[CatByte]

Please advise how your computer is running now and if you are experiencing any other issues?

Please do the following:

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:

cleanmgr

At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

[Advertisements]

My pc is a bit better the way it runs, but I still get directed to the following link (while trying to open a Harvard's journal website):


It tries to make me download this ".exe" file...which is no doubt a trojan/virus...

[invinciblebjk]

My pc is a bit better the way it runs, but I still get directed to the following link (while trying to open a Harvard's journal website):


It tries to make me download this ".exe" file...which is no doubt a trojan/virus...

[CatByte]

Hi,

please do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

[invinciblebjk]

Hi and sorry for posting the link, thought it could help

GooredFix v1.92 by jpshortstuff
Log created at 19:51 on 26/04/2009 running Option #1 (xxxxxxxxx)
Firefox version 3.0.9 (en-GB)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{19D6F1AB-D724-41EA-97CA-0758E16D12B7}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Edited by CatByte, 15 June 2009 - 11:17 AM.

[CatByte]

Hi,

Please do the following:

Please double-click GooredFix.exe on your Desktop to run it.

• Select "2. Fix Goored" by typing 2 and pressing Enter.
• Make sure all instances of Firefox are closed at this point.
• Type y at the prompt and press Enter again.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system.

Please also allow any registry changes that may be prompted by any of your security programs.

[invinciblebjk]

Not sure if this process was supposed to speed up my browser but it definitely did.

And since that process, I've opened many journals/articles, didnt come across the same link

here is my log:

GooredFix v1.92 by jpshortstuff
Log created at 20:10 on 26/04/2009 running Option #2 (xxxxxxxxx)
Firefox version 3.0.9 (en-GB)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{19D6F1AB-D724-41EA-97CA-0758E16D12B7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Edited by CatByte, 15 June 2009 - 11:17 AM.

[CatByte]

That's the goal....Looks like we got there in the end, so let's get you cleaned up now.

please do the following:

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

• Click the Pt. Restauration button and press OK to the prompts.
• Click the Corbeille button and press OK to the prompt.
• Click the Fichiers temp button and press OK to the prompt.
• Click the Recherche button and let it run ( it may look like it freezes but let it continue )
• Once it is done click the Suppression button and let it remove anything it finds.
• Close the program

NEXT:

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• For Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read the guide by Rorschach112 on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[invinciblebjk]

Hi...

Thanks again for the help and the recommendations, I really appreciate it!

I hope I never get such an annoying trojan ever again

Thanks again CatByte...

[CatByte]

You are more than welcome

Stay safe

CB

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.