annoying internet explorer plugin

[bobby123]

I accidentally installed some internet explorer plugin. When i go to cp to remove it, it says, i need to restart my pc but when I do and go back to remove it it says that again. I have had an annoying time with lots of popus and ads appearing and I think its due to this stupid plugin.
Is there a way to remove it?

 

[howard_hopkinso]

Go and read this thread HERE. Post a HJT log into this thread, I`ll take a look and see what`s there, if anything.

Could you also tell us exactly which plugin you`re talking about.

Regards Howard

 

[bobby123]

what is this log you're reffering to?. Also, where can i obtain it. As far as the plug in goes all I know is that its called interne explorer security plugin. Im sorry about my vague knowledge. As soon as I start internet explorer I get a silly web page telling me about internet security. Now and then I get ads popping up. This has never been the case till today.
regards
bobby

 

[howard_hopkinso]

Click on the link I gave you, you`ll find instructions on where to get and how to use and post a HJT log.

HJT(HijackThis) is a small programme that lets us see whats running on your computer. This is very useful for identifying viruses/trojans/spyware etc. These infections are often the cause of popups etc.

HJT also has the ability to stop some of these processes from running. However, in order to interpret a HJT log, one must know how to analyse the results. That`s where I come in lol.

Once I have your HJT log, I`m sure we will be able to solve your problem.

Regards Howard

This thread is for the use of bobby123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bobby123]

ok thanks howard, what about the whole plugin business?

 

[howard_hopkinso]

A lot of IE plugins are perfectly safe. However, as you`ve just found out, not all of them are what they appear to be.

Personally, I don`t recommend using IE at all, except for Windows updates and the odd site here and there.

Firefox is my browser of choice. It`s a lot more secure than IE. You can get it HERE.

However, before you bother to do that, post your HJT log and I`ll take a look at it straight away.

Regards Howard

 

[bobby123]

The thing is I use aol more. However, I alternate between ie and aol. Is there like a difference between the 2, im confused in that aspect. I will do the log thing tommorow

 

[howard_hopkinso]

I`ve never used AOL, nor would I, but that`s another story.

Firefox will work with 99.9% of websites. Give it a try, if you don`t like it, you can always uninstall it.

Regards Howard

 

[bobby123]

As soon as I open up internet explorer i get this site : www.safetyhomepage.com with a really annoying warning thing. Above it I have a protection bar. I just want to get rid of it.

 

[bobby123]

heres the log howard.

 

[howard_hopkinso]

You`ve got some nasties on your system that need to be got rid of.

Download and run these three tools. Follow the instructions for using each tool.

Tool1 Tool2 Tool3

Post a fresh HJT log, only after doing the above.

Regards Howard

This thread is for the use of bobby123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bobby123]

ok thanks i thought so, is there anything like trojan or something silly?

 

[howard_hopkinso]

is there anything like trojan or something silly?

Oh yes. Just run the three tools and post a fresh HJT log.

Regards Howard

 

[bobby123]

ok check this please

 

[howard_hopkinso]

All the nasty entries are still there. Your system is badly infected with Trojans/worms etc.

Either you haven`t run the tools properly, or they are ineffective.

In either case, go HERE and follow all the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard

 

[bobby123]

yer i forgot to use too1.


!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\viruxz.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
Problem while deleting C:\Program Files\IntCodec\

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\Program Files\IntCodec Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End

Thats the report I got from tool 1. I restarted my pc and opened internet explorer and the security bar thing has gone so I think problem has been fixed. I will post a fresh log in a minute.

 

[bobby123]

ok here it is

 

[howard_hopkinso]

That`s looking much better.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Microsoft Windows DLL Services Configuration

Close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

windir32.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://thatstelugu.indiainfo.com/wfplayer/tdserver.cab

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) -

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -

O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF861CAB-E76C-4F64-81E3-87AA9FFFF425}: NameServer = 205.188.146.145<only fix this, if it doesn`t belong to your ISP.

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

windir32.exe Search your system for this file and delete all instances of it.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

Regards Howard

 

[bobby123]

How many rubbish things are still there?

 

[howard_hopkinso]

No offence mate, but if you`d just follow the instructions and post a fresh HJT log as requested. We`d soon have this sorted.

Your last HJT log is looking much better. However, there are a few things that need to be got rid of, especially the windir32.exe file. This is a real nasty, hence the instructions I gave you.

Regards Howard

 

[bobby123]

ok i will get to doing all that, what does this windir32. exe thing do?

 

[bobby123]

I think i will struggle to do all those things, isnt there an easier way such as using some anti virus scan?

 

[howard_hopkinso]

For more info on the windir32.exe file see HERE.

This is starting to get a little tedious.

I asked you in post #2 to post a HJT log after following some instructions. I eventually got a HJT log in post #10

If you`d just done what I asked, we`d have had this problem sorted out already.

Now stop asking questions and follow the damn instuctions.

Regards Howard

 

[howard_hopkinso]

I think i will struggle to do all those things, isnt there an easier way such as using some anti virus scan?

Good god man. If you don`t want to follow the instructions, just format your hard drive. That`ll cretainly get rid of your virus problems.

Regards Howard

 

[bobby123]

yer but im not sure about some of the things you wrote, thus im sayin is there an easier scan to do. if not I will have another go at what you wrote.