Windows Explorer & NSIS

Hi there

I seemed to have picked up some malware that affects Windows Explorer in that occasionally (for no reason) it sends up an error message, quits (which involves page going blank, taskbar disappearing then all icons and taskbar returning. After that, everything appears normal to a point although some of the icons on the taksbar have exchanged places.

My second problem is that I seem to have picked up NSIS which sends pop ups randomly when in Internet Explorer. They are not horrendous pop ups just annoying ads. I have tried deleting the NSIS folder etc but the thing reappears. Spybot S&D gets rid of the extension but it just comes back.

I have seen on here that others have had similar problems and considering that you helped me previously, I performed all the checks you recommend but the proble still exists. I have attached the logs for GetRunKey and ShowNew as well as HJT logfile. If you want to see the PandaScan and BitDefender reports, let me know. Bit Defender found some Trojans that McAfee had quarantined and PandaActive Scan stated that System Mechanic was Spyware - is this true??

Let me know if there is anything else that you need.

Cheers

Anthony

 

Please find the reports from BitDefender and Panda Active Scan.

Cheers

Anthony

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O14 - IERESET.INF: START_PAGE_URL=http://www.dixons.co.uk/

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

After you complete the above reboot and let me know how things are running.

 

Still get the problems with NSIS popping up. Not sure about Windows Explorer since that is a random thing. Any other suggestions?

 

The Windows Explorer problem happens to me periodically, it could be many things causing this such as running multiple programs at once.

What exactly do you mean by "NSIS" ??

 

Windows Explorer thing never used to happen but now happens more regularly than I would like. NSIS is adware which appears on my computer when I go onto the Internet. It pops up adds for various things. Bit of pain!

 

Download AVG Anti-Spyware 7.5.0.50 and install. Get all updates and run a full scan, remove all found infections and attach the log to your next post.

 

AVG Spyware log attached. It found 4 items.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.

(Procede with this step even if it does not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\nvritf.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

I have done all you said and had no problems with this. I have attached the newest Hijack This log file to this message. Have not had an NSIS message yet.....

Am a bit concerned about the second entry in the logfile - www.dixons.co.uk - what is that all about?

Also, can I ask your advice - would you recommend downloading and installing Internet Explorer 7.0 - have heard there are some issues with this but not sure if these have been ironed out.

Cheers

 

If you are not familiar with this site have HJT fix the entry below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dixons.co.uk/

Yes, I would recommend this update simply because it's a lot more secure than IE 6 and have a lot more features. I use it and have not yet had any problems.