Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MBAM cannot remove "culprit" access to 5.45.64.145/5.45.69.131

01 Feb 2014   #21
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

The farbar log will tell a lot. If it's a TDL, then TDSSkiller will be called to task if necessary. Let's find out first.


My System SpecsSystem Spec
.
01 Feb 2014   #22
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Just for closure, I now have ABSOLUTE PROOF that regarding the AOL issue the value of "useragentstring" sent from AOL to the Nordstrom site definitely is the "culprit" insofar as being responsible for the failure of the Nordstrom web page to work properly.

I just connected to the Boston machine (my friend is in Florida this week, but their Boston machine is still on and remotely accessible to me), which is a Windows 7 laptop (not Vista) and is running IE10.

As you can see from the following, it absolutely indicates WHICH version of IE is operational:





So the question is absolutely "how do I get AOL on the Vista machine to recognize that it is now IE9 installed and not IE7 as it used to be", in order to send the proper "useragentstring" value?

(I will doubly post this on my other AOL-related thread, where it really belongs. This thread is for the malware issue only.)
My System SpecsSystem Spec
01 Feb 2014   #23
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

My System SpecsSystem Spec
.

01 Feb 2014   #24
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Quite the story!! Pretty much run a complete sequence of "every top-rated tool known to man"! Not really "easily clean", but probably quite effective I'd guess.

I will have to schedule my friend to help out, if the "safe mode" boot is absolutely required for the first step. I cannot do that remotely.

I assume that since the first step triggers a re-boot necessity, and since there was no further mention of "safe mode", that it's acceptable to run the rest of the programs under normal Windows desktop.


Anyway, herdProtect is still running. It's in its "cloud phase" which is definitely NOT fast. But I'll let it take as long as it takes and see what it finds (it's found 1 object so far, though I don't know it is) before embarking on the above scenario.

Thanks VERY VERY MUCH for your efforts and follow-up on this issue. Same gracious thanks to the others of you who've also chipped in so far. I'm sure the collective "group think" armed with the proper tools will eventually emerge victorious.
My System SpecsSystem Spec
01 Feb 2014   #25
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Yeah, I thought you could use a guide book instead of a guide

It might have been possible to avoid safe mode by walking through the tools. You were chasing down some other things, so I posted the link.

It makes it easier for you to work through step-by-step when you have the time. I can only stress that you run all nine scanners all the way through, so that any malware can't get rooted again.

It's a good guide, but nothing is gauranteed. When you get through it all there are a few other utils to run as final stage cleanup.

Post after running through the guide and updating Windows.

Happy (malware) hunting!

Bill
.
My System SpecsSystem Spec
01 Feb 2014   #26
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Safe mode is a precautionary step, you can run the tools in normal mode.

I also never had to rename any tool to iexplorer.exe - that's another precautionary step. (just scanned the guide again and did't see where they renamed the util / there were two instances before / - might have missed in a quick read)

But some malware is very savvy, savvy?

It's a very good regiment to use when you're shooting in the dark or even if you have a clear line of sight.

Bill
.
My System SpecsSystem Spec
01 Feb 2014   #27
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Then collect some information:
I've started using and recommending herdProtect - a multi-engine scanner.

Try downloading the portable version here. Then run herdProtect on the infected system.
Unfortunately herdProtect is still in beta, so it's a report only scanner; it doesn't fix the problem.
Ok. This finally finished with its FIRST scan. Apparently I now am to wait about 1 1/2 hours and then run a second scan, which will run "much faster". I guess there's some work going on "in the cloud" right now, but it's hard to imagine requiring 1.5 hours.

Anyway, right now I'm on a break.

And attached is the log output from the first scan.


Attached Files
File Type: txt Scan_2014-2-1-14-54.txt (29.6 KB, 5 views)
My System SpecsSystem Spec
01 Feb 2014   #28
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Have you cleared the Java cache? AOL instructions: Clearing your Java cache - AOL Help


Flushed the 'dirty DNS cache'? Open an elevated command prompt (run as Administrator) > copy/paste ipconfig /flushdns press 'enter'.
My System SpecsSystem Spec
01 Feb 2014   #29
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by Jacee View Post
Have you cleared the Java cache? AOL instructions: Clearing your Java cache - AOL Help]
Hadn't done this, but I have now.


Quote:
Flushed the 'dirty DNS cache'? Open an elevated command prompt (run as Administrator) > copy/paste ipconfig /flushdns press 'enter'.
Ditto.

Don't know what either of these might do. But I can't re-boot yet (which I wanted to do) because I just checked Windows Update and since this is the first opportunity since Service Pack 2 was installed I have about 140 updates to install. So it'll be a while.
My System SpecsSystem Spec
01 Feb 2014   #30
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Yeah, I thought you could use a guide book instead of a guide
I ran the "junkware removal tool" (out of sequence I'm afraid) while I had some time.

It produced ZERO items detected.

One down, many to go.
My System SpecsSystem Spec
Reply

 MBAM cannot remove "culprit" access to 5.45.64.145/5.45.69.131




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Remove "Restore previous versions" and "Share with" from context menu
Hello! ... How about removing these two: "Restore previous versions" and "Share with"
Customization
"access denied" when using "assoc" and "ftype" from cmdline?
I tried to associate the file extension .txt to a new editor program with the well known cmdline programs ASSOC and FTYPE. No, assigning them through WinExplorer menu does not work. But this is another problem which should not discussed here. When I type now one of the following...
General Discussion
remove the "open" and "merge" entries from context menu?
safe to assume its impossible to remove the "open" and the "merge" entries from the context menu? I figure if i want to open or merge them i would simply double click. Clutter and redundency in this vein dont suit me :P
Customization
MBAM Pro settings - how to automatically get "missed updates"?
I've been struggling with this problem (clearly must be a settings issue), but cannot seem to figure out what to do in order to avoid the problem symptom. Either that, or it's a program bug (which I will report on the MBAM forum, but I hate to post there because of "attitude"). I would like...
System Security
Firefox culprit for "reduced leading" in PREFS.JS: FLASH PLUGIN!!!
As I continued to try and chase down my "reduced leading" problem whenever I visited certain forum web sites and then closed/re-opened Firefox, I carefully compared my PREFS.JS from a "perfect, working" copy vs. what PREFS.JS looked like right after closing the very first Firefox session after...
Browsers & Mail
Remove "labels" from drive types in "Computer" window?
Hi there, I didn't really know how to google for this (although I did), so I didn't find anything proper and like to ask you: How do I remove the "labels" from drive types in "Computer" window? What I mean: http://dl.getdropbox.com/u/16751/computer_labels.jpg These labels above the different...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:35.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App