alison r Posted December 29, 2010 ID:367053 Share Posted December 29, 2010 the malware has hijacked our Google search redirecting us to the fake "Gala Search". I was able to get my search engine changed but not sure if this will be corrected for good.Attempting to connect to Googlemail (Gmail) brings up a warning that the security certificate for the site is not valid. Malwarebytes reports no problems.Below are the Malwarebytes log. Any help in getting rid of this greatly appreciated.ThanksMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5412Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1112/28/2010 10:47:29 PMmbam-log-2010-12-28 (22-47-29).txtScan type: Quick scanObjects scanned: 227743Time elapsed: 33 minute(s), 22 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afrebgpo (Trojan.Dropper) -> Value: afrebgpo -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Documents and Settings\abruzgis\Local Settings\Temp\grfxlgcnc\gclktiwlajb.exe (Trojan.Dropper) -> Delete on reboot.c:\documents and settings\abruzgis\local settings\temporary internet files\Content.IE5\7I16Z9XL\kqflcncmhl[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
kahdah Posted December 29, 2010 ID:367112 Share Posted December 29, 2010 Hello alison rWelcome to Malwarebytes.For the security certificate error please correct the time and date on your machine this will fix that issue.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Link to post Share on other sites More sharing options...
alison r Posted December 30, 2010 Author ID:367727 Share Posted December 30, 2010 Thanks for the response however I was not able to run the OTL. I received an error when I tried to run it. It said that .......Content.IE5\RINREVGA\OTL[1].EXE is not a valid Win 32 application. Not sure what to do since I cant download this. Please help. AlisonHello alison rWelcome to Malwarebytes.For the security certificate error please correct the time and date on your machine this will fix that issue.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Link to post Share on other sites More sharing options...
kahdah Posted December 30, 2010 ID:367792 Share Posted December 30, 2010 You need to save it to your desktop try it again.See also if your antivirus is preventing you from downloading it. Link to post Share on other sites More sharing options...
alison r Posted January 3, 2011 Author ID:369180 Share Posted January 3, 2011 Saving it did not help. How do I see if my anitvirus is preventing me from downloading it. We use McAfee. You need to save it to your desktop try it again.See also if your antivirus is preventing you from downloading it. Link to post Share on other sites More sharing options...
kahdah Posted January 3, 2011 ID:369276 Share Posted January 3, 2011 The only way to tell is to disable the antivirus then redownload it.Try that first then let me know. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 18, 2011 Staff ID:376055 Share Posted January 18, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts