Internet Browsers will not open - possible malware

By aegisrose
Nov 21, 2009
Topic Status:
Not open for further replies.
  1. Greetings TechSpot forums!
    always a pleasure coming here to get answers. :haha:

    After moving recetly, my old XP machine started experiencing problems opening internet browsers (ie 8 and Firefox 3.0.13). They simply crash.

    I know it's not my router or ISP because I have 4 other machines connected and running at full blast. And there is some sort of connectivity because windows updates downloaded some updates.

    I read somewhere it might be loose memory sticks so I went into the guts and all is secure in there.

    I have the latest application versions of Malwarebytes, Superantispyware, and Hijackthis, but whatever is attacking the PC will not let me update the definitions library. I think Malwarebytes did update, but a weird error flashed for a moment while updating, so i'm not confident it's all the latest info.

    Is there a way to get those updates and move them via flash drive from my laptop to the sick PC?

    In the mean time, I've attached the hijackthis log, and the superantispy log (last update was july 09).

    Any insight would be appreciated. THANKS!
  2. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    hello~ I'm just writing to /bump

    :)

    Any assistance would be greatly appreciated
  3. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I think the topic was not replied to because all 3 logs are not attached
    Try again to update Malwarebytes and run a quick scan

    Also uninstall the old and obsolete AVG8
    Then after uninstalling it, then run the AVG Remover tool: http://www.avg.com/filedir/util/support/avgremover_en.exe

    Restart

    Download and install Free Avira Antivirus: http://www.free-av.com/
    Update it, and run a full scan

    Restart

    Reply with 3 new logs:
    Malwarebytes
    HijackThis
    Avira scan log

    Oh you can uninstall SUPERAntispyware to begin with too


    Edit:

    I mentioned to uninstall AVG8 to you in your thread here: http://www.techspot.com/vb/topic138422.html
    Since you still have it, maybe someone else wants to support you in removing malware
    I think AVG8 went out about 6 months ago now though (could be more)
  4. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    Thanks for the response Kimsland... I'll see what I can do about AVG and Malware Bytes since I can't seem to update any of the programs.

    I'll post again tomorrow.

    EDIT: this whole ordeal is on my old PC. I'm not particularly attached to AVG so I've uninstalled it and installed Avira on it. I was able to update it too! More to follow...
  5. stellarPCserv

    stellarPCserv Newcomer, in training

    virus infections usually dont prevent internet applications , they want you to go online so they can steal your info or sell u somthing.. right click on my computer, than click on manage than click on event logs and check sytem folder and applications folder for errors..
  6. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    Hey Stellar... you might be onto something.

    I see some errors that say "could not join the network because another machine has the same name..." which is accurate because I named my new PC the same as the old one.

    I've renamed the old one and started running all the scans as well.

    We'll see what turns up.
  7. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    renamed machine and ran scans

    I renamed the machine. This helped me connect to the internet.

    Eitheway, to be on the safe side, I ran the scans. If someone could take a peek just to confirm that it looks good, I'd sure appreciate it!
  8. stellarPCserv

    stellarPCserv Newcomer, in training

    i cant see the logs at the moment sence im on my phone, go to pandasecurity.com and run the active scan 2.0 takes about a hour.
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I can see the logs ;)

    Please run IE Reset (you have a number of Browser Helper Objects that just slow down your browsing in my view)
    [​IMG]
    Or manually from here http://www.techspot.com/vb/post682762-2.html
    Then restart Internet Explorer

    Your Malwarebytes scan only needed to be a quick scan :rolleyes:
    And you have not removed found Malwares at the end of the scan
    As it also has an older database, please open Malwarebytes; Update it; then run a quick (~10min maximum) scan
    Please provide this new scan log


    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and provide a fresh HJT Scan log

    3 logs required again ;)
  10. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    umm~ forgive the n00bishness... but I can't seem to disable avira :confused:
  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Right click on Avira shown on your Taskbar
    Remove the tick

    [​IMG]
     
  12. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    here we go!

    3 logs
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hi, I suspect you are still infected. Please follow the following precisely (we don't want to mess up Windows ;))

    Also, allow any Firewall message that may pop up


    1. Download Atapi.zip to your Desktop
      • Extract Atapi.zip file directly to your Desktop, giving Atapi.sys

    2. Start > Run > cmd /c del /a/f/q c:\atapi.sys > ok

    3. Start > Run > cmd /c start /min cmd /c "copy %windir%\system32\drivers\atapi.sys Desktop\*.suspect >log.txt&log.txt"
      • You will get "1 file(s) copied." Please close this Notepad

    4. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys %windir%\system32\drivers\atapi.sys >log.txt&log.txt"
      • You will get "1 file(s) copied." Please close this Notepad

    5. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys c:\atapi.sys >log.txt&log.txt"
      • You will get "1 file(s) copied." Please close this Notepad

    6. Start > Run > cmd /c start /min cmd /c "dir /a c:\atapi.sys >log.txt&log.txt"
      • Please save the text file to be attached to a new reply
    Restart

    Run Combofix again, attach[​IMG] the log

    :)
  14. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    I followed all the steps... should the quoted step above have yielded a notepad also? it didn't....
  15. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes, I forgot the "/c" I have edited it in above ;)

    But instead of doing this single command log file, lets check the entire of the system drive (Note this one will take a bit longer as it searches)
    Start > Run > cmd /c start /min cmd /c "PEV -l %systemdrive%\atapi.sys >Log.txt&Log.txt&del Log.txt"
    Wait about 30 secs for this log to show. Please save this log file to be attached later on

    Please also provide the new Combofix log as an attachment (this must be performed after Restart)
    And also attach the file: atapi.suspect (located on your Desktop) You need to Zip this up first

    3 Attachments required
  16. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    3 more.... :)
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    The atapisuspect file, you have renamed :confused: It was originally atapi.suspect
    I have tested this file and it looks ok, so be it.

    The redirection looks as though it may now be resolved :)


    Un-install Combofix
    • Click Start then Run
    • Now type Combofix /uninstall in the runbox and click OK
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command


    Clear system restore points

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


    Update Java

    Run JavaRa
    This will remove all your old Java stuff (that is not required)
    It will also help you check for new Java updates

    Run TFC Cleaner
    Download and Run TFC
    (You may need to Restart)


    Restart

    Report how everything is running well :)
  18. aegisrose

    aegisrose Newcomer, in training Topic Starter Posts: 73

    Excellent

    Yep~ the machine is running VERY well now!!!

    oh.. and I renamed the atapi zip bexause I wasn't sure if it would like having a "." in the middle of the file name when I zipped it. I guess it doesn't really matter.

    Thanks so much for your time and efforts. I've addressed a couple of my issues via TechSpot and I learn a lot each time.

    Thanks again Kimsland!!! You rock!!!! :grinthumb
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    No problems :)

    Hey Malwarebytes has just updated to a new version 1.42
    Please startup Malwarebytes, and do an update to the program and then the database
    Then run a quick scan. I don't expect you'll have any issues, but hey a 5 or 10 minute scan can't hurt ;)
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thank you kimsland. It gets a bit overwhelming in the V&M forum at times. Sorry you got missed. I usually start at the bottom with the oldest posts, but sometimes I miss.

    You really need to do the Java update- (jre1.6.0_05) having the older version leaves a vulnerability to the system.

    Would also stress cleaning up the system- especially the temp files- more regularly. Heaps of those can really slow you down.

    I didn't see any malware in the logs- or anything that hadn't been handled. Can't help wonder if this was the devil in the system:
    Thanks for atapi info kimsland. Have saved all for next atapi day!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.