Malware (or virus???) Help--"System Error #1752"

firecypher · Apr 4, 2006

Ok, so, here's the deal....this began two days ago...

Whenever I start my desktop computer, my old background disappears, is replaced by a new, blue background with white writing that says, "Warning! Spyware threat detected! System error #1752" It then goes on the list my IP, internet browser, and compy specs and provides some links to some 'spyware prevention software', which I assume are bogus. Unfortunately, my boyfriend was the first to discover this problem, followed the links and downloaded some of the 'trial' software...I was able to remove this with install/uninstall programs (I think?? Or hope??)

First, I followed instructions 1-7, with the following exceptions...

Instead of running Defender, I ran Counterspy, even though I have SP2. I was unable to run Defender because I could not be 'verified'--I think this has something to do with the fact that, at the time, I did not have ActiveX installed??

I was unable to run the online virus scanning programs, because INTERNET EXPLORER KEEPS CRASHING (that just started happening tonight)--I get the error mssg 'needs to close'...I can provide more details on the exact error message later, if necessary. I am posting right now from my laptop. However, I did run Symantec, and it quarantined several items from my system restore, although, now that I go to find and list them for you, they're no longer listed under quarantine--not sure what happened to them?! I will attach the counterspy log.

-----

I am attaching my HJT log--I'm assuming that this is the only thing that will work, since all the other programs failed. I've been working on this for two days, and am very frustrated, but you guys are THE BEST. Truly lifesavers. I thank you ahead of time for ANY assistance you can provide!

chaslang · Apr 5, 2006

Welcome to Majorgeeks!

Let's get an installed programs list from HijackThis too!

Run HijackThis, click Open the Misc Tools section

Click Open Uninstall Manager

Click Save List (generates uninstall_list.txt)

Click Save, to save it to a file where you can find it.

Attach the uninstall_list.txt file to your next message.

Then run the below procedure and attach the Ewido log (obviously you can skip the installation part since you already have Ewido installed but make sure you get any updates).

Running Ewido Anti-Malware

Then attach a new HJT log too.

firecypher · Apr 5, 2006

Ok, I ran Ewido, got the HiJack install list, re-ran HJT, and am posting a new HJT log....also, if I recall correctly, the object symantec previously detected and quarantined (although I can't find it in quarantine now) had 'bloodhound' in the name...thanks again!!

chaslang · Apr 5, 2006

There are no major problems showing in your logs! Let's fix a few things and run another tool to see what happens. Also note you have three old versions of Sun Java installed. You should install the latest version and then uninstall the three old versions.

Make sure viewing of hidden files is enabled (per the tutorial).
Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:

If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.

Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now run the procedure in the below link. Note you will not see most of the files and folders that are mentioned, just ignore and continue. Then main thing is to get smitrem run and then to see if you can now run PandaActiveScan too. Make sure to attach the logs:

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

firecypher · Apr 5, 2006

So, while perusing the internet, I came across this page, http://messages.toolbar.yahoo.com/t...2&mid=-1&tof=6&m=te&rt=2&off=1&p=DNbnjDDdWw--,

with the following mssg:

>You gotta love people who go to all the trouble setting some damned thing >like this up, trying to pose as M$, and they can't even spell correctly. After >I got done wishing an imaginative death on the site that did this, I realized >it was just a background HTML page making use of the M$ "feature" that >lets you stick a webpage as your background. Go to the top of the screen >and a small dropdown will appear. Click on the options, customize your >desktop, and remove the background HTML that's been put there.

So, that solved my 'system error' problem

Now, however, I can't use internet explorer (I'm posting from my laptop, which is not infected, and transferring the log files with my jump drive)....within a few seconds of opening IE WHILE CONNECTED TO THE INTERNET, I get "Internet Explorer has encountered a problem and needs to close"....I click on 'more details', and the error signature reads:

AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: kernel32.dll
ModVer: 5.1.2600.2180 Offset: 0001eb33

I do not get this mssg if my internet cable is unplugged.

So, I ran everything as you described, except for Panda Scan (because I can't access the internet from my desktop compy, due to the problems with IE.) Logs are attached. I'm wondering if something happened to IE while I was 'cleaning' and if this could be fixed with a simple system restore???

chaslang · Apr 5, 2006

Your problems are not malware related. You may want to try looking for help in the Software Forum. Personally I would start by uninstalling all the Symantec/Norton software and seeing if your problems clear up at all. You can always reinstall.

Log in or Sign up

Malware (or virus???) Help--"System Error #1752"

firecypher Private E-2

Attached Files:

hijackthis.log

CS Logfile.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

firecypher Private E-2

Attached Files:

uninstall_list.txt

Ewido Log.txt.txt

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

firecypher Private E-2

Attached Files:

smitfiles.txt

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member