Solved Very serious virus - iexplore.com redirecting and won't let me do restore

Status
Not open for further replies.
i noticed this file repopulated after restart
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
That's fine. Nothing malicious, part of Microsoft Money.

Follow last cleaning steps listed below and also let me know what's your laptop brand and exact model....


Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.
 
thank you

my computer is running lot faster now. thank you so much.

as for my keyboard issue, i am using on-screen keyboard. .very tedious.

My computer is dell inspiron 600m. OS is windows XP.

According to device manager for keyboard, there is hazard sign w/exclamation sign and it says "This device cannot start. (Code 10)"

thank you
 
I'm glad, your computer is doing better :)

What is the name of the keyboard listed in Device Manager.
 
gw157, I'd like to bring a couple of things to your attention:

You have a Dell Inspiron 600m. This is a laptop. But you consistently referred to the mouse and keyboard. IF you are using them instead of the Touchpad on the laptop, you will need to make some adjustments through the Control Panel> Mouse. The Touchpad is set as the default and the Alps driver is starting on Boot (as Appoint)

You will need to make sure the keyboard and mouse drivers are correctly installed if you are using them instead of the Touchpad.

P2P or 'file sharing Warning'
I notice that you have LimeWire running and you have given it access through the firewall:
c:\\Program Files\\LimeWire\\LimeWire.exe
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall LimeWirefor the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
 
Hi Bobbye,

When I was describing keyboard, I was referring to keypad.. i was using the word interchangeably. my keypad was working fine until after the second combofix scan. As soon as the scan deleted the files, i no longer had the access to my keypad. my mousepad works fine, and as soon as i touch one key on the keypad, everything freezes including the mousepad. i reboot it everytime to gain access to mousepad back. i get an error on device manager with exclamation point, saying code 10. i tried everything including, uninstall driver and reinstalling, or updating the driver. nothing works. i hate to reformat my computer after all the time i spent cleaning my computer..

I need serious help getting my keypad to work... Thanks..

BTW, i took your advice and just uninstalled the limewire. Thanks..
 
Keypad still not working

Hi Broni,

is there any way to tweak the registry to get my keypad functioning again? I tried everyting, googled everything and followed their recommendations without success.

i am getting real nervous about this..

Thanks..
 
I just double checked Combofix logs and I don't see anything among removed files, which could have any impact on your laptop keyboard.
Keep in mind, that sometimes, with heavy infection, some legit files may become corrupted.
I'm looking for a possible solution. Hold on :)
 
I went into resources in my driver information..

According to resource settings: there is red circle with / over it..
Resource type Setting
I/O Range 0060-0060
I/O Range 0064-0064
IRQ 01

Conflicting device list:
Input/OUtput range 0060-0060 used by:
Alps Touch Pad

Input/Output range 0064-0064 used by:
Alps Touch Pad

It seems the the conflict is caused by touch pad. How do i resolve this conflict? I could always use my USB mouse and allow keypad to be the default device on this.. CAn you guide me in resolving this conflict? Thanks..
 
BTW, on the resources IRQ 01 is the only one that doesn't have the red O with slash through them..
 
I'm going to try one more thing and, if it doesn't work, I'll have to send you to Windows section.
This forum is basically used for resolving malware issues. Your computer is definitely clean.
I'm sure, you'll find smarter people regarding hardware issues, than myself.

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
 
Hi Broni

I did as you said.. it took around 30 minutes to scan.. There was a progress bar and it says, it is scanning the integrity of windows software... once the progress bar reached the end, the program finished... with no message windows telling me one way the other if my windows is ok or not...

Do i need to restart after it finishes scanning? It doesn't seem it did anything... I have the Windows XP CD with me... it didn't prompt me todo anything with it though...

What do i do now?
 
Yeah, if it didn't ask for a CD, it means, it found your system files being OK.

I suggest, you repost your issue at Windows section.
Unfortunately, I don't have any fresh ideas....
 
I just started a new thread there.. I am crossing my fingers..

Since there seem to be a conflict with mousepad and keypad (according to a driver resources), do you know how to make keypad as the default input device, so I can always use spare usb mouse if mousepad experiences the conflict.
 
do you know how to make keypad as the default input device, so I can always use spare usb mouse if mousepad experiences the conflict.
I'm not sure, that's why I asked you to create new topic :)
 
Hi Broni,

Just want to let you know, I finally fixed my keyboard. It wasn't easy, but now laptop is good as new.

I just took my friends laptop and went to regedit... went to a reg key that handles keyboard... "kbd" and compare his to mine... I had one line missing on the reg. key. I simply exported his registry line to mine, and restart.. my laptop works

Thanks for all your help... you been great...
 
Ha, very nice job!
I'm happy for you :)
...and thank you for posting back with the solution :)
 
Status
Not open for further replies.
Back