TechSpot

iexplorer problem etc

By oceanic
Jul 4, 2007
  1. i seemed to have had the same problem as in this page http://www.techspot.com/vb/topic80240.html , but i can't tell (since i'm not knowledgeable enough). It was definitly caused by some viruses and trojans of some kind, that i accidentally downloaded thinking they were something else. AVG popped up straighaway and caught some of them, quite a few. But then the iexplorer problem taking all the speed from the computer happened.

    I wasn't able to use avg anti-spyware as it wouldn't load. So i went into safe mode and did the scan, deleted the files that it recommended were evil. Did the trend micro scan, avg scan, etc. Computer SEEMS fine now, but i'm afraid that there might still be trojans, viruses etc still in the background. For one thing in add/remove programs there is a huge section of black and white nothigness for some reason, can't remove it at all, and its huge.

    Could someone check the hijack this log and avgantispyware log i've uploaded here, and see if there is any suspicous stuff still there, and how i can remove it possibly as well as the big white blob.

    Thanks
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Run HJT and do a system scan. Place a check in the box next to the following entries (if there):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

    O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)


    Click the Fix Checked button. Close HJT.

    Please run AVG Anti-Rootkit and ComboFix as per steps 11 and 12 of the instructions in this thread and then post the ComboFix log and the AVG Anti-Rootkit results.

    Regards :)

    This thread is for the use of oceanic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. oceanic

    oceanic TS Rookie Topic Starter

    thanks for the reply, sorry for the delay in reply.

    Did the avg anti-root kit scan, where do i get the scan log file from? It did find one thing a trojan horse downloader.generic4.zqs in C:\WINDOWS\mgrs.exe (it gave the option to heal it so i healed it with avg).

    Am doing the combo.fix right now, so will have the results to you tommorrow or tonight hopefully if everythign goes smoothly.
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I think there is a way to send AVG Anti-Rootkit results to a log file, but I'm not sure how to do it.

    I'll be ready to check your logs.

    Regards :)
     
  5. oceanic

    oceanic TS Rookie Topic Starter

    thought the combo one would take yonks, took 10minutes. So here it is have attached the two txt files that combofix made, and have already said what the avg rootkit found. :eek: Sorry about having clicked fix on the avg root kit scan results, just realised step11 clearly states not to do anything, and for some reaon it didn't go through my head. Hope it won't be a problem.

    If there is anythign else you need let me know.

    thanks for you help.
     
  6. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    No problem with the AVG Anti-Rootkit. Since the file truly was bad, it probably didn't hurt to fix it.

    Please run HJT again as per the instructions in my earlier post.

    Then please do the following.

    Download the attached "Combofix-Do.txt" ( from my attachment) and save it to the same folder as Combofix. Drag the Combofix-Do.txt over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

    Then post fresh ComboFix and HJT logs as attachments into this thread.

    Regards :)

    This thread is for the use of oceanic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  7. oceanic

    oceanic TS Rookie Topic Starter

    Have done as asked, don't think anything went wrong, files are attached. Sorry for the delay was interrupted.
     
  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please navigate to virusscan.jotti.org.

    Enter the following into the text box at the top of the page.

    C:\WINDOWS\ScUnin.pif

    Click the Submit button. Make note of the results.

    Then please do the same with the following files:

    C:\WINDOWS\ScUnin.exe

    C:\WINDOWS\scunin.dat


    Please post the results here.

    Regards :)

    This thread is for the use of oceanic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  9. oceanic

    oceanic TS Rookie Topic Starter

    all scans say found nothing, good news?

    i think it might be the starcraft game uninstaller file...just googled it.
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Good. I thought they could be Starcraft-related, but just wanted to be sure.

    Anyway, I believe your system is now clean. To finish up, please do the following.

    1. Delete all files in AVG Anti-Spyware's quarantine folder (C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).
    2. Turn off system restore (see how here). This will delete all your old system restore points and any malicious software in them.
    3. Now turn system restore back on. This will create a new, clean restore point.
    4. I recommend checking out this thread. It contains some good tips on keeping from getting infected again.
    If you have any further virus/spyware problems, please post them in this thread.

    Regards :)

    This thread is for the use of oceanic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  11. LXIX

    LXIX TS Rookie Posts: 108

    I would suggest you siwtch to Mozilla Firefox web browser or something with more security then iexplorer
     
  12. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I agree. Firefox and Opera are both good, secure browsers.
     
  13. oceanic

    oceanic TS Rookie Topic Starter

    thanks for all the advice and help. :grinthumb

    i have mozilla but family use iexplorer. So can't get rid of it sadly.
     
  14. LXIX

    LXIX TS Rookie Posts: 108

    You know what i did is i made my family switch to Mozilla (even though we all have our own computers) just so they wouldnt get andy spyware or malware.
     
  15. oceanic

    oceanic TS Rookie Topic Starter

    will try it, but you know people, once set in their ways no one really wants to change things.

    P.S. I forgot this, but how do i get rid of the big black and white blob that is in my add/remove program list, its quite huge, causes the whole thing to scroll down for a few seconds. From what i've read on the net its some kind of bad link to a progranm icon that no longer exists or something to that effect. but i can't get rid of it no matter what i try. Any ideas?
     
  16. momok

    momok TS Rookie Posts: 2,265

    Hi,

    To remove an entry in the add/remove program list, try using CCleaner.

    May I add that the best way to avoid infection is to arm yourself with sensible knowledge and online habits.


    Regards,
    Your friendly momok =)

    This thread is for the use of oceanic only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. LXIX

    LXIX TS Rookie Posts: 108

    Well an easy way to get your family to use mozilla is to delete the iexplorer desktop and start menu icons. Then right click your firefox icon and go to properties. Change the name from "Mozilla Firefox" to "Internet Explorer" and then click the change icon button, hit yes, and scroll to the far right of the list. Highlight the icon that resembles internet explorer. Apply all changes and press ok. Now it will look exactly like iexplorer but when you click it it will launch mozilla, if you don't have the new iexplorer 8 no one will even notice the difference in appearance.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...