Can't Get on the net

Status
Not open for further replies.
Hi, Im doing this from another computer.

It seems that whenever I try to connect to the internet, be in modem or wireless, the computer has a physical memory dump and reboots. The same thing happens when I try to install a Windows Update file.

I have run a virus scan, nothing.

Spyware Doctor, nothing.

So ive come to you as a last resort.

I have attached a log and hope that you will be able to help.

Thanks
 
How does your system perform when at the University?
You've got a lot of settings specific to monash.edu.au and both a proxy
and host file settings. You're locked into the university at the moment.
I'm running out the door just now, but can address these issues ~8pm PDT.
 
Re: Can't get on the internet

Dear taigastyle, Please follow the instructions given below carefully..

1.) Run Disk Cleanup Utility and clean everything (Temp. files, Recycle Bin..).

2.) Download Killbox and save it to your desktop.


3.) Run HijackThis and fix the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

4.) Restart computer into Safe Mode.

5.) Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

c:\secure32.html
c:\Windows\secure32.html
c:\Windows\System32\secure32.html
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe

Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

6.) Go to Control Panel > Internet Options.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

7.) Restart Windows normally.

8.) Goto Start Menu/Run and type "SFC /scannow". Insert your OS CD and let it do the repairs with the OS.

9.) Make sure that you are using the latest version of Java.
 
you can remove all R0,R1 and O1 entries.

I suggest you get a browser profile manager (not the same as a windows login profile) to allow you connections while at the Unversity vs. when you are elsewhere.

Netscape does this nicely -- there may be others.
 
Thanks, I do not want to delete any settings the university has set.

But i do clearly remember that the file ibm00003.exe was made at the same time that this virus infected the computer.

I will give your advice a try but set a system restor point first.
 
I understand your concern for the University settings.
HOWEVER, these settings have you LOCKED into their environment so that
you need their proxy to reach the internet:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.monash.edu.au:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.staffserv.adm.monash.edu.au;callistaplus.monash.edu.au;eservices.monash.edu.au;mdsadmin.monash.edu.au;eservices.sss.monash.edu.au;staffserv.adm.monash.edu.au;*.buseco.monash.edu.au;<local>


You are going to have problems everywhere you go outside that environment.
 
jobeard. The internet used to work perfectly fine, this is definitely a virus because my computer crashed a while ago when I visited a website for firmware downloads for my mp3 player..
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of taigastyle only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back