Possible Virus - Cannot Surf Web

[aegisrose]

Greetings TechSpot Forums!

I am the proud heir of my friend's OLD pc. It is sick and was bogged down with old temp files (I cleaned out near 1GB worth of Temp Int Files!)

Symptoms: PC boots up fine (albeit a little slow). After login, and as windows XP is loading, there is an error message about iernonce.dll missing/not found. I am able to click "ok" past it.

Once on desktop, I click on internet explorer icon, and it goes to the homepage, then gets stuck... almost looks like the page is trying to finishing loading. Another "phantom page" opens, but I can't bring it up. Looking at the processor, it is obviously doing "something" since the processor spikes to 80 - 100%. Surfing the web is impossible. I tried going into Safe Mode (with networking) and it does the same.

I've taken the steps per this post: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

AVG found the following infections: Win32/Heur, JS/Psyme, and VBS/Agent
AVG found the following Spyware: Adware Generic2.DZT
AVG also found several common tracking cookies
These were succesfully healed.

CCleaner cleared several files

Malwarebytes discovered & removed 218 infected objects


THANKS IN ADVANCE FOR ASSISTANCE!

 

[aegisrose]

FYI - I'm trying to post the txt files, but the PC won't let me on the web. I'm typing this from my laptop. Do you think it's safe to move the txt files with a thumb drive into this laptop for posting??

 

[tw0rld]

Do you think it's safe to move the txt files with a thumb drive into this laptop for posting??

That should be fine, but try this first, then see if you can get to internet.

RIES(Reset Internet Explorer Settings)

IE6

Tools > Internet Options > Programs tab > Click reset web Settings.

IE7

Tools > Internet Options > Advance tab > Click reset Button.

 

[aegisrose]

My husb changed some settings on IE (unchecked reuse windows when launching internet shortcuts) and for whatever reason, that made IE work /shrug

In addition (and without consulting with me) he ran Trend Micro's housecall... It cleaned a bunch of junk, but it did not yield a log.

Anywho... here are some of the log files from the previous scans.

PS: I couldn't find a log for superantispyware

 

[aegisrose]

/poke

Hey Guys... any luck taking a peek at these logs?

The PC is still pretty buggy. :stickout:

Let me know if I need to run any additional scans since we've ran Trendmicro's Housecall..

 

[tw0rld]

Reset IE to it's default setting.

RIES IE6

Tools > Internet Options > Programs tab > Click reset web Settings.

Install, Update, Immunize your system, and run a scan with Spybot S&D; http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

Also update your system with latest Service pack(Sp3), and IE 7.

 

[aegisrose]

Not having luck

I can't update this PC to save my life!

Windows is trying to apply an update, but then it says it cannot successfully install. I tried going to the MS updater website and I can't stay online long enough to check the system and apply new patches, etc (the pop up / hiccup window problem occurs).

 

[SpiritWind]

Windows Installer version ?

Hi :

Look in "Add or Remove Programs" for "Windows Installer" and tell us the
Version "Number" and/or It's "KB" number .

 

[tw0rld]

Do the following
Start > run > type services.msc

Check to see if the Background Intelligent Transfer service is running(BITS), and Check to see if Cryptographic service is running. If not click start.
If this fails, ther are other things i could suggest, but at this point I would suggest a repair Install. https://www.techspot.com/vb/topic8356.html

 

[aegisrose]

WOW! What a mess~~~

OK~ The service was in fact started. I did not even bother with more. I used the eMachines "System Recovery" disc.

It is running well; however, I noted that after the recovery, and updating Windows XP to SP3 and IE to v 7.0.5730.13 that Yahoo! toolbar suddenly appeared.

I tried deleting it from Add/Remove programs and COMODO alerted me that "GLB3C.tmp" was trying to access the internet. I blocked it. Out of curiosity, I tried deleting the Yahoo! folder directly from Program Files and sure enough... it said I did not have rights to do so. I ran HJT and removed the yahoo entries that it found. It allowed me to remove the application via add/remove programs and I additionally deleted the folder from Program Files.

SOOOO~~~ I'm posting my HJT findings after my adventures. I want to make sure no other "funk" is hiding on this machine!! THANK YOU!!! :wave:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:56 PM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
log removed, they must be attached
--
End of file - 3550 bytes