Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Incorrect web page

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 6:16 pm

Thunderbird deleted.
Problem is fixed! THANK YOU!
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm
Advertisement
Register to Remove

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 6:30 pm

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



    Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

You can also delete any logs we have produced, and empty your Recycle bin.



The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 6:57 pm

Thank You! :cheers: :cheers: :cheers:
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby PA Bear » December 1st, 2008, 7:17 pm

WAR wrote:
Robear Dyer wrote:Can you now access the fidelity.com log-in page?
YES! Thank You.

I'll assume your thanks are directed at katana and the excellent assistance provided you.

WAR wrote:
Robear Dyer wrote:Does (Windows) Security Center continue to show ZA as disabled 5 to 10 minutes after you're (re)booted?

Yes, but the zone alarm program shows it IS running and protecting the computer.

Well, it shouldn't be that way IMHO.

If a Norton application has ever been installed on the machine (e.g., a free-trial version that came preinstalled when you bought it), download/run this removal tool then reboot: http://service1.symantec.com/SUPPORT/ts ... 3108162039

If a McAfee application has ever been installed on the machine (e.g., a free-trial version that came preinstalled when you bought it), download/run this removal tool then reboot: http://service.mcafee.com/FAQDocument.a ... 83&lc=1033

If still no joy/Otherwise, see if rebuilding the Window Management Instrumentation Repostitory (WMI) corrects the behavior:

    Start | Run | (type) cmd | OK
Carefully type the following in the command window (note that the parameter UpgradeRepository is case-sensitive and must be typed exactly as shown) then press ENTER key:

    rundll32 wbemupgd, UpgradeRepository
Reboot for good measure then test & report back to this thread.

Additional references include: http://windowsxp.mvps.org/repairwmi.htm & http://aumha.net/viewtopic.php?f=62&t=3 ... 85#p201285
PA Bear
MicroSoft MVP
 
Posts: 3
Joined: June 11th, 2007, 12:13 pm

Re: Incorrect web page

Unread postby WAR » December 2nd, 2008, 8:48 am

Norton removal tool was run on 11/26 per your suggestion.
McAfee was never on the computer.
I ran the start/run/cmd.exe/rundll32 wbemupgd, UpgradeRepository and it didn't appear as if anything happened.
See note below;
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Wayne & PJ>rundll32 wbemupgd, UpgradeRepository

C:\Documents and Settings\Wayne & PJ>rundll32 wbemupgd, UpgradeRepository

C:\Documents and Settings\Wayne & PJ>

???
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby PA Bear » December 2nd, 2008, 10:30 am

We're getting a little off-topic here. If we can't accomplish this shortly, we'll take it to PM.

Reference: The section entitled "Entering the Windows XP command prompt" (and only that section) on the page http://www.pcstats.com/articleview.cfm? ... 723&page=2

If opening a command prompt (Start | Run | cmd | OK) takes you to

    C:\Documents and Settings\Wayne & PJ>
type cd.. and press ENTER two times to get to the root drive [i.e., C\:]; example...

    C:\Documents and Settings\Wayne & PJ>cd..
    C:\Documents and Settings>cd..
    C:\>
At this point, type in the command and press ENTER; example...

    C:\rundll32 wbemupgd, UpgradeRepository
Wait 20 minutes or so then reboot & check to see if Security Center is now reporting the status of ZA firewall.

[The results of the above will be found in C:\system32\wbem\logs\setup.log <=this file, if needed.]

==============================

Alternately, you can do the WMI rebuild the "old fashioned" way:

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Quote box below, including blank lines, to your clipboard:
@echo off
cd %~dp0

REM :!: Aumha Forum script only for this user
REM :!: Please do not use unless under direction.
REM :!: Unintended consequences are likely if you are not this user.
REM :!: Authored by Bill Castner, AumHa Forum, from notes by Ramesh, MS-MVP, based on
REM :!: http://msdn.microsoft.com/library/defau ... ng_wmi.asp

net stop winmgmt
c:
cd %systemroot%\system32\wbem
echo Deleting old Repository....
rd /S /Q repository
echo Registering key DLLs....
regsvr32 /s %systemroot%\system32\scecli.dll >NUL
regsvr32 /s %systemroot%\system32\userenv.dll >NUL
echo Recompiling initial MOF namespace entries....
mofcomp cimwin32.mof >NUL
mofcomp cimwin32.mfl >NUL
mofcomp rsop.mof >NUL
mofcomp rsop.mfl >NUL
echo Re-registering WMI components....
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s >NUL
echo Finishing MOF and MFL compilation.....
for /f %%s in ('dir /b *.mof') do mofcomp %%s >NUL
for /f %%s in ('dir /b *.mfl') do mofcomp %%s >NUL
echo DONE. Please reboot your computer now.
pause
cd %~dp0

del %0
exit


Open a new Notepad document. (Do not use a Word Processor or WordPad). Click on Format and make certain that Word wrap is not checked/selected.

Right-click & Paste the contents of your clipboard into Notepad. Click File, Save as..., give it the name "RebuildWMI.cmd" (including the quotation marks) & Save it to your desktop. Exit Notepad.

Double-click on your new file to run the script. It will open a black box with an occasional progress notice. It will remind you that a reboot is necessary at its conclusion.

Now to see if Security Center is now reporting the status of ZA firewall. (You can now DELETE the file you created above from your desktop.)

[Above script & instructions courtesy of MVP Bill Castner]
PA Bear
MicroSoft MVP
 
Posts: 3
Joined: June 11th, 2007, 12:13 pm

Re: Incorrect web page

Unread postby WAR » December 2nd, 2008, 2:48 pm

I did the recommended change.
Win security center still loads first and detects no firewall.
WinPatrol loads next, then the dsl connection, then AVG and finally Zone Alarm.
The security center still says "no firewall" but ZA says it's running and pretecting the computer.
???
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby NonSuch » December 10th, 2008, 8:49 pm

As it appears this issue has been resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware