Solved

"Extra antivirus" killed acces to gmail and igoogle

Posted on 2009-05-06
3
436 Views
Last Modified: 2013-12-08
My daughter's laptop got infected with "extra antivirus".  StopZilla removed it, but she can't access either gmail or igoogle with IE of Firefox.  Any suggestions?
0
Comment
Question by:ericallanoberg
3 Comments
 
LVL 2

Expert Comment

by:FatManc
ID: 24320370
Hi,
 
Thanks for posting to Experts Exchange.
 
The first thing you must do is download the following malware scanner
 
MalwareBytes Anti-Malware (MBAM)  http://www.malwarebytes.org  
 
Also download the following to your desktop but dont run it.
 
ComboFix  http://www.bleepingcomputer.com/combofix/how-to-use-combofix  
 
Another useful tool is:
 
HiJack This - http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html  
 
Download all three products above to your desktop and follow the instructions below.
 
MBAM Instructions
Firstly install MBAM, allow it to update if necessary and select Quick Scan. Let it do its thing and then if anything is found at the end, choose the remove selected option. The machine may ask to be rebooted, do this and then re-run the scanner to see if all has been removed.
 
If all has been removed but youre still have problems then ComboFix is your friend.
 
ComboFix Instructions
Disable all your AV products and close all open windows and then double-click on the ComboFix icon on your desktop.
Accept the defaults at any prompts.
A blue screen will appear and you may lose your desktop. This is normal.
It can take up to 20 mins for the software to run. DO NOT RUN ANYTHING whilst its going through.
Once the log file is displayed on the screen close it down and then re-run MBAM.
 
If all looks clear then download a reliable AV product such as AVG, Kaspersky or Avast! They are all free and can be found via Google. Get the lastest update for it and allow it to do a scan. It should come back clear.
 
If youve followed all this and still havent had any success then run HiJack This in Save Logfile mode. Copy and paste the logfile in to this message and well take a look.
 
Thanks
John
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24320566
Smitfraudfix takes care of Extra antivirus,  so I would suggest using it first.

Sometimes there will be other nasties present in the system as well so if you're still having problem afterwards, you can then run other scanners like Combofix or MalwareByts as already suggested.

Please download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
0
 
LVL 1

Accepted Solution

by:
sidorak95 earned 500 total points
ID: 24332125
You may want to check your hosts files. Go to Start>My Computer>C:>WINDOWS>system32>drivers>etc>hosts
If it asks you what software to use, select notepad. You can ignore the lines that start and end with #. The only other line that should be there is :
127.0.0.1  localhost
If you find something else, delete it and save. If it says "Access Denied", go back to the hosts folder, right click hosts, and click Properties. Uncheck read-only. Than save.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now