Jump to content

Gala Search-Errors with gmail


Recommended Posts

the malware has hijacked our Google search redirecting us to the fake "Gala Search". I was able to get my search engine changed but not sure if this will be corrected for good.

Attempting to connect to Googlemail (Gmail) brings up a warning that the security certificate for the site is not valid. Malwarebytes reports no problems.

Below are the Malwarebytes log. Any help in getting rid of this greatly appreciated.

Thanks

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5412

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

12/28/2010 10:47:29 PM

mbam-log-2010-12-28 (22-47-29).txt

Scan type: Quick scan

Objects scanned: 227743

Time elapsed: 33 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afrebgpo (Trojan.Dropper) -> Value: afrebgpo -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Documents and Settings\abruzgis\Local Settings\Temp\grfxlgcnc\gclktiwlajb.exe (Trojan.Dropper) -> Delete on reboot.

c:\documents and settings\abruzgis\local settings\temporary internet files\Content.IE5\7I16Z9XL\kqflcncmhl[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello alison r

Welcome to Malwarebytes.

For the security certificate error please correct the time and date on your machine this will fix that issue.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Thanks for the response however I was not able to run the OTL. I received an error when I tried to run it. It said that .......Content.IE5\RINREVGA\OTL[1].EXE is not a valid Win 32 application.

Not sure what to do since I cant download this. Please help.

Alison

Hello alison r

Welcome to Malwarebytes.

For the security certificate error please correct the time and date on your machine this will fix that issue.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.