IE Wont Work?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ParaBeats, Nov 8, 2005.

  1. ParaBeats

    ParaBeats Private E-2

    Hi, i recently got hijacked by spy sheriff and the whole (your system is not safe desktop wallpaper)

    i i seemed to get rid of most problems , however now IE does not work at all? and my system is running on high resources and most things are slugging.

    here is a hijack this log, if anyone can help id much appreciate it.

    cheers
     

    Attached Files:

  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    You have HijackThis installed incorrectly and you have not completed our Standard Cleaning Porcedures.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis
     
  3. ParaBeats

    ParaBeats Private E-2

    ok ive run all the scans with the following

    Ad-Aware SE
    CCleaner
    Microsoft® Windows AntiSpyware
    SpyBot

    and got rid of anything bad found

    i cant run any of

    # Bitdefender agree to the license and then select Scan
    # Kaspersky On-line Scanner- read theRequirements and limitations
    # Trend Micro's Free Online Virus Scan
    # TrojanScan
    # Panda ActiveScan

    because my IE does not work and they all require IE.

    i dont no what else i can do without advice, ive read the tutorial and done what i can. im going to run my hijackthis how you guys said now and post log in a mo.

    Thanks for your time
     
  4. ParaBeats

    ParaBeats Private E-2

    My New HJT Log
     

    Attached Files:

  5. ParaBeats

    ParaBeats Private E-2

    Sorry i posted the wrong log heres the new one.
     

    Attached Files:

  6. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Using Add or Remove Programs in the Control Panel uninstall the following:
    Download
    - Pocket Killbox

    In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:
    Choose Kill Process

    Now scan and have HJT Fix the following:
    Now run Pocket Killbox:

    Choose Tools -> Delete Temp Files and click OK.

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.
    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

    Now boot into SAFE MODE

    Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)
    Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

    Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    REBOOT to Normal Mode.

    Post a fresh HijackThis log as an ATTACHMENT.
     
  7. ParaBeats

    ParaBeats Private E-2

    New Log
     

    Attached Files:

  8. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    I see that you have Ewido install, please update your definitions and run an Ewido scan according to this thread:
    Running Ewido Security Suite


    Also do the following:

    Run CCleaner before doing the below.

    Download WinPFind

    Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

    When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.
     
  9. ParaBeats

    ParaBeats Private E-2

    I had to run my Ewido Security Suite scan in 'Normal Mode' as safe mode isnt working correctly

    here are my to logs requested.

    oh and my IE seems to work now after those scans, so ill wait untill your reply before i do any other scans.

    Thanks for your time
     

    Attached Files:

  10. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Now scan and have HJT Fix the following:
    Copy the contents of the below quote box into Notepad and Save As RegFix.reg to your Desktop
    Now double-click on RegFix.reg and answer 'Yes' when asked if your want to merge with the registry.

    Now boot into SAFE MODE

    Open Windows Explorer navigate to and DELETE the following:
    Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

    Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    REBOOT to Normal Mode.

    Post a fresh HijackThis log.
     
  11. ParaBeats

    ParaBeats Private E-2

    New HJT Log
     

    Attached Files:

  12. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    hgqhp.exe is still there.

    Please download Spy Sweeper


    • Click the link above to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory
      • Sweep Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Contents of Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.
     
  13. ParaBeats

    ParaBeats Private E-2

    hgqhp.exe is gone now i missed that part sorry
     

    Attached Files:

  14. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Scan with HijackThis and fix the following:
     
  15. ParaBeats

    ParaBeats Private E-2

    i deleted the other 2 but it wont delete
    Code:
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    ?
     
  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file popfix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)
    Double-click on the popfix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge,
    click YES!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds