Jump to content

digitalprivacyalert.org 2 old threads closed


Recommended Posts

2 threads I found were closed with no real resolution posted.

Win7 64 bit reinstall(hard drive failed 2 weeks ago).

Malwarebytes and Symantec find nothing.  Doesn't pop up all the time.

Only vulnerability I can think of is before the reinstall and after my laptop guy had me lower the whole way to make my wireless printer work.   After he reinstalled win7 64 bit pro I had to do the same thing to get the printer to work.

Control panel, user accounts & family, user accounts, change user account controls setting, has to be lowered the whole way in order to use my wireless HP printer.  So now it will never notify me about changes to my computer.

Firefox updated to the latest.  Don't use IE or Chrome but may have when downloading HP driver or something that may have launched one of those browsers .

laptop still usable, definitely occasionally annoying, but no idea of what other intrusions could be happening.

Assistance please - or point me to a thread that has a successful resolution posted.  I updated Malwarebytes last night and reran it but I will do it again tonight.  Hoping that it will now find this redirect.

Thanks!

 

 

Link to post
Share on other sites

  • Root Admin

Hello @davebugs and :welcome:

Do you have a Mozilla Firefox account that you log into and sync your settings?  If so please login and remove, delete the sync data. Back up your Bookmarks to a location outside of the Mozilla, Firefox folder structure first.

Then run the following.

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button and allow it to delete all settings and restore the default Firefox settings.

Then run the following.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Now, restart the computer and let me know if that corrects the issue for you.

Thank you

Ron

 

Link to post
Share on other sites

Thanks for the quick response.

I never sync anything if given a choice.  Heck I still keep all my contact info in an old text file.  No syncing of contacts, calendars, anything.

I refreshed firefox, rebooted, ran the temp file cleaner utility and rebooted again.

Time will tell if it worked.  If it does I will post back in a few days.  A pet peeve of mine is folks not replying if the fix was successful.

Link to post
Share on other sites

  • Root Admin

Okay, let's do a scan then before we do a full removal process.

I'll be out most of the day tomorrow but will check back on you again tomorrow night when I get back. Also, don't forget to have and use an Ad Blocker.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Turns out I have the Corporate Edition.  I updated it, rebooted,  and ran a full scan - here is the log:

I did not see"threat scan" anywhere

Ad blocker?  I have this Malwarebytes and Symantec Corporate is all I have.  Used to use spybot then adaware then it got to where is seemed they installed more crap than they removed.

I will continue with the next steps.

 

Edited by davebugs
attached log
Link to post
Share on other sites

Ron,

 

First - let me thank you for your assistance.

 

It still happens occasionally.  I'd say every half hour?  Last time was pointing to a different site.  I am on Amazon and Ebay a lot.  Occasionally on Yahoo with the same issues.  I have been having issues with "back button" sometimes not working.  Before and after the history/temp file cleanup the other day.

 

Here are the second set of logs from farbar.

 

I am an "old" computer guy, withe the emphasis on old.  And actually still a Microsoft hater.  I remember even when the first PC's (which ran CPM) ran for months without needing rebooted or rebooting themselves.  Or Business operating systems that were much better than, I call sturdier, than anything I fear Microsoft will ever release.  The character cell days when things weren't as pretty but literally ran for years without reboot.

So whenever I have issues with Microsoft or a layered product it still drives me crazy!  Heck back around 2000 I actually had some Microsoft certifications - and hated every minute of it.

Therefore I really do appreciate assistance from folks who know what they are doing.  It simply takes way too much time to try and keep on top of things for the couple of laptops that I have.  An XP (maybe the sturdiest OS MS ever released?), this win7 64 bit Pro and a win10 that I despise. The higher level they try and make things the more annoyed I get...

Regardless of what happens here I truly do appreciate the effort and the guidance.

 

Malwarebytes 2nd run of farbar FRST 01082018.txt

Malwarebytes 2nd farbar run Addition 01082018.txt

Link to post
Share on other sites

  • Root Admin

Okay, let's try one more tool before we gut Firefox.

You will need to fully disable Symantec to run this tool. Once done, make sure you re-enable Symantec.

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Thanks and let me know

Ron

 

Link to post
Share on other sites

 Heck I think it just tried to repost my last reply.

 

I haven't been online much today at all.  Haven't been redirected today but I don't think any of these utilities has turned anything up yet.


Should I proceed since we haven't apparently found anything yet or wait until it happens again?

 

Link to post
Share on other sites

  • Root Admin
55 minutes ago, davebugs said:

It still happens occasionally.  I'd say every half hour?  Last time was pointing to a different site.

Based on that reply, I'd say yes. This tool is very good at finding and fixing items that other tools sometimes miss. I"m not saying it will clear it for us but worth a shot. If not then we'll look at manually gutting out Firefox and once sure all is clean, reinstall it.

 

Link to post
Share on other sites

How much you know abotu Symantec?

  • Open Symantec Endpoint Protection and then click Change settings from the left menu bar.
  • Click Configure Settings next to Antivirus and Antispyware Protection. Click the File System Auto-Protect tab and uncheck the box labeled Enable File System Auto-Protect. Click OK.
  • Click Configure Settings next to Proactive Threat Protection. Uncheck the boxes labeled Scan for trojans and worms and Scan for keyloggers. Click OK.

1st item no problem.

 

2nd item it's all under SOMAR now?  The individual boxes it says to uncheck don't exist. Everything to the right of Proactive Threat Protection seem to fall under SOMAR

Malwarebytes Symantec screenshot 01082018.docx

Link to post
Share on other sites

 Over my head.

 

Looks like uncheck i and continue?  Doesn't specifically say that it covers what those other boxes checked but seems to be kinda the same sort of protection.

 

So my guess in uncheck?  Worst case what it asks or warns about events when I run combofix and I allow?

Link to post
Share on other sites

  • Root Admin

Okay, it did not seem to find anything helpful there to remove. If you're still having a block or redirect with Firefox we'll probably need to do a manual removal.

You'll need to temporarily use IE or another browser until we get Firefox back onto the system. Please export your bookmarks to a location outside of the Mozilla/Firefox folder structure.

Once you have your bookmarks saved then go ahead and uninstall Firefox. Then reboot the computer and run FRST again and make sure you put a check mark in the Addition.txt check box and post back both new logs.

Thanks

Ron

 

Link to post
Share on other sites

I may run like this for a day and see what happens.  I needed to pay bills and get into other "sensitive" things tonight but I won't until I see if I still get redirected.

 

If I do I will start the firefox process.  I didn't see where to check that box when running FRST but I'll look again if I rerun it.

 

At some point I wonder how much SPAM/popups/etc. I may be incurring from downloading several "fix" programs to the desktop.  For instance I have AVG aware on a computer and it's really annoying wanting you to upgrade on a PC without a lot of resources running an old POS system.

You mentioned an ad blocker  have a recommendation?  Years ago I loved spybot then it get kinda annoying.  Then ad-aware for a while.  Now this laptop has Corporate Malwarebytes, the others have shareware Malwarebytes and they all have Corporate Symantec.  Do you have  a recommendation for an additional product?  Is one needed? 

 

 

 

Link to post
Share on other sites

Yahoo  - Main page I guess that I set as homepage.  Went into an article and back arrowed out.  Went I think 2 other places/names before settling on the privacy????.org that I had searched on before starting this thread.  I don't recall the 2 other names that came up for part of a second before coming up with the privacy one,.  And now I don 't even recall what article I had read. I have probably 70 tabs open and a half dozen are yahoo main or finance  I believe a couple of back arrows took me back to Yahoo where I came from.  I could have killed the tab - I forget.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.