Website blocked due to Trojan, (and Hijack) messages

[BAA]

Hello,

I have a windows 7 computer, and when on the web with Firefox, I  keep getting Malwarebyte's messages that say "Website blocked due to Hijack", and also messages that say "Website blocked due to Trojan".

And sometimes when I'm on my peoplepc email website, Firefox will jump to some site that is obviously trying to do harm. Sorry I didn't keep a better record, but it's one of those sites that says you have an infection, and they want you to click on something to solve it.....

When I do a Malwarebytes scan, or an AVAST scan, then nothing is found.

I'm requesting help with resolving this since It seems like I've got an infection.

I've attached a Farbar Recovery Scan Tool scan result.

thanks!!!

 

FRST.txt

Addition.txt

[kevinf80]

Hello BAA and welcome to Malwarebytes, Continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Refresh Firefox Browser, instructions here: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings?redirectlocale=en-US&redirectslug=reset-firefox-easily-fix-most-problems Next, Install uBlock-Origin: https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ <<--- Recommended. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Please download Zemana AntiMalware and save it to your Desktop.   Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.   Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin...

fixlist.txt

[BAA]

Kevin,

I completed all the steps, and attached the files.

I will see how things go now. 

thanks.

 

Fixlog.txt

AdwCleaner[S00].txt

AdwCleaner[C00].txt

2018.12.20-08.54.24-i0-t92-d0.txt

[BAA]

Kevin,

I've done a little websurfing, and don't see the "website blocked..." Malwarebytes messages, but I'm still seeing an issue when I'm on my peoplepc email.

If I log in to my email, and let it sit there for 5 or 10 minute, then it will end up at one of those fake websites. I've attached a screen shot of what I see after this happens.

Hopefully this screenshot helps!

thanks!!

 

[kevinf80]

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

[BAA]

Kevin,

I ran FRST again, and here are the files:

Also I only did the "SCAN" and did not do the "FIX"

thanks!!

FRST.txt

Addition.txt

[kevinf80]

Your default browser is firefox, lets see if a fresh clean install of firefox makes any difference...

Make a "Clean" install Firefox: Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks: https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Next, Remove all synced data from Firefox to stop possible re-infection or exploitation. https://support.mozilla.org/en-US/questions/1037353 Next, Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later... Next, Lets totally remove Firefox and start over. Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions... Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present): (32-bit Windows) C:\Program Files\Mozilla Firefox (64-bit Windows) C:\Program Files (x86)\Mozilla Firefox It is essential the installation folder is removed. Re-boot your system when that is completed.... Next, To remove all remaining data and profile information... Press "Windows key + R" to open the Run box In the Run box, type in or copy and paste %APPDATA% Click OK. A Windows Explorer window will appear. In this window, choose/open in succession Mozilla > Firefox > Profiles. Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete. Re-boot your system when complete! Next, Use the Mozilla Firefox installer to reinstall your Browser.... When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc.... uBlock-Origin can be installed from here: https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ <<--- Highly Recommended.   Any improvement...?

[BAA]

Kevin,

I followed your steps again. thanks.

It seems like everything is okay now, except for an issue that I didn't mention but was happening before and now too.

Now when I websurf, it seems to work okay, but sometimes the computer will just jam up. In other words, the cursor freezes, the clock freezes on that particular time, and I can't shut if off with control/alt/delete.  I can come back to it hours later, and it will still be frozen, and the clock will show the same time as when it froze.

I don't know if this is malware related or not. I have a friend in IT who did NOT look at my computer but mentioned that with a laptop which is 8 years old, he thinks my hard drive may need replacing if it's jamming up like this.

If you think that I should be clear of malware now, then we can close this thread.

If you have any other suggestions, then I'm eager to listen.

thanks for the great help so far!!!

 

[kevinf80]

Hiya BAA,

The two latest logs from FRST did not find any remaining malware or infection. The freezing you describe does suggest a possible HDD failure, that should be checked out asap....

I recommend you also run SeaTools HDD diagnostic check to make sure the HDD is fit for purpose.... Go here: https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics.html and download the ISO, that will need to be burnt to a CD to test your HDD. The full instructions are also at that link, IMGBurn is suggested to be used to burn the CD, be aware it may come bundled with unwanted extras. I recommend you get the free version of BurnAware from the following link: http://www.burnaware.com/download.html Follow the instructions to run that tool here: http://knowledge.seagate.com/articles/en_US/FAQ/201271en#GUI Post back the findings, Thank you, Kevin

[BAA]

Kevin,

I backed up everything on the laptop to an external drive. Yes, yes, yes, I know I should have done that already before running into any trouble, but sometimes I get lazy with stuff like that.....

I will then look into the links that you provided. I was not aware of tests that look at the health of the hardrive other than the windows checkdisk.

It will take me another day or two to finish this.

thanks!!!

 

[kevinf80]

Hello BAA,

Thanks for the update, let me know the outcome of HDD checks...

Thank you,

Kevin...

[BAA]

Kevin,

I'm still working on this....

I purchased an external Hard drive, and am creating an image of my hard drive on it now. It's taking a while. (it says 6 hours to go....)

The other backup I mentioned was to backup "My Documents". What I'm doing now is creating an image of the whole hard drive using AOMEI backupper.

I'm trying to protect myself in case the hard drive blows up on me. I don't know of another way of recovering everything if the hard drive crashes. (The laptop was loaded with Windows 7 but didn't have any recovery discs....)

One interesting point is that the freeze up is very consistent when running firefox. It's almost like it's on a timer and after 15 minutes or so it will freeze up.

This current backup is taking a while, but I haven't seen anything freeze up.

Next I'll do the hard drive tests.

thanks!!

[kevinf80]

Thanks for the update....

[BAA]

Kevin,

I ran the windows version of SeaTools. I did not create the cd disc....etc.

I just downloaded the windows version, and that seemed to work. I don't know if that has any disadvantages to the CD disc method.....

I ran all the tests. It passed everything, except for the Long Generic Test. That one failed.

I attached a screen shot of the test result.

My plan is to buy a new internal hard drive for this laptop tomorrow.

Let me know if you have any other suggestions!

thanks!!

[kevinf80]

Yes I agree, that hard drive needs replacing asap, I would invest in an SSD "Solid State Drive" faster and more efficient than a standard HD. I would suggest minimum 1 TB SSD..

https://www.pcmag.com/article2/0,2817,2404258,00.asp

This is what I use on my Windows 10 systems...

Windows own Firewall - http://www.thewindowsclub.com/how-to-configure-windows-7-firewall (is marked as 7 but also refers to 10 also) Windows Defender (Windows 8 and above) - https://www.howtogeek.com/220232/how-to-use-the-built-in-windows-defender-antivirus-on-windows-10/ Microsoft Security Essentials (Windows 7 and below) - https://www.microsoft.com/en-us/download/details.aspx?id=5201 Malwarebytes Premium - https://www.malwarebytes.com/premium/ Works very well with Defender or MSE.. Obviously the paid for version is required for realtime protection. UnChecky - https://unchecky.com/ helps to stop unwanted extras when installing certain free software.. Panda USB Vaccine - https://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ Protectes your system when USB devices are plugged in... uBlock Origin for my Browsers: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en All the above are free except for Malwarebytes Premium..... Not sure if you`ve heard of software by AOMEI, I use the pro versions. One of two freeware versions I recommend for you is Aomei One Key Recovery, the free version is more than adequate. Its a fully automated service that creates its own hidden Recovery Partition that is available at Boot. The partition holds a full image backup of your C:\ Drive, so if you have major problems you can revert back to that image by selecting the chosen key at boot. https://www.aomeitech.com/onekey-recovery.html The second one is Aomei Backupper Standard, again free version is more than adequate for you. Make sure to read up on these programs at Manf Website before installing and using... https://www.aomeitech.com/ab/standard.html Next, Before imaging across to new hard drive clean up old one first: Uninstall Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

 

[BAA]

Kevin,

I purchased a 1TB SSD replacement drive, and used AOMEI to create a clone of the original. I cloned the original drive to an external hard drive. Then cloned the external HD to the new 1TB SSD. Then plugged the new 1T SSD drive into the laptop.

Now when I try to boot it, I get the message " No bootable device -- insert boot disk and press any key"

It looked like the cloning worked. It took a really long time but seemed to work. I didn't do the cleanup stuff that you mentioned before I did the cloning since I did this before reading your message....

Not sure how to get the new 1T SSD drive to work now....

thanks.

[kevinf80]

That seems to indicate that your SSD is not recognized. Can you format the new drive on another PC, copy image again and try in laptop..

[BAA]

I plugged in both the old and new hard drives into another computer. I used an adapter on both to make them plug into the USB ports. Then I did a disk to disk clone.

Now it works. Firefox seems to be working fine too now.

The only thing I have to do now is figure out how to use the full 1TB space on the new hard drive. It seems like everything copied over just fine, except that the new drive shows a capacity of 600GB which is much smaller than the 1TB of the new drive.

I think I have to redefine the partition sizes? I'm not sure if this is easy to do or not.

thanks.

[kevinf80]

Hello BAA,

I use the pro version of Aomei Partition Assistant, there is also  standard version which is free for home use. I believe the standard edition is what you need, read the instructions at the website...

https://www.aomeitech.com/aomei-partition-assistant.html

Let me know if you need any further assistance...

Thank you,

Kevin..

[BAA]

Kevin,

I was able to merge the C partition to the unallocated partition using the standard AOMEI partition assistant.

Now I can use my entire hard drive capacity.

In conclusion:

• My firefox seems to be working well. (no virus warnings, and no hijacked pages...)
• My new SSD hard drive is installed, and seems to have turbocharged this old computer. Everything seems to work much faster!

Thanks to your great help, I'm much smarter now with all this. I now know how to replace a hard drive for example.

Thanks again for the help

[kevinf80]

You`re very welcome BAA, it was a pleasure to work with you...

Regards,

Kevin.

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks