Browser not working right after using "Generic Solution to HSA"

I got Hijacked with the about:blank amoung other things I am sure and I found the documentation " When all else fails - Generic Solution to HSA (Only the Best) & About:Blank hijack " to be great! I used all the tools involved with the exception of cccleaner. Using the tools, I found the offending processes and files. And I appear to be no longer infected ... but ...

Now my IE 6 browser does not seem to function correctly on some sites. I "believe it to be ssl related redirection links, but I am not sure. Specifically, I cannot login to myebay with secure login I get page cannot be displayed and same with my wireless phone sprintpcs.com - I cannot text message or view pictures - always getting page cannot be displayed after login. I spoke with both tech support thinking I am missing a setting in IE and they know what it is, but yeah, right. So, I tried resetting browser settings, deleting cookies and cache. Nothing has worked so far.

Any ideas ... help! Thanks in advance!

 

Bump. Anyone with ideas?

 

Nope. Still no workie. This is a trip.

More info. When I try to login to the ebay portal, I will get "page cannot be displayed" right after I click login, but if I click back twice to main page it thinks I am logged in. So it takes the login information but cannot redirect me. Same with the sprint site but I cannot use the online tools (text messaging, photos, etc.) It logins me in, but when I go to use the personal tools - blank. I am sure it will happen with other sites I would "secure login" to, but I don't use any others.

Help?

 

I am having the same problem, although it was related to trying to clean a W32.spybot worm. After finally achieving a clean scan with Norton and SpySweeper, the IE browser doesn't allow access except to the initial page. At the same time, it appears to be blocking access to spyware and adware protection software sites (same for this site as well as directly accessing download sites).

I have reset the defaults on the security levels for trusted sites, but it appears to want me to lower the firewall, something I am not willing to do until I have downloaded the recommended spyware/adware programs recommended by Major Geeks.

I am going to attempt to download the recommended software to disk and run it on the system. I believe these problems are related to the "suge.exe" and "systemrun" files that do not have certificates or identification of the publisher. Both files are located in System32. I have posted a question on these elsewhere in this forum. Anyone with an understanding of how the page blocks are being set up, please respond!

At this point, I may lower the firewall and allow these programs to run in order to gain access to the sites. I definitely can't lose anything. The system is unusable as it currently exists. Is it possible to obtain a disk containing the recommended software listed under Major Attitude's "How to: Spyware..." notice?

Hope to hear a reply to this thread. Something in River City stinks. I notice that several threads indicate a similar problem with disabled browsers. I have also talked to local tech folks who are saying that reinstalling IE is a problem under SPG2. As such, resetting IE controls (or lack thereof) is another major undertaking.

Help

 

I am still having these problems accessing many https login sites with redirection. Although I have no traces of spyware via spybot, adaware, etc.
Even resetting all the defaults in IE, lowering the security settings to low, enabling ssl2 and 3, etc.

Which leads me to the question what is malware, and is it causing these problems or is my browser permantely damaged?

 

For example here is what ebay gives me after sigining in -

"If you are seeing this page, your browser settings prevent you from automatically redirecting to a new URL.

Please click here to continue. "

Of course clicking on 'here' does not work. Redirections seem to work with non-ssl sites, such as majorgeeks. When I click reply and it prompts me to sign-in, I can and the redirection to the post works fine.

Any ideas?

 

Sorry. I must of missed that you wanted the log. Please do, here it is.

Logfile of HijackThis v1.97.7

Edit by chaslang: Inline, old version of HJT log deleted

 

OK log is attached. Please advise. Thank you very much.

 

The original problem still persists. Like I said I believe following your steps throughly, I removed the spyware and trojan from the beginning, but since then the browser does not work correctly with "from what I can tell", SSL redirection logins.

For example, it works fine here at majorgeeks, but the problem is still there with sprintpcs.com and ebay.com, any of my "personal" logins.

Here is some more information. For example when I login to ebay and get the - "If you are seeing this page, your browser settings prevent you from automatically redirecting to a new URL.

Please click here to continue. "

I click continue and nothing. I then hit the back button and go to a "page cannot be refreshed" and back again and again until I am on the main ebay page and I am then shown as logged in. So the login actually takes, but it cannot redirect me to the appropiate page afterwards. Unfortunately things don't work as well with the sprint site, as I cannot access my personal pages to my phone at all.

Throw me another bone?

 

Those sites work with Mozilla Firefox.

When accessing those areas (logins) of ebay and sprint, mozilla gave me the pop-up box that "you are leaving a secure site connection, do you want to continue". Meaning that it was redirecting me from a SSL site to another SSL site (example from login to account infomation), but the browser is prompting, are you sure you want to leave the secure connection, although it has no idea I am just going to another secure connection.

Which leads me to believe that ebay, sprint, and countless others do the same way. And my IE bombs on it. I would assume it is a setting, but I have reset them all.

Any more bones to throw me? besides keep using mozilla

I really need the integration of IE. Must be a setting somewhere. And I KNOW someone else must have this problem.

Thanks!