IE will not load keeps saying "has encountered a problem and needs to close"

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lch915, Aug 11, 2005.

  1. lch915

    lch915 Private E-2

    Help please. I was on AOL when all of a sudden my pages stopped loading. I still have access to my email and I can IM people. I checked my IE and the pages loaded halfway, now they won't load at all I keep getting a message saying "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Oddly enough the one page I can get to load is my login for my bank account...hmmm..suspicious much?? For a little while I had my MSN browser then that stopped working too. I ran all types of spyware scans, it found a few things but still hasn't fixed the problem. I know one thing I had was midaddle, I saw it on my list of programs, but after I ran the adaware and spybot it disappeared off that list so I assumed it was uninstalled. I had my mom send me the file to install the firefox browser, and so far I've had that for few days and it's working fine. However I still have no access to IE and my AOL is still not loading pages, although like I said I can still read my email and IM people. I followed all the steps in the thread to remove spyware except the online scans because it's telling me I need IE version 4 or above to run them, and when I try to download it tells me I have a newer version already installed on my machine. What is going on?? What can I do??? I'm so computer illiterate it's not even funny. Please help!
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Skip the online scanners for now and complete all the other steps in the order given. Then continue to follow the steps below exactly as written if you still have problems.


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
  3. lch915

    lch915 Private E-2

    I can't unzip HijackThis, my virus scan keeps popping up saying it detected a worm and it automatically deletes the file. Am I doing something wrong?
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are probably running McAfee and do not have your updates. They fixed that bug many months ago. It is a McAfee issue. Either get your McAfee updates or shut it down while doing HijackThis. It would be best to get your updates or you will keep loosing HijackThis when McAfee runs.
     
  5. lch915

    lch915 Private E-2

    OK, I think I did this right. Here is my log file.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should uninstall SpyKiller. It is a rogue. See the info here: http://www.spywarewarrior.com/rogue_anti-spyware.htm


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\system32\j?vaw.exe

    After killing all the above processes, click "Back".
    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {BC611F53-D6CA-A46A-B16C-FE7AE1B00DB6} - C:\WINDOWS\system32\krmpi.dll (file missing)
    O2 - BHO: (no name) - {BC611F53-D6CA-D26E-B11D-897A97C30DC6} - C:\WINDOWS\system32\krmpi.dll (file missing)
    O2 - BHO: (no name) - {BD611F22-D6BF-A11A-B16A-FC7A94B90DB5} - C:\WINDOWS\system32\krmpi.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [Vyowjp] C:\WINDOWS\system32\j?vaw.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Aimee Welter\Application Data\eetu.exe
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\Documents and Settings\Aimee Welter\Application Data\eetu.exe
    C:\WINDOWS\system32\j?vaw.exe <--- be careful with this one, the ? can be any number of characters. Also, java.exe and javaw.exe are valid files which you do not want to delete. They are very small (about 25 to 30 Kbytes). The bad file will probably be much larger (like 200 to 400 Kbytes).

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  7. lch915

    lch915 Private E-2

    I did everything except delete "C:\Documents and Settings\Aimee Welter\Application Data\eetu.exe
    and
    C:\WINDOWS\system32\j?vaw.exe"

    I looked for them manually and couldn't find them, then I did a search for them, still nothing...are they not there? I don't know, but I completed every other step and the problem is not fixed. Also when I rebooted the computer did a system dump and I had to reboot again. Now I'm having a problem attaching my new log file. I'm clicking on manage attachments and nothing's happening What's up? Thanks for your help!
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sometimes HJT can delete files when lines are fixed. I would bet the j?vaw.exe is still there though. These kind of problem files do not normally get deleted by HJT. Are you sure viewing of hidden & system files is enabled.

    Try posting your log again as an attachment. If it still does not work, paste it in line and I will attach it for you.
     
  9. lch915

    lch915 Private E-2

    OK here is my second HJT log. I searched for those files again making sure it searched in system folders, hidden folders, and subfolders and still came up with nothing. BTW, did you see anything that relates to midaddle? Because I know my computer had been infected with that...I'm just not sure if the problem was taken care of with the spyware scans. Thanks!
     

    Attached Files:

    Last edited: Aug 12, 2005
  10. lch915

    lch915 Private E-2

    Now my firefox browser is starting to act up...I'm afraid I'm losing this as well!!
     
  11. lch915

    lch915 Private E-2

    Now when I reboot my Solo Antivirus is giving me this message:
    Modified Entry
    FileName: %systemroot%/system32/dumprep 0 -k

    It says if I've installed new programs click accept, but it may be a worm or backdoor trojan trying to take over the system. What is this??? What do I do??? I clicked skip for now, the options are: skip stop fix accept
     
  12. lch915

    lch915 Private E-2

    Well...I'm not sure what I did, but my computer seems to be up and running again. Thanks so much for all your help!
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Define the word "search". If you used Windows search that is not what I asked you to do. I said use Windows Explorer not Windows Search. Windows Search requires other options to be set inorder to locate hidden or system files.

    At anyrate, your log is now clean. If you are no longer having problems, enable system restore and check out the steps in the below thread to help keep you clean:

    How to Protect yourself from malware!
     
  14. lch915

    lch915 Private E-2

    I think I used Windows Search, from the start menu, I'm not sure how to search for files with Windows Explorer. Anyway, whatever you had me do put my computer back in order so thanks a lot. The only issue I'm having now is that my games won't load...solitaire, spider solitaire, and the internet spades. Any ideas?
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!

    Please discuss your final problem in either the Software Forum or maybe even the Games Forum.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds