sears.com rejected by mozilla

August 23, 2014 at 12:10:51
Specs: Windows 7
I try to go to www.sears.com and get white screen with word rejected. Read "Site blocked Sears.com all of a sudden" thread but am I really infected? Do I need to go thru all those machinations? I have a new PC and installed some things BEFORE I installed the Avast antivirus. Dumb.

See More: sears.com rejected by mozilla

Report •


#1
August 23, 2014 at 12:39:03
Firstly get yourself a virus checker - there are good freebies about.

Next, download install and run MalwareBytes - green icon top right here:
http://filehippo.com/download_malwa...

Also download and Save the file from here (blue icon top right):
http://www.bleepingcomputer.com/dow...
Double click the saved file then do the Scan. It is usually safe to then do the Clean but there are options in the table.

Keep all logs because more detailed attention might be required.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
August 23, 2014 at 12:59:27
Will do. Thanks much for the quick reply and I'll give it a shot. I'll let you know how it goes. Thanks again!

Report •

#3
August 23, 2014 at 14:10:02
Derek

As you suggested:

I got Malwarebytes and ran it -- quarantined one file:
Type: Registry Key; Action: Quarantined; Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CtlMngSvc

I got AdwCleaner from bleepingcomputer and ran it -- found files in the Registry and Firefox tabs to deal with. There are twelve files all of Type "Key" and the Key begins with: HKLM\SOFTWARE\Classes\CLSID then a series of letters and number separated by hyphens. In the Firefox tab the result shows: ###### C:\Users\SmithArthur\AppData\Roaming\Mozilla\Firefox\Profiles\fwhnd92j.default\prefs.js ######

I kept the logs for both processes. But now I'm not confident in how to proceed. Should I go ahead and take action "exclusion" or "ignore once" from the Malwarebytes scan? Then Clean the files found by AdwCleaner?

Nervously standing by. (I don't like messing with things when the word "Registry" is involved!) -- Kathi


Report •

Related Solutions

#4
August 23, 2014 at 14:17:24
You did the right thing to quarantine CtlMngSvc with MalwareBytes - it's a baddie. Do not "exclude" or "ignore once" or it will be back.

Mostly CLSID's reported by ADWCleaner are bad too. The firefox entry is probably just for information and will not have a check mark against it. Should be OK to now run the Clean but if you prefer me to have a peek at it first then just copy/paste the log on here.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
August 23, 2014 at 14:27:37
Your solution sounds grand. I'll just leave that one file quarantined? And here's the ADWCleaner log:

# AdwCleaner v3.308 - Report created 23/08/2014 at 14:27:12
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : SmithArthur - SMITHARTHUR-PC
# Running from : C:\Users\SmithArthur\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\SmithArthur\AppData\Roaming\Mozilla\Firefox\Profiles\fwhnd92j.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1751 octets] - [23/08/2014 14:27:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1811 octets] ##########


Report •

#6
August 23, 2014 at 14:51:19
Yes, quite a collection there. Let ADWCleaner Clean them all.

See if you still have a problem. Best run both programs again to verify nothing has crept back.

Always pop back and let us know the outcome - thanks


Report •

#7
August 23, 2014 at 15:36:19
After deleting the files AdwCleaner found, run this.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#8
August 23, 2014 at 15:52:03
Great, will do. I now have a clean scan from both MalWareBytes and ADWCleaner. Gotta go to town for a prior commitment so will have to run the Junkware procedure when we get back in a few hours. So sorry to abandon the project after your extreme helpfulness.

Thanks again.


Report •

#9
August 23, 2014 at 15:53:15
Oops. Didn't see who I was talking to. Thanks to both Derek and John. PS Got clean scans but still can't get to www.sears.com so hopefully the Junkware procedure will help.


Report •

#10
August 23, 2014 at 15:53:55
"so will have to run the Junkware procedure when we get back in a few hours"
That's fine Kathi.

Report •

#11
August 23, 2014 at 16:37:06
"but still can't get to www.sears.com so hopefully the Junkware procedure will help"
It will help Kathi, but there will be more steps, it's a matter of dismantling the nasties layer by layer.

Derek will probably be in bed now, I'm here.
http://www.timeanddate.com/worldclo...

message edited by Johnw


Report •

#12
August 23, 2014 at 17:12:49
Kathi & Johnw

Just off to bed. I made a meagre start and hope it helped but if Johnw is willing I am more than happy to let him continue on here. Looks like you've copped quite a bit and as far as I'm concerned John is our big gun as far as wrinkling out all the nasties is concerned.

Happy of-course to assist in continuing John's flow (where possible) when he's not around.

Nite (from UK)

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#13
August 25, 2014 at 13:00:34
Finally I'm back. From Johnw's last post on runing the Junware Removal Tool -- I'm confused. Do I have to go to/run all six of the downloads you listed or just one (or more...) I hate to seem dense, just don't want to make any mis-steps.

Again, thanks so much for all you've done to help me. Please clarify about the JRT tool download.

Kathi (from Colorado in the USA)


Report •

#14
August 25, 2014 at 13:16:41
Nope, you only have to use one of the downloads of JRT. Johnw just gave you some alternative download locations and additional information about how to do so and what to disable before running it.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#15
August 25, 2014 at 13:37:51
Thought so. Just wanted to make sure I don't make any dumb mistakes along the way. I'll give it a shot.

Report •

#16
August 25, 2014 at 14:12:25
I turned off the antivirus before I ran JRT. Then turned it back on. Here's the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by SmithArthur on Mon 08/25/2014 at 14:55:20.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/25/2014 at 15:03:13.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#17
August 25, 2014 at 14:53:17
That was clean.

Not sure what Johnw was planning next but while you are waiting try turning off your router for about 30 seconds. You might have to wait a while to get online after you switch it back on so be patient. See if that makes any difference to your issue.

[A full router reset would be better but it might then need setting up all over again]

Also let us know whether you get the same issue with Internet Explorer or any other browsers you have available.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#18
August 25, 2014 at 15:23:24
Will do. Thanks much.

Report •

#19
August 25, 2014 at 15:24:53
Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif

message edited by Johnw


Report •

#20
August 25, 2014 at 15:53:57
Just realized your AdwCleaner log doesn't show you cleaned out the problem files.
If you haven't, run it again.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

EDIT: Kathi I see you did report that Malwarebytes & AdwCleaner logs are clean,

message edited by Johnw


Report •

#21
August 25, 2014 at 17:26:53
RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

After running TFC, let me see these logs please.
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/


Report •

#22
August 25, 2014 at 18:32:25
http://www.sevenforums.com/tutorial...
The link above will help you to get sears.com working on your computer....
EDIT: sorry, I just noticed you are using firefox...maybe try to see if IE will open it for you....

HELP in posting on Computing.net plus free progs and instructions

message edited by XpUser4Real


Report •

#23
August 26, 2014 at 08:45:23
Howdy. Updated MalWareBytes and checked Rootkits box. Did the quick scan. Here's the log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 9:25:01 AM
Logfile: Malware scan 08262014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.26.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SmithArthur

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297704
Time Elapsed: 10 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Now I'm moving on to TFC...
(PS Good morning!)


Report •

#24
August 26, 2014 at 08:54:54
By the way, I can now get to sears.com (I don't even CARE about sears.com hee hee) in both Firefox and IE. But I feel like I need to continue on with the process you've laid out for me. What do you think?

Report •

#25
August 26, 2014 at 09:10:13
Good idea to continue with the process John has started.

For the future, most malware is picked up by downloading free programs. Avoid "downloaders", you don't need them and they are often bad.

1. Always Google any program you are interested in with the word malware, scam, or similar in the search line. Often there are known bad programs but you have to read between the lines.

2. Always look out for unwanted goodies and uncheck them. Sometimes there is a "Recommended" or "Quick" install. If there is a "Custom" install go for that instead. Sometimes this is where you will find a list of dubious addons that you can uncheck.

3. After installing a free program at least run ADWCleaner and MalwareBytes. These are not the "be all and end all" but they are good at showing up that something awry is going on which should be nipped in the bud.

4. There is a lot to be said for having SpywareBlaster on board and updating it every two weeks. This can prevent access to some spyware and prevention is better than cure. I also favour CryptoPrevent, which blocks quite a lot these days, but that is personal opinion.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#26
August 26, 2014 at 09:15:22
Derek -- Thanks much for the advice. I've certainly learned my lesson here! I THOUGHT I was being careful but.... So glad you two could bail me out.

John -- Forgot to save the first TFC log but it said it claened 714 MB. I ran it again and here's the log:
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: SmithArthur
->Temp folder emptied: 1039360 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124599 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 1.00 mb

Move on to Farbar Recover Scan Tool now? Thanks again.


Report •

#27
August 26, 2014 at 09:41:55
John is (hopefully) having a good nights sleep right now so will be away for a few hours. It looks like TFC has done its job so I reckon its OK to move on to Farbar while you are waiting, which will keep things rolling.

Always pop back and let us know the outcome - thanks


Report •

#28
August 26, 2014 at 15:36:00
Thanks Derek & Kathi, yep shall check the Farbar logs for anything lurking.

Report •

#29
August 27, 2014 at 13:31:27
Unexpected out-of-state guests so I have today to get the house in order and put together a meal for 18 people tomorrow. Yikes. I'll be back on Friday.

Report •

#30
August 27, 2014 at 15:44:36
We have expected guests, only 2, staying here 4 days. Everybody is still asleep.
Great to hear you have cooking skills, entertaining at home I think is by far the best.

Report •


Ask Question