IE cannot display webpage on Acer Aspire

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by linuxpowers, Jul 7, 2015.

  1. linuxpowers

    linuxpowers Corporal

    I'm working on an Acer Aspire 5532 laptop with Windows 7 Home Premium.

    When I first started this laptop, I was getting all kinds of malware and adware screens popping up. I noticed Norton Antivirus was installed but expired.

    At the time, I was able to start IE (version 9) and download MBAM. I ran a full scan and it found about 2000 instances to quarantine and delete. I rebooted and ran it again and found about the same. After rebooting and running it again, it found 3 instances, with one being labeled, "Trojan. Vundo".

    At this time, I was still able to run IE so I downloaded Superantispyware and ran a full scan with that. It found several instances of Adware, one Browser Hijacker and one Trojan.Agent/Gen-Genio.

    After that, I found that when I started IE, I would get a message that "Internet Explorer cannot display the wepage"! At that time, I was connecting to the internet via WIFI broadcast from my DSL modem. I decided to connect directly so I hooked up a Ethernet cable instead and checked out everything to make sure I had a good internet connection. Once again, IE gave the same error message. I wanted to see if it was just IE that was having the issue so I started Internet Spades and it connected to the server and started a game. I also noticed that this computer has not been updated since 2013 so I picked out one update and watched as it completed the update.

    So, it appears that other than the malware, adware and whatever that is still lurking on this computer, the issue I seem to be having is the IE error!

    So now, the only way I'm able to get anything done on the laptop is by viewing my "Public" account on my personal desktop while connecting through my home network.

    I came back to MajorGeeks and ran through the READ & RUN ME thread. I've posted the scans from that process!
     

    Attached Files:

    linuxpowers, Jul 7, 2015
    #1
  2. linuxpowers

    linuxpowers Corporal

    I had to split the log for HitmanPro due to it's size so I'm sending MGlogs in this post!
     

    Attached Files:

    linuxpowers, Jul 7, 2015
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there, just reviewing the logs, will post back asap :)
     
    Kestrel13!, Jul 7, 2015
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Uninstall this garbage:

    • ShopAtHome.com Toolbar
    • GamesBar 2.0.1.82
    • Fast Search
    • Babylon toolbar on IE

    Re run Hitman Pro and have it remove all that it's finding. Also have it address the item on the "Repairs tab"


    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {98889811-442D-49dd-99D7-DC866BE87DBC} : Babylon Toolbar -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} : -> Found
    • [PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} : -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} : -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnUpdater : "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\Software\Microsoft\Windows\CurrentVersion\Run | SearchEngineProtection : C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\Software\Microsoft\Windows\CurrentVersion\Run | SearchEngineProtection : C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe -> Found
    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Re run both RogueKiller and Hitman (just scans this time) and attach new logs.


    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
    Kestrel13!, Jul 7, 2015
    #4
  5. linuxpowers

    linuxpowers Corporal

    OK! Everything is looking pretty good. IE is now working and pages are being loaded. I haven't tried much of anything else but I do notice a couple windows updates that need attention.

    No problems with any of the instructions...everything seemed to go as planned. I did notice that when looking for the registry keys you asked me to delete with RK, I could only find two (2) in the list...that had the same "value"! There were others that RK had highlighted as potential threats.

    Otherwise, everything went as planned!!! Scans attached below:
     

    Attached Files:

    linuxpowers, Jul 8, 2015
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Little bit left to do.

    Re run Hitman Pro and have it remove Potential Unwanted Programs.


    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
GenieoUpdaterService"=-
[HKEY_USERS\S-1-5-21-2423382148-409473631-545352023-1000\Software\Microsoft\Windows\CurrentVersion\run]
GenieoUpdaterService"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]

:Files
C:\Users\Nia Logan\AppData\Roaming\Genieo

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


    Everything still running nicely? :)
     
    Kestrel13!, Jul 8, 2015
    #6
  7. linuxpowers

    linuxpowers Corporal

    Alright, no problems with the instructions and everything seems to be running correctly. ;)
     

    Attached Files:

    linuxpowers, Jul 8, 2015
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you comfortable enough in the Windows Registry to delete a few keys?
     
    Kestrel13!, Jul 9, 2015
    #8
  9. linuxpowers

    linuxpowers Corporal

    Yes, I am! Point me in the right direction. Also, should I backup my registry before I do so?
     
    linuxpowers, Jul 9, 2015
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes if you like. You need to delete what Hitman is still finding. ;) Once done, reboot the machine, rescan with Hitman and attach new log.
     
    Kestrel13!, Jul 9, 2015
    #10
  11. linuxpowers

    linuxpowers Corporal

    Look better?
     

    Attached Files:

    linuxpowers, Jul 9, 2015
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Much, much better. :) All clear now.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jul 10, 2015
    #12
  13. linuxpowers

    linuxpowers Corporal

    Well, everything is running kinda slow right now. I installed CCleaner and it takes forever to load up. Comes up one pane at a time.

    At first I thought it was just going through an indexing process but when I took a look at that, indexing was complete.

    So, I took a look at what was slowing it down and found svchost.exe (netsvcs) is hogging 100% cpu. Found about 5 different services running. I was eyeballing WINDOWS DRIVER FOUNDATION or wudfsvc when I noticed I had some windows updates available. I had already managed the updates after running the clean-up process from the malware scans but when I went to windows update, it now says I have 153 important updates and 12 optional!

    When I viewed the update history, I saw failed installations dating back to 2013. When I scroll to the bottom of the available updates in Windows Update, I see updates dated 2013! So, I'm assuming thats when the owner of this laptop started having issues and that's when this laptop got thrown under the bed!!!

    I'm guess I'll take the time to update them all and see what happens.
     
    linuxpowers, Jul 11, 2015
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    None of this is topic for the malware forum. ;) You can post about it in software if need be. Best of luck.
     
    Kestrel13!, Jul 11, 2015
    #14
  15. linuxpowers

    linuxpowers Corporal

    Well going through the updates is getting to be impossible..everything is so slow! I see the hard drive light steadily flashing as though the hard drive is being accessed but update is just sitting there.

    I now try to bring up task manager but only part of the screen is showing. it will only give me a list of processes...no other choices. I can't get anything to come up, the hard drive light just stays on.

    I tried to start Malwarebytes to see what would happen but it wasn't responding. I finally tried Superantispyware, just for grins, and it came up, and found 4 PUP's. I'm trying to do a full scan but with netsvcs running the cpu at near 100%, the scan is taking forever.
     
    linuxpowers, Jul 11, 2015
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I really don't think this sounds like Malware at all, and PUP's are exactly that... potentially unwanted programs. As in they may be needed or wanted by yourself. If you think you have malware then just go thru all the procedures again, attach logs and if I find nothing, you will have to post about this in software.
     
    Kestrel13!, Jul 11, 2015
    #16
  17. linuxpowers

    linuxpowers Corporal

    ok, I think I will go through the cleaning process again. Do you want me to start a new thread or just continue to post here?
     
    linuxpowers, Jul 11, 2015
    #17
  18. linuxpowers

    linuxpowers Corporal

    since I'm having such a big issue with this cpu usage, I'll go to the software threads first and if I still feel like a malware issue is pending, I'll come back later!!

    Thanks for your help, I appreciate all you do! -linuxpowers
     
    linuxpowers, Jul 11, 2015
    #18
  19. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Most welcome. ;)
     
    Kestrel13!, Jul 11, 2015
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds