Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE AntiVirus and Others - Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE AntiVirus and Others - Please Help!

Unread postby LOL =) » July 30th, 2008, 4:37 am

Below is my log. I'm seriously frustrated and am ready to give up. =( My computer is running really slow, and it's even become a big task just to load Mozzila FireFox (what I'm using now). My computer keeps freezing and shutting down on me.

Note: Just in case this could help a bit, this is one of the screenshots I happened to save of what I believe is the virus. Please click here. I have also been experiencing these symtoms: computer has been running very slow, my IE will NOT load anything, and when it does, it's a prompt to download IE AntiVirus software, and my computer has been freezing and running into errors left and right. Thanks in advance for your help. :)


Logfile of HijackThis v1.99.1
Scan saved at 11:50:51 PM, on 7/30/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSSWCHX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\SYSTEM\IE_FIL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKCU\..\Run: [Doctor Spyware Cleaner Monitor] "C:\PROGRAM FILES\DOCTOR SPYWARE CLEANER\REAL TIME MONITOR.EXE" /start /minimize
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE


EDIT: I don't know if this will help any, but it's worth a shot. Before I finally found out IE AntiVirus was actually a virus, on the website I had emailed the, "so-called support" team, and actually received an email back! I'm hoping that this will possibly help in removing that site. If not, oh well, =/ The message is below. (please note i did not click on the link they gave)

Re: Payment inquiry - Question From IE AntiVirus
From: ieantivir support <ieantivirus@gmail.com>
To:
XXXXXXXXX (Edited by NonSuch to remove e-mail address)
Date: Wed, 30 Jul 2008 5:20 pm
Hello,
Please download this file:
hxxp://ieantivirus.com/bhocleaner.exe
Close ALL windows and run the file!
That could help. And please, keep your antivirus updated! Good luck!


2008/7/30
Edited by NonSuch to remove e-mail address. NOTE! Never post your e-mail address in public. It will be picked up by spambots!

Miss.Amber
I am in a bind. My computer has recently been running slow and acting weird, especially when I try to use my IE. It then prompted me to download IE Antivirus, which I did. It detected 6 high risk viruses on my computer, one of which is a password stealer. I am quite upset at the fact I cannot remove these viruses due to the fact I haven\'t got the money. I mean, even my Norton Antivirus can\'t detect these!

Is there anything else I can do to remove them? Thank you in advance.

-------------------END-------------------
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind
Advertisement
Register to Remove

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 5th, 2008, 12:16 am

Welcome LOL =)

I will be helping you under the guidance of one of our expert coaches.
Please give me a little time to get back to you with instructions.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • Continue to respond to this thread until I give you the All Clean!
Thanks
John

Create an Uninstall List
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button
  • Click on the Save list... button and specify where you would like to save this file
  • When you press the Save button a notepad will open with the contents of that file
  • Copy and paste the contents of that notepad here in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby LOL =) » August 5th, 2008, 4:34 am

Thank you. =) Here is what you asked for:

Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0 Tryout
America Online
AOL Instant Messenger
AT&T WorldNet Setup
FoneSync
Gateway Ink Monitor
GTK+ 2.6.10-20050823 runtime environment
HijackThis 1.99.1
Hijackthis 1.99.1
HP Deskjet 3900 series
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Lucent Technologies Soft Modem AMR
Microsoft Encarta Encyclopedia Standard 2001
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Money 2001
Microsoft Outlook Express 5
Microsoft Picture It! Publishing 2001
Microsoft Streets and Trips 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.16)
Mystery Case Files - Prime Suspects (remove only)
Norton AntiVirus 2001
RealPlayer Basic
Shockwave
The GIMP 2.0.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 6th, 2008, 7:13 am

Hi LOL =)

Effective July 11, 2006, Windows 98, Windows 98 Second Edition, and Windows Me were transitioned to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support documents, however, will continue to be available through the Microsoft
Support Product Solution Center Web site.

http://www.microsoft.com/windows/support/endofsupport.mspx

The log you provided is not complete & you are using an old version of HijackThis. Having an outdated version may not give a reliable log.
Update HijackThis
Download HiJackThis v2.0.2 from Here
NOTE: Uninstall the older version of HijackThis first.
  • Save HJTInstall.exe to your desktop
  • Double click on the HJTInstall.exe icon on your desktop
  • By default it will install to C:\Program Files\Trend Micro\HijackThis
  • Click on Install
  • It will create a HiJackThis icon on the desktop
  • Once installed, it will launch HiJackThis
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log
  • Come back here to this thread and paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Now to Norton Antivirus 2001. Please tell me you have an active subscription for this & the virus defintions are up to date. If your subscription has expired it will need to be uninstalled. If this is the case I'll give you some suggestions for some free alternatives.

Please post a new complete log with the updated HijackThis & let me know about your anti-virus.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby LOL =) » August 6th, 2008, 4:17 pm

Here is an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:20 PM, on 8/6/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\SYSTEM\IE_FIL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKCU\..\Run: [Doctor Spyware Cleaner Monitor] "C:\PROGRAM FILES\DOCTOR SPYWARE CLEANER\REAL TIME MONITOR.EXE" /start /minimize
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (User 'Default user')
O4 - .DEFAULT Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Profiles\ALGirardi\Start Menu\Programs\IMVU\Run IMVU.lnk

--
End of file - 6240 bytes


As for Norton AntiVirus 2001, the subcription for that ran out... gosh, a very long time ago. Which is why I had gotten SpyHunter, paid and all, but then my brother deleted it for whatever reason, so all I had was the norton which didn't do much of anything. =/
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 7th, 2008, 10:35 am

Hello LOL =)

You need to get rid of Norton AntiVirus2001, but first I'd like you download & register Avast 4 Home Editon. This Anti-virus is free & compatible with Windows ME, however it has to be registered. You can download Avast 4 Home Editionfrom Here & register it Here. Don't install it just yet, just make sure you have it registered. We need to remove Norton first.
You will also need a firewall as Windows ME does not have a built in firewall. We'll sort that out once your machine is clean.

Now to uninstall Norton.
Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Norton AntiVirus 2001
IE AntiVirus 3.3


If some programs listed are not present, please do not panic

Once Norton is uninstalled reboot your computer & install Avast 4 Home Edition.

Spybot Search & Destroy
Download and Install Spybot Search & Destroy from here.
DO NOT install SpyBot Search & Destroy's TeaTimer. It could cause problems while we are cleaning. You can install later if you wish & when your computer is clean.
  • Accept the Default Settings.
  • In the Menu Bar at the top of the Spybot window you will see Mode.
  • Make certain that 'Default Mode has a check mark beside it.
  • Close ALL windows except Spybot S&D
  • Click Search for Updates then download and install all updates
  • Next click the button Check for Problems
  • When Spybot Search & Destroy is complete, it will show RED entries, BLACK entries and GREEN entries in the window
  • Make sure there is a check mark beside all of the RED entries ONLY.
  • Choose Fix Selected Problems & allow Spybot Search & Destroy to fix the RED entries

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on do a system scan only
  • Place a checkmark next to these lines(if still present):

O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\SYSTEM\IE_FIL.DLL
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.

View Hidden Files & Folders Windows ME
To view Hidden Files & Folders do the following:
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Apply to confirm
Click OK

Delete Files & Folders
Using Windows Explorer by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

C:\WINDOWS\SYSTEM\IE_FIL.DLL
C:\WINDOWS\web\related.htm

Again using Windows Explorer navigate to and find the following folder: if found, delete the following (some may not be present after previous steps):

C:\Program Files\IEAntiVirus

ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Reboot your computer.

Let me know how everything goes & post a new HJT log for review.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby LOL =) » August 7th, 2008, 5:12 pm

Note: The following programs were not present - IE AntiVirus 3.3
Just thought I'd let you know.

I downloaded Avast 4 Home Edition and I saved my registry key to notepad so I can enter it later.

I removed the following: LiveReg (Symantec Corporation), Live Update 1.6 (Symantec Corporation, and Norton AntiVirus 2001. This was done with a few exceptions.

When I was uninstalling Norton AntiVirus 2001, a warning box popped up saying the following:

Remove Shared File?

The system indicates that the following shared file is no longer used by any programs. If any programs are still using this file and it is removed, those programs may not function. Are you sure you want to remove this shared file?

Leaving this file will not harm your system. If you are not sure what to do, it is suggested that you choose to not remove this shared component.
-----------
These are the following files it indicated:

File name: sevinst.exe
Located in: C:\Program Files\Common Files\Symantec Shared\

File name: iralsclt.dll
Located in: C:\Program Files\Common Files\Symantec Shared\

File name: s32rasu.dll
Located in: C:\Program Files\Common Files\Symantec Shared\

File name: NMain.exe
Located in: C:\Program Files\Common Files\Symantec Shared\
-------


I was unsure wether I should remove them or keep them. So I figured I'd run it by you first, just to make sure. Plus, it said if unsure, just to keep them, so I did. I haven't done anything else so far besides reboot, since they are a part of the Norton AntiVirus 2001. Once I receive a reply, I'll finish the rest.
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 8th, 2008, 1:53 am

Hello LOL =)

Those files are Ok to delete they are all part of Norton 2001. Just delete the Symantec Shared folder, then make sure you install Avast before you did anything else. At the moment it sounds like you have no anti-virus protecting your computer, so you need to get Avast installed as soon as you can.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 12th, 2008, 3:26 am

Hello

FOUR DAY BUMP!

It has been four days since my last post.
  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?
If after 48hrs you have not replied to this thread then it will have to be closed!

Please let me know if there are any problems. Thanks!

John
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby LOL =) » August 13th, 2008, 12:55 am

Hello,

Sorry for such a long delay. I have been very busy with some important things. =/ But, anyway. I actually have been having some problems. I deleted the Symantec folder(s) as instructed, and downloaded & installed Avast! and Spybot Search & Destroy (which they both took an very long time to download and install). Avast is working fine, I haven't used it yet but it is registered, but when I tried to use Spybot, it froze on me right after I installed the updates. I tried a few more times, but still froze. I am going to try again later. As I am having issues with my computer screen. My computer already has issues of its own, but my screen is now obscenely huge, and I can't get it back. So, yups. I should reply back in no later then 24 hours.

EDIT [8.13.08]: I tried using SpyBot again, but I still got the same result. I'm not sure what is wrong with it. =(
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind

Re: IE AntiVirus and Others - Please Help!

Unread postby LOL =) » August 15th, 2008, 7:51 am

I tried again today. I tried with the internet on and off, and nothing seems to work. I click it and it loads, then when the bar is full, it just stops and it doesn't respond at all. Would it be okay if I tried uninstalling and installing again?
LOL =)
Regular Member
 
Posts: 34
Joined: July 30th, 2008, 4:23 am
Location: on your mind

Re: IE AntiVirus and Others - Please Help!

Unread postby jmw3 » August 16th, 2008, 3:31 am

Hi LOL =)

Just skip Spybot for now. We'll come back to it if we need to. Have you done everything else from my last post? If not here it is again with some slight changes:

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on do a system scan only
  • Place a checkmark next to these lines(if still present):

O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\SYSTEM\IE_FIL.DLL
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.

View Hidden Files & Folders Windows ME
To view Hidden Files & Folders do the following:
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Apply to confirm
Click OK

Delete Files & Folders
Using Windows Explorer by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

C:\WINDOWS\SYSTEM\IE_FIL.DLL

Again using Windows Explorer navigate to and find the following folder: if found, delete the following (some may not be present after previous steps):

C:\Program Files\IEAntiVirus

ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Run a full scan with Avast & have it remove anything it finds. If it produces a log post the contents in your next reply.

Reboot your computer.

Deckard's System Scanner (DSS)
Download Deckard's System Scanner here & save to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your next reply.

To post in next reply:
Avast log
DSS logs
New HJT log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE AntiVirus and Others - Please Help!

Unread postby NonSuch » August 21st, 2008, 5:01 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware