IE won't load

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by daselko, Mar 4, 2005.

  1. daselko

    daselko Private E-2

    ok so i'm running winxp, and I noticed that my internet explorer isnt loading up on my computer. Everytime I click the icon for IE, it acts as its gonna load, and then it doesnt. I look on my firewall(blackice) and it gives me the indication that the application was terminated.

    I then ran NAV2002 and i got 3 infected files...all from the virus called "trojan.byteverify". NAV couldnt repair the file, so i deleted them from the quarantine list.

    I followed the instructions on the symantec site on removing the virus, all by disabling system restore, restarting in safe mode, running NAV and then deleting it. I did it all, but when i ran NAV it didnt detect any viruses.

    Now, i still cant load IE, nor am i detecting any viruses. I ran AdAware SE, spybot, cwshredder and hijack this.

    I've been at this ****er for 5 hours and its driving me ****IN NUTZ!!!! pleeeeeease help!!
     
    daselko, Mar 4, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are able to download to this PC somehow. Follow the procedure below.

    To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download     HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message.(Do NOT copy/paste the log into your post).
     
    chaslang, Mar 4, 2005
    #2
  3. daselko

    daselko Private E-2

    Ok so I'm having this problem again(IE and Firefox not loading), I ran all the basic programs like Ad Aware, Spybot, Spyware Blaster, AVG, CCleaner, CWShredder and they all came back with nothing. I ran Hijack This and this is what I came up with:
     
    daselko, Sep 26, 2005
    #3
  4. daselko

    daselko Private E-2

    Logfile of HijackThis v1.97.7
    Scan saved at 12:58:42 PM, on 9/26/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Edit by chaslang: Inline, very old version of HJT removed
     
    Last edited by a moderator: Sep 26, 2005
    daselko, Sep 26, 2005
    #4
  5. daselko

    daselko Private E-2

    sorry I didn't load the hijack as an attachment, but when i click "manage attachments" it(the attachment thing) doesnt load.
     
    daselko, Sep 26, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have waited more than 6 months to respond and you have not follow the direction in my original message to you. Please run ALL the steps in the READ ME FIRST and follow the directions for downloading the proper version of HJT, installing it and using it.
     
    chaslang, Sep 26, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also note you version of Windows is way out of date. You must get update after all problems have been fixed.
     
    chaslang, Sep 26, 2005
    #7
  8. daselko

    daselko Private E-2


    I did run all the steps in the READ ME sticky, but I started a new thread b/c this new problem was similar to the last but not exactly the same. I also stated that I wasn't able to load the HJT attachment b/c of the issues with IE and Firefox(I was using the "my computer" address bar to access the net).

    I ran all programs earlier today (Ad Aware, Spybot, Spyware Blaster, AVG, CCleaner, CWShredder, etc) and got nothing. I'm sorry if it seems like I wasnt following your advice, but I did and still nothing seems to work. Please help....
     
    daselko, Sep 26, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All steps of the READ ME FIRST must be run. You did not run them all. The two online scanners do not show. Also my directions said to Download HijackThis 1.99.1 Your version has not been used in a couple years.
     
    chaslang, Sep 26, 2005
    #9
  10. daselko

    daselko Private E-2

    Ok so I went back, did a complete follow through with all the scanners, even the online ones, updated HJT and I got the following:

    RAV Scan Report:

    RAV Scan ReportStatistics
    Scanned files: 74714
    Scanned directories:5279
    Scanned archives:1437
    Size of the scanned files:201719825
    Packed files:2736
    Known viruses found:19
    Virus bodies:5
    Suspicious files:1

    Disinfected files:0
    Deleted files:0
    Renamed files:0
    Copied files:0
    I/O errors:0
    Warnings:0
    Corrupted files:0
    New files:225840
    Mail files:1809




    Found viruses
    File:C:\Documents and Settings\Adrian\Local Settings\Application
    Data\Identities\{858D5939-C0C5-4F14-B7A4-C5FE7DDE5485}\Microsoft\Outlook
    Express\Hotmail - Inbox.dbx->Message.95: (JMMBNFLO
    [Leftmargin])->(part0000:)->(IFRAME0000)
    Virus:HTML/IFrame_Exploit*Status:Infected

    File:C:\Documents and Settings\Adrian\Local Settings\Temp\Temporary
    Internet
    Files\Content.IE5\1OXDBHDV\ADL[1].CHM->/adl.htm->(SCRIPT0001)
    Virus:JS/Psyme.gen*Status:Infected

    File:C:\Documents and Settings\MOM\Local Settings\Temp\Temporary
    Internet Files\Content.IE5\LZPYY9NL\delayed[1].htm->(SCRIPT0000)
    Virus:JS/Noclose*Status:Infected

    File:C:\Program Files\Internet Explorer\dcwcwrlq.exe
    Virus:TrojanDownloader:Win32/Small.UGStatus:Infected

    File:C:\Program Files\Internet Explorer\fqmyettw.exe
    Virus:TrojanDownloader:Win32/Small.UGStatus:Infected

    File:C:\Program Files\Internet Explorer\lxdpfbgh.exe
    Virus:TrojanDownloader:Win32/Small.UGStatus:Infected

    File:C:\Program Files\Internet Explorer\vqa.exe
    Virus:TrojanDownloader:Win32/Small.UGStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd003.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd004.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd007.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd008.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd009.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd014.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd016.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd020.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd021.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd022.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd023.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\ISS\BlackICE\evd024.enc
    Virus:€!SQLSlammer.wormStatus:Infected

    File:C:\Program Files\WinRAR\Uninstall.exe
    Virus:Backdoor:Win32/Poebot.EStatus:Suspicious


    Bitdefender:

    BitDefender Online Scanner
    Scan report generated at: Tue, Sep 27, 2005 - 01:29:58

    Scan path: A:\;C:\;D:\;E:\;

    Statistics
    Time 00:30:25
    Files 77805
    Folders 5279
    Boot Sectors 2
    Archives 411
    Packed Files 31

    Results
    Identified Viruses 2
    Infected Files 2
    Suspect Files 0
    Warnings 0
    Disinfected 0
    Deleted Files 2

    Engines Info
    Virus Definitions 171814
    Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
    Scan plugins 2
    Archive plugins 10
    Unpack plugins 1
    E-mail plugins 1
    System plugins 1

    Scan Settings
    First Action Disinfect
    Second Action Delete
    Heuristics Yes
    Enable Warnings Yes
    Scanned Extensions exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
    Exclude Extensions
    Scan Emails Yes
    Scan Archives Yes
    Scan Packed Yes
    Scan Files Yes
    Scan Boot Yes


    Scanned File Status
    C:\Documents and Settings\Adrian\Local Settings\Temp\Temporary Internet Files\Content.IE5\1OXDBHDV\ADL[1].CHM=>/adl.htm Infected with: Exploit.ADODB.Stream.Gen
    C:\Documents and Settings\Adrian\Local Settings\Temp\Temporary Internet Files\Content.IE5\1OXDBHDV\ADL[1].CHM=>/adl.htm Disinfection failed
    C:\Documents and Settings\Adrian\Local Settings\Temp\Temporary Internet Files\Content.IE5\1OXDBHDV\ADL[1].CHM=>/adl.htm Deleted
    C:\Documents and Settings\Adrian\Local Settings\Temp\Temporary Internet Files\Content.IE5\1OXDBHDV\ADL[1].CHM Update failed
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Detected with: Adware.Wheaterbug.A
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Disinfection failed
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Deleted


    *Note* I am unable to upload any attachments under "manage attachments" b/c of my issues with IE and Firefox, I'm only using the address bar from "My Documents". With that being said,here is the new HJT log:
     
    daselko, Sep 27, 2005
    #10
  11. daselko

    daselko Private E-2

    *Note* I am unable to upload any attachments under "manage attachments" b/c of my issues with IE and Firefox, I'm only using the address bar from "My Documents". With that being said,here is the new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:15:21 PM, on 9/27/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ISS\BlackICE\blackd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\ISS\BlackICE\rapapp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ORL\VNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\KMaestro\Key_e.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ISS\BlackICE\blackice.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\KMaestro\WTS_KEY.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\DOCUME~1\John\LOCALS~1\Temp\Rar$EX43.119\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r1.attbi.com;<local>
    O1 - Hosts: 38.115.131.131 sk2.slsk.org
    O1 - Hosts: 38.115.131.131 www.slsk.org
    O1 - Hosts: 38.115.131.131 mail.slsk.org
    O1 - Hosts: 38.115.131.131 server.slsk.org
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...ieawards/ma03/zoomview/zvWindow.jhtml?photo=6
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/plugin/axversion/1000/printQuick.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100853249260
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.ritzpix.com/add/XUpload.ocx
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
     
    daselko, Sep 27, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow directions! You did not install HJT properly. You in fact did exactly what we request you not do. You are running it directly from the ZIP file using WinRAR to do this. See below:

    C:\DOCUME~1\John\LOCALS~1\Temp\Rar$EX43.119\HijackThis.exe

    Please extract hijackthis.exe to a safe folder of its own as indicated. In my message. Running it like you are running it will prevent you from getting any backups. Also running it on the Desktop prevents it from being run on other user accounts and could cause you to loose information due to cleanup procedures deleting files in the Temp folders.

    You must also run only ONE antivirus application. Pick whether you want AVG or Symantec and uninstall the other. However your Symantec application looks to be partially removed. You may need to run this: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004093015165236&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

    Do both of the above items before continuing! After doing the above move on to my next message.
     
    chaslang, Sep 27, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may need to uninstall BlackIce. It could be part of your problem. It is also strange that it is indicated as being infected although that report could be false positives.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).
    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    O1 - Hosts: 38.115.131.131 sk2.slsk.org
    O1 - Hosts: 38.115.131.131 www.slsk.org
    O1 - Hosts: 38.115.131.131 mail.slsk.org
    O1 - Hosts: 38.115.131.131 server.slsk.org
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...w.jhtml?photo=6

    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Sep 27, 2005
    #13
  14. daselko

    daselko Private E-2

    Ok thanks for all the help, your advice seemed to get things working, I really appreciate you being patient and helping me out. Here goes the new HJT log, lemme know if i need to fix anything else.

    Btw, since i uninstalled blackice, is there another firewall you can recommend or should I stick w/ blackice?

    also, what was it exactly that infected my computer causing my browsers unable to load?
     

    Attached Files:

    daselko, Sep 28, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not just have a single problem. You had several as indicated in the logs you posted from RAV and Bitdefender.

    You still have one major deficiency and that is the fact you OS is way out of date. You need to get your Windows Updates immediately. Not having them is one of the main reasons for you getting infected in the first place. So my suggestion, which will address your out of date OS and also your need for a firewall, is to follow the steps in the below link. I would recommend you do step 3 first to get the firewall in place and then go back to step 1 and work your way thru the remaining steps.

    How to Protect yourself from malware!
     
    chaslang, Sep 28, 2005
    #15
  16. daselko

    daselko Private E-2

    ok so i just spent the past two hours trying to get a windows update, and the installation was unsuccessful b/c I had the wrong product key or something rather. I have another win xp in a box that i can use, but i'm not sure about how to uninstall xp pro and then reinstalling it. Is this an easy task, also will I lose valuable info and files if i do reinstall?

    btw, i also downloaded another firewall, i got sygate, but I'm not feelingl the interface at all.
     
    daselko, Sep 29, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying you currently have XP Pro installed?
    Are you also saying that it is not a valid product that is license to you? (that's a problem)
    And you have a valid copy of WinXP home in a box?

    This whole discussion of uninstalling/reinstall etc would be better discussed in the Software Forum. But if your Win XP currently being is not legal, that is why you cannot get updated.

    I'm not sure what you are trying to tell me. Are you saying you do not like it?
     
    chaslang, Sep 29, 2005
    #17
  18. daselko

    daselko Private E-2

    Yes, yes, and yes to the xp pro questions you asked and another yes to the firewall issue. I'll start another thread in software discussion in regards of the xp pro uninstall/reinstall.
     
    daselko, Sep 30, 2005
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Sep 30, 2005
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds