New
#21
The farbar log will tell a lot. If it's a TDL, then TDSSkiller will be called to task if necessary. Let's find out first.
The farbar log will tell a lot. If it's a TDL, then TDSSkiller will be called to task if necessary. Let's find out first.
Just for closure, I now have ABSOLUTE PROOF that regarding the AOL issue the value of "useragentstring" sent from AOL to the Nordstrom site definitely is the "culprit" insofar as being responsible for the failure of the Nordstrom web page to work properly.
I just connected to the Boston machine (my friend is in Florida this week, but their Boston machine is still on and remotely accessible to me), which is a Windows 7 laptop (not Vista) and is running IE10.
As you can see from the following, it absolutely indicates WHICH version of IE is operational:
So the question is absolutely "how do I get AOL on the Vista machine to recognize that it is now IE9 installed and not IE7 as it used to be", in order to send the proper "useragentstring" value?
(I will doubly post this on my other AOL-related thread, where it really belongs. This thread is for the malware issue only.)
Quite the story!! Pretty much run a complete sequence of "every top-rated tool known to man"! Not really "easily clean", but probably quite effective I'd guess.
I will have to schedule my friend to help out, if the "safe mode" boot is absolutely required for the first step. I cannot do that remotely.
I assume that since the first step triggers a re-boot necessity, and since there was no further mention of "safe mode", that it's acceptable to run the rest of the programs under normal Windows desktop.
Anyway, herdProtect is still running. It's in its "cloud phase" which is definitely NOT fast. But I'll let it take as long as it takes and see what it finds (it's found 1 object so far, though I don't know it is) before embarking on the above scenario.
Thanks VERY VERY MUCH for your efforts and follow-up on this issue. Same gracious thanks to the others of you who've also chipped in so far. I'm sure the collective "group think" armed with the proper tools will eventually emerge victorious.
Yeah, I thought you could use a guide book instead of a guide :)
It might have been possible to avoid safe mode by walking through the tools. You were chasing down some other things, so I posted the link.
It makes it easier for you to work through step-by-step when you have the time. I can only stress that you run all nine scanners all the way through, so that any malware can't get rooted again.
It's a good guide, but nothing is gauranteed. When you get through it all there are a few other utils to run as final stage cleanup.
Post after running through the guide and updating Windows.
Happy (malware) hunting!
Bill
.
Safe mode is a precautionary step, you can run the tools in normal mode.
I also never had to rename any tool to iexplorer.exe - that's another precautionary step. (just scanned the guide again and did't see where they renamed the util / there were two instances before / - might have missed in a quick read)
But some malware is very savvy, savvy?
It's a very good regiment to use when you're shooting in the dark or even if you have a clear line of sight.
Bill
.
Ok. This finally finished with its FIRST scan. Apparently I now am to wait about 1 1/2 hours and then run a second scan, which will run "much faster". I guess there's some work going on "in the cloud" right now, but it's hard to imagine requiring 1.5 hours.
Anyway, right now I'm on a break.
And attached is the log output from the first scan.
Have you cleared the Java cache? AOL instructions: Clearing your Java cache - AOL Help
Flushed the 'dirty DNS cache'? Open an elevated command prompt (run as Administrator) > copy/paste ipconfig /flushdns press 'enter'.
Hadn't done this, but I have now.
Ditto.Flushed the 'dirty DNS cache'? Open an elevated command prompt (run as Administrator) > copy/paste ipconfig /flushdns press 'enter'.
Don't know what either of these might do. But I can't re-boot yet (which I wanted to do) because I just checked Windows Update and since this is the first opportunity since Service Pack 2 was installed I have about 140 updates to install. So it'll be a while.