jamjar

CLOSED “This site may be hacked” message in a Google search result

Recommended Posts

Hi

I didn’t notice the above message and visited the site (www. craiggottlieb. com). I didn’t enter any information, click on anything or log in. I wasn’t redirected to another site.

I use EAM for real time protection and didn’t get any warning message.

I subsequently used VirusTotal to scan the site and the results showed it was clean. I ran a Malware Scan with EAM and nothing was detected.

I posted on the EAM forum and GT500 suggested I ask for help here in checking my PC is clean of any infection.

Share this post


Link to post
Share on other sites

Hello,

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1933930236-2360456301-1957462197-1000 -> {D62F85C6-B554-43CD-BF5A-39EE9C4B62D4} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2017-01-25 00:08 - 2017-01-25 00:08 - 00000000 ____D C:\ProgramData\793eec09-4054-43b2-a0c6-9334af423dcf
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\ProgramData\6bd18cc7-05e8-4ea0-9560-8ef2ff20ad2b
2017-01-02 00:36 - 2017-01-02 00:36 - 00000000 ____D C:\ProgramData\2badc26a-3a11-41ec-aa25-f97544757041
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1024 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1076 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1174 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:331 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:512 [0]

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Fixlog attached. The tool didn't need a restart and I didn't see any warning about an outdated version but there is a folder called FRST-OlderVersion on the Desktop.

Fixlog.txt

Share this post


Link to post
Share on other sites

I've never got that message in other Google search results to date.

I still get it for the site I mentioned in my original post. 

I understand it's a Google security feature. That's why I was concerned when I didn't notice the message and visited that site. 

Also, just to say it's not my site.

Share this post


Link to post
Share on other sites

Did you find any infection or anything wrong on my pc?

Can I now remove Emsisoft Emergency Kit and Farbar Tool?

How do I uninstall them?

Share this post


Link to post
Share on other sites

No actual malware, but there were some broken registry entries, Alternative Data Streams, and three folders that needed to be fixed.  Otherwise your logs look fine.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

  • Click the Run button.


When the tool is finished, a log will open in notepad. I do not need the log.  You can close Notepad.

Empty the Recycle Bin

Download to your Desktop:
- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner


Run CCleaner

  • Open the CCleaner Folder on your Desktop and double-click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • Click "Options" and choose "Advanced"
  • Uncheck "Only delete files in Windows Temp folders older than 24 hours"
  • Then go back to "Cleaner" and click the "RunCleaner" button.
  • Exit CCleaner.


You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delte the EEK for in the of your System Srive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Sorry for not waiting for your reply but I went ahead and deleted the C:\EEK and C:\FRST folders and the desktop icons and logs that were created.

I turned off system restore before I asked for assistance but I’ll turn it back on now. On checking, there were no Windows updates available.

Should I still run Delfix and CCleaner?

I’d like to thank you for your time and expertise.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.