IE not working plus a Windows Error on desktop plz help.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Sabbath351, Jun 27, 2005.

  1. Sabbath351

    Sabbath351 Private E-2

    As i was downloading on bit lord my pc went wierd and spy sheriff had popped up, so the first thing i did was uninstall the program and then restarted my comp. After that the Windows Error message came up and my browser has changed several times.

    yes i have read through those STICKY posts and the problem is still coming back and i also have the HJT log posted.

    EDIT: Forgot to mention that internet explorer wont work but Mozilla is still fine.
     

    Attached Files:

    Sabbath351, Jun 27, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you read and followed the sticky threads, you would not have posted a HijackThis log.

    You need to follow the steps in the below sticky thread:

    SpySheriff (aka SpywareNo) Removal

    And then we will need to do some manual removal steps afterwards to remove a pile of other problems you have.
     
    chaslang, Jun 27, 2005
    #2
  3. Sabbath351

    Sabbath351 Private E-2

    I've followed those steps but i cant seem to find
    c:\winstall.exe
    c:\WINDOWS\Web\Wallpaper.exe
    c:\WINDOWS\Web\desktop.exe
    c:\wp.exe
    c:\wp.bmp
    and i uninstalled Spy Sheriff once i found it installed on my comp also is it really important to delete everything inside the C:\WINDOWS\prefetch folder???
    the registry stuff i cant do because it wont allow me to access notepad.
     
    Sabbath351, Jun 28, 2005
    #3
  4. Sabbath351

    Sabbath351 Private E-2

    EDIT: rebooted again and just done the registry stuff.
     
    Sabbath351, Jun 28, 2005
    #4
  5. Sabbath351

    Sabbath351 Private E-2

    The desktop thing has been resolved, now the problem is that it still wont let me on internet explorer and zone alarm keeps detecting these programs trying to run thru IE :| my HJT log should be in the first post if needed

    Thanks
     
    Sabbath351, Jun 28, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You original HJT log had this line:
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

    Thus the winstall.exe file did exist (at least at that time).
    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
    O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
    O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    c:\windows\system32\mservice.exe
    c:\windows\system32\lssas.exe
    c:\windows\system32\msqdevl.exe
    c:\windows\system32\svshost.exe <--- DO NOT DELETE svchost.exe!!! Only delete svshost.exe.
    c:\windows\system32\stisvsq.exe
    c:\windows\system32\iau.exe
    C:\winstall.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    Last edited: Jun 29, 2005
    chaslang, Jun 28, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds