MBAM cannot remove "culprit" access to 5.45.64.145/5.45.69.131

Just for closure, I now have ABSOLUTE PROOF that regarding the AOL issue the value of "useragentstring" sent from AOL to the Nordstrom site definitely is the "culprit" insofar as being responsible for the failure of the Nordstrom web page to work properly.

I just connected to the Boston machine (my friend is in Florida this week, but their Boston machine is still on and remotely accessible to me), which is a Windows 7 laptop (not Vista) and is running IE10.

As you can see from the following, it absolutely indicates WHICH version of IE is operational:





So the question is absolutely "how do I get AOL on the Vista machine to recognize that it is now IE9 installed and not IE7 as it used to be", in order to send the proper "useragentstring" value?

(I will doubly post this on my other AOL-related thread, where it really belongs. This thread is for the malware issue only.)

Slartybart said:

Forget farbar.

Try this: How to easily clean an infected computer (Malware Removal Guide)

Quite the story!! Pretty much run a complete sequence of "every top-rated tool known to man"! Not really "easily clean", but probably quite effective I'd guess.

I will have to schedule my friend to help out, if the "safe mode" boot is absolutely required for the first step. I cannot do that remotely.

I assume that since the first step triggers a re-boot necessity, and since there was no further mention of "safe mode", that it's acceptable to run the rest of the programs under normal Windows desktop.


Anyway, herdProtect is still running. It's in its "cloud phase" which is definitely NOT fast. But I'll let it take as long as it takes and see what it finds (it's found 1 object so far, though I don't know it is) before embarking on the above scenario.

Thanks VERY VERY MUCH for your efforts and follow-up on this issue. Same gracious thanks to the others of you who've also chipped in so far. I'm sure the collective "group think" armed with the proper tools will eventually emerge victorious.

Slartybart said:

Then collect some information:
I've started using and recommending herdProtect - a multi-engine scanner.

Try downloading the portable version here. Then run herdProtect on the infected system.
Unfortunately herdProtect is still in beta, so it's a report only scanner; it doesn't fix the problem.

Ok. This finally finished with its FIRST scan. Apparently I now am to wait about 1 1/2 hours and then run a second scan, which will run "much faster". I guess there's some work going on "in the cloud" right now, but it's hard to imagine requiring 1.5 hours.

Anyway, right now I'm on a break.

And attached is the log output from the first scan.

Jacee said:

Have you cleared the Java cache? AOL instructions: Clearing your Java cache - AOL Help]

Hadn't done this, but I have now.

Flushed the 'dirty DNS cache'? Open an elevated command prompt (run as Administrator) > copy/paste ipconfig /flushdns press 'enter'.

Ditto.

Don't know what either of these might do. But I can't re-boot yet (which I wanted to do) because I just checked Windows Update and since this is the first opportunity since Service Pack 2 was installed I have about 140 updates to install. So it'll be a while.

Slartybart said:

Yeah, I thought you could use a guide book instead of a guide

I ran the "junkware removal tool" (out of sequence I'm afraid) while I had some time.

It produced ZERO items detected.

One down, many to go.