Solved

"Extra antivirus" killed acces to gmail and igoogle

Posted on 2009-05-06
3
476 Views
Last Modified: 2013-12-08
My daughter's laptop got infected with "extra antivirus".  StopZilla removed it, but she can't access either gmail or igoogle with IE of Firefox.  Any suggestions?
0
Comment
Question by:ericallanoberg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:FatManc
ID: 24320370
Hi,
 
Thanks for posting to Experts Exchange.
 
The first thing you must do is download the following malware scanner
 
MalwareBytes Anti-Malware (MBAM)  http://www.malwarebytes.org 
 
Also download the following to your desktop but dont run it.
 
ComboFix  http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
 
Another useful tool is:
 
HiJack This - http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html 
 
Download all three products above to your desktop and follow the instructions below.
 
MBAM Instructions
Firstly install MBAM, allow it to update if necessary and select Quick Scan. Let it do its thing and then if anything is found at the end, choose the remove selected option. The machine may ask to be rebooted, do this and then re-run the scanner to see if all has been removed.
 
If all has been removed but youre still have problems then ComboFix is your friend.
 
ComboFix Instructions
Disable all your AV products and close all open windows and then double-click on the ComboFix icon on your desktop.
Accept the defaults at any prompts.
A blue screen will appear and you may lose your desktop. This is normal.
It can take up to 20 mins for the software to run. DO NOT RUN ANYTHING whilst its going through.
Once the log file is displayed on the screen close it down and then re-run MBAM.
 
If all looks clear then download a reliable AV product such as AVG, Kaspersky or Avast! They are all free and can be found via Google. Get the lastest update for it and allow it to do a scan. It should come back clear.
 
If youve followed all this and still havent had any success then run HiJack This in Save Logfile mode. Copy and paste the logfile in to this message and well take a look.
 
Thanks
John
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24320566
Smitfraudfix takes care of Extra antivirus,  so I would suggest using it first.

Sometimes there will be other nasties present in the system as well so if you're still having problem afterwards, you can then run other scanners like Combofix or MalwareByts as already suggested.

Please download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php 

Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
0
 
LVL 1

Accepted Solution

by:
sidorak95 earned 500 total points
ID: 24332125
You may want to check your hosts files. Go to Start>My Computer>C:>WINDOWS>system32>drivers>etc>hosts
If it asks you what software to use, select notepad. You can ignore the lines that start and end with #. The only other line that should be there is :
127.0.0.1  localhost
If you find something else, delete it and save. If it says "Access Denied", go back to the hosts folder, right click hosts, and click Properties. Uncheck read-only. Than save.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question