Is it gone?

I followed the scanning directions. (READ & RUN ME FIRST. Malware Removal Guide and Downloading, Installing, and Running HijackThis)

I am trying to fix a shared computer. I only get time slots on it, and have had to split the scans into segments (always starting with CCleaner) As soon as I was told about the problem, it stopped. It only seems to affect IE, (oh, no! version 6!) And is adware that also aparently slows or corrupts Internet connections. (I haven't been able to confirm whether it affects other browsers' connections, but they often work when IE doesn't.) I think that someone may have visited a poisoned page in an Internet search, although no proof or url. My problem is just like http://forums.majorgeeks.com/showthread.php?t=111924
The other message that comes up says

This is also the last message we received, back in October. Someone wrote it down on a piece of paper and gave it to me, then they said once they told me, it left. But, the connection still gets bad every once in a while. I was thinking about changing the main user like the other person did.

The scans are fairly clean except for these exceptions:

1. cookies
2. Viewpoint Media Player, which keeps installing itself (I found a file in AOL jiti/viewpoint.exe)
3. someone gave me this hard disk, and I just renamed the windows and Program Files folders to ORIGWIN and Program Files2 and moved all other root directory files into ORIGBAK because I was just using it to salvage another hard drive and didn't know if I would need the old system or not. One item was found in an installer in the old IE cache. I would like to fix this someday when I have time.
4. I accidently lost the log from bitdefender, but also saved the summary file, which I included. I deleted the file it mentions, which is the same one mentioned in the previous exception.

 

Is it gone? (cont.)

Here are the other logs. Should I just make a new main user and delete this one, or as the others seem to want to do, ignore the symptoms because they are going dormant rolleyes:confused? Also, should I get another bitdefender log? It may take awhile... (I started this in October. It's hard getting long periods of time, even at night.) Also, I already ran ActiveScan.

 

It was having problems just like in http://forums.majorgeeks.com/showthread.php?t=111924 but once I was told, they stopped. It's gone dormant or something. There is still a problem with the connection having problems in Internet Explorer sometimes, but working in other browsers. Maybe I should try changing the main user, like they did? I am not inclined to think it fixed itself. I also considered if I can uninstall Internet Explorer or something.

 

Sorry to be so hard to help; I'll try to ask the questions like I would like them asked of me:


Specific Problem:

Symptoms:

1. Internet Explorer confirmation boxes pop up recommending the download of ErrorProtector or other malware. (Once, the download page started loading after someone clicked the message's close box; they closed the window before any content displayed.)
2. Connection errors, (such as Server not found, Gateway timeout, etc., repeatedly) that only affect IE and AOL (which uses IE) browser windows while Mozilla browsers load quickly first try consistently over same connection. This leads me to think (hope) the problem is confined to IE.
3. I am not sure if this is part of the same problem, but there is a weird clicking noise comiing from the computer's case once in a while. (not from the speaker, could be hardware getting old or something)

​

Note: Someone reported the ads to me; and as soon as they did, the ads stopped. The messages only came when I was asleep, and haven't appeared since I found out about them a week or so before Halloween. (I know it is not an inside prank.) As far as I know, it could have deleted itself to avoid detection? Or maybe it's gone dormant to wait for a chance to strike again next year or something? Connection problems have persisted.​

Regarding IE Uninstallation:

A better word might have been reinstallation. I know I need IE as part of Windows. I just want to install the newest version fresh, if I can, to try cutting any grip the adware has on the current version.​

Questions:

Should I try doing something with IE, like reinstalling, or would updating to the newest version be sufficient?
Should I worry that the problem isn't detected or active anymore? (Another person still had the problem after they followed the directions here and it wasn't detected, but I didn't do anything and the problem seems gone.)
Any other thoughts?​

 

Just one question left, then. I am supposed to plan a small network with this and a couple other computers on it. Should I assume it is safe to put this one on the network now, or should I do anything first? I understand if you can't answer that, since the problem is unknown. I was just wondering what you would do?

Just in the remote possibility you might have any other thoughts, I answered your post:

I know the logs don't show anything. The other thread about this problem had it still occuring after the logs looked ok, but it looks like they aren't happening here anymore, except that the connection problems in IE occured recently, but that may be just left over damage or possibly unrelated.

I would like to make sure it's gone. Problems like this usually don't just disappear. But nobody knows what it was in the first place. It apparently was affecting IE only when it was online here. Maybe it was something that had to be propagated each session or something and didn't actually get strong enough here to stay? The only things I can think of are it died because it was too weak, or it killed itself to avoid detection, or it is hiding which would be hard avoiding detection since it's months old and updates on it would probably be out if it is common enough, or it never really infected in the first place.

Without a firewall running, still connection problems in IE/AOL, though not in Opera or Mozilla. I'm waiting for the problem to happen again so I can test AOL Antispyware. Like you said, that's the problem, trying to fix when there's no problem.

I'll try there. Thanks

 

I would like to start with a blank comp, but the others don't want me messing with it that much. It would interfere with their use of it too much. They'd rather have it replaced. I might do it when I have time though anyway.

Can you recommend one?

I mean the screenshots there looked just like the ones I was given here (hard copy, so I didn't post them) so I figured they were the same thing. I was doing a little routine cleaning just before I was told about the problem, but nothing I thought that would be enough to get rid of it.

I tend to baby my comps like a perfectionist. If they get a problem, I try to make sure it's perfect, but I guess I can't protect it from everything like the ones in my laboratory... (Actually, my lab is just a corner of my room. Not enough funding for a real one. lol)

It's probably similar to mine. I try to ignore it as much as possible, but the others are used to it.



Thanks for all your help. I appreciate it.

I actually like problems like this if there's no pressure to fix it. lol

 

I tried all the ones for Win All, but most said this system wasn't supported. Rootkit Hook Analyzer said it couldn't communicate with the device but the operation completed successfully on loading and when I tried a scan it said wrong version of RSPSC32.sys. Rootkit Revealer wouldn't even load. It's Win98.

Also, I think I may have found that the click I mentioned. A click just like it comes from a system buzzer when the keyboard buffer fills. It also clicks more rapidly when the mouse is moved if the buffer is full. I don't know if that is the only click we were hearing. The buzzer was near the hard disk, so I moved the drives around a bit so we can hear better next time it clicks.

Any suggestions? I'm going to try the first network connection tomarrow, I guess.

Thanks again for your help.

 

Thanks for all your help. I appreciate it. You give good advice.