[kitchensinks.n0t] New Google & Gmail KILLER, can't get on google.com and Gmail is sending an unverified certifi Options

[TheAvanteGuardia...]

Scanned the net and this appears to be new.

What's happening:

1. when I try to log onto www.google.com with Firefox OR IE I get a blank page with nil but a "0" in the upper left hand corner.

2. when I try to log into Gmail, I'm asked to accept what is reported to be a source-unverified certificate from kitchensinks.n0t (I refuse to accept it, and then can't get into gmail)

At surface level it appears to be designed to kill Google and Gmail.

Ran Ad-Aware 2008 with latest definitions file, it doesn't find anything.

Please Advise.

regards,
Tag.
********************************

FYI This Google Killer thing is spreading - threads now reporting this problem:

TWATEOTU GoogeKiller Kitchensinks.n0t Threat Report

Google Forums GoogleKiller Kitchensinks.n0t Threat Report

Mozilla Forums GoogleKiller Kitchensinks.n0t Threat Report

Warrior Forums GoogleKiller Kitchensinks.n0t Threat Report

Tag.
*******************************************
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\AOL\1207717550\ee\AOLSoftware.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Yahoo!\Common\YMailAdvisor.exe
E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\AOL 9.0a\waol.exe
E:\Program Files\TurboNote\tbnote.exe
C:\WinXPdownloads\ObjectDock\ObjectDock.exe
e:\program files\common files\aol\1207717550\ee\services\antiSpywareApp\ver2_0_11\AOLSP Scheduler.exe
e:\program files\common files\aol\1207717550\ee\aolsoftware.exe
E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tmods.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1207717550\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YMailAdvisor] "E:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Flashget] E:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WinXPdownloads\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TurboNote.lnk = E:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207803704651
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C2EE33C-7212-4773-981C-EF0C03F7BE47}: NameServer = 205.188.146.145
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8406 bytes
***************************************
This Win XP system is fairly minimalist, so maybe this might help any pros out there track down a possible injection source:

IE 6 128 bit addons/extensions:

Java Plug-in 1.6.0_06
Using JRE version 1.6.0_06 Java HotSpot™ Client VM

Flashget (not working/file not found)

no external toolbars or search bars or the like installed in IE.

FireFox 2.0.0.11 addons/extensions:

Adblock Plus 0.7.5.3
CustomizeGoogle 0.71
ER online 1.0 (Exit Reality Online Toobar Button Extension)
Flashgot 0.9.5
Secure Login 0.9.1.1
Tab Mix Plus 0.3.6

Windows Add/Remove Programs (recent)

Adobe Flash Player 10 plugin
Adobe Flash Player Active X
AIM 6
Exit Reality
Flashget 1.9.6.1073
getPlus®_ocx
Java™ 6 update 6
The Weather Channel Desktop 6
Viewpoint Media Player
Steam
Xfire
TurboNote+ 6.3

Recently Appeared on Start Menu:

Remote Assistance.

Last Installed Program/Game:

Dracula - The Last Sanctuary. Old game picked up at lawn sale. 2 CD game, both originals/not burns.

of possible interest

Could be a coincidence but I notice a lot of people, all people in fact (that mention their ISP by name) that have reported this kitchensinks.n0t googlekiller problem, mention they're with AOL.

The one that seems to throw that, is the person with the Mac reporting encountering this kitchensinks.n0t googlekiller, but they didn't mention which service provider they're with.

Hope this helps.

If there's anything else I can do to help, just let me know.

Tag

P.S: If You're reading this and are also 'aving this problem, You can help solve this by Downloading HiJackThis it's a quick small (800K) program that will create a text log-file that you can then paste here, for the pros to analyze.

Tag

This post has been edited by casey_boy: Oct 23 2008, 08:12 AM

[LS CalamityJane]

Hello Tag,

Your HijackThis log is clean and there is no sign of this being due to a hidden infection

If your antivirus and antispyware scans have come up clean, I think you can rest assured that this is not infected.

Perhaps, for answers on the Gmail and Google question, check with them to see what's going on with this certificate.

[Raziel v. Nosgot...]

Hi
pls check this link.
Maybe it's helpful .
Regards
Raziel

[TheAvanteGuardia...]

Hello Tag,

Your HijackThis log is clean and there is no sign of this being due to a hidden infection

If your antivirus and antispyware scans have come up clean, I think you can rest assured that this is not infected.

Perhaps, for answers on the Gmail and Google question, check with them to see what's going on with this certificate.

Thanks CalamityJane.

I seem to be running without the problem (currently)

I quick-restored my AOL and rebuilt my AOL adapter using one-click fixes, and applied some other changes to my system, the problem hasn't re-occured for me, since then.

The msg thread containing the steps I took is here for anyone that runs into this problem:

http://www.theendoftheuniverse.ca/node/1201

However new people are reporting encountering the problem all the time. So if it's not an infection on our end, then it must be a problem on their end.

Both AOL and Google have been informed, so perhaps they'll get to fixing it sometime soon.

(it was suggested in google groups that this may be a DNS/Nameserver poison-cache attack on AOL and that AOL needs to apply a patch against it on their server-side end)

Circumstantially I notice all 3 people that have reported the problem here, have the same nameserver.

maddjak
O17 - HKLM\System\CCS\Services\Tcpip\..\{9351D064-31E3-49F6-9485-09A84E048F0C}: NameServer = 205.188.146.145

dewhurst
O17 - HKLM\System\CCS\Services\Tcpip\..\{B512BFC7-666A-42EA-BA30-59C458DDC173}: NameServer = 205.188.146.145

me
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C2EE33C-7212-4773-981C-EF0C03F7BE47}: NameServer = 205.188.146.145

but I think we all would be using the same Nameserver, since we're all with AOL. So perhaps that logic is a bit circular? heh.

Anyway, thanks CJ, appreciated!

Tag

This post has been edited by TheAvanteGuardian: Oct 26 2008, 12:45 AM

[bigdanny]

It appears to be a dns issue with aol, there is a temporary fix for it here: http://hostwoot.com/forums/showthread.php?p=826#post826

[LS CalamityJane]

It appears to be a dns issue with aol, there is a temporary fix for it here: http://hostwoot.com/forums/showthread.php?p=826#post826

Thank you very much, bigdanny! That answers the question! Now we have an answer for anyone else that shows up with the same question

So, for any of you getting this scenerio, refer to the informative link bigdanny has posted (where another forum found and posted the information and solution). This affects AOL users and is a DNS issue