 on 27/01/2009 running Option #2 (Administrator)
Firefox version 1.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D276E6FE-F3B9-4722-A544-69946222EE91}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{D276E6FE-F3B9-4722-A544-69946222EE91}\"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Administrator\Local Settings\Application Data\{D276E6FE-F3B9-4722-A544-69946222EE91}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 1.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\Plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 1.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\Components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{62D07DBF-97CF-49A0-9B9F-882A6D91E847}"="C:\Documents and Settings\cwdipro.CWDIPRO1\Local Settings\Application Data\{62D07DBF-97CF-49A0-9B9F-882A6D91E847}" (Folder Missing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
laserman
Active Member
 
Posts: 9
Joined: January 11th, 2009, 1:53 am

Re: Sever Busy....Retry Popup & Slow Response

Unread postby Elrond » January 28th, 2009, 2:52 pm

When I went through the rest of the log from DDS I found that I have to give you this warning ( :

I am so sorry to be the bearer of bad news but unfortunately, you have a backdoor on your computer. This gives intruders complete control of your computer, logging key strokes, stealing information, etc. :(
You are strongly advised to do the following immediately!:
  • Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
      Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you make a more informed decision, please read the following articles:
Should you have any questions, please feel free to ask

Please let me know your decision and we'll continue with clean up if that's what you choose.

Once more I am sorry to be the bearer of this bad news and that it took so long to find it but it did not show up in any of the other logs.. :(
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Sever Busy....Retry Popup & Slow Response

Unread postby NonSuch » February 3rd, 2009, 12:21 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware