Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser acting strangely - please advise

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 6th, 2010, 4:26 pm

The problem with internet explorer is still continuing with the secunia site when I try to download adobe reader x.

it allowed me to update flash player ok though.

I did a full system scan and it says that my version of internet explorer 8 is insecure and missing lost of updates, but when I went to windows update site to update IE8 it said that no updates were available?

The new hijack this log is here

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:23:00, on 06/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101202204443.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11555 bytes
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am
Advertisement
Register to Remove

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 6th, 2010, 4:29 pm

I just tried to download adobe reader x directly from the adobe site and got the same error message and it would not download, and the active x message did not appear
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 6th, 2010, 4:30 pm

This was the error message

Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 7th, 2010, 4:09 am

Did your friend change any settings or play around with them prior to you helping?

One of the reasons I ask is in the initial RSIT log there was about 2 pages of files with the date showing as 2019.

Did you inquire of this?

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

Lets try running Internet Explorer without add-ons to see and see if that correct the problem.

Click the Start button, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).
If disabling all add-ons works, you might want to use the Add-on Manager to disable all add-ons turning them on as you need them. That will help us figure out which one is causing the problem.
Let me know how it goes and if you still get the error.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 7th, 2010, 6:10 am

Hi

I'm currently at work so don't have access to the infected pc at the moment, but in relation to your question regarding settings, the pc has been at my house since we posted everything, and I have not downloaded anything except windows updates and what you have asked me to, or what secunia has suggested.

The initial RSIT log was "run by dave at 2010-11-27 15:27:36" and although there are some dates listed as 2019 I have no explaination for this.

I also note that the combofix logs have some 2019 dates.

I'll run internet explorer without add ons later this evening (in about 9 hours or so)

The secunia full scan took about 12 minutes and indicated that internet explorer was insecure - do you want me to post a scan result?

Is is worth me downloading a new version of internet explorer 8 from a safe site?

Thank you for your help.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 7th, 2010, 4:34 pm

When i run internet explorer without any addons I can't download anything as the active x pop up does not appear - the pop up bar says that internet explorer is currently running with add ons disabled. click here to manage, disable or remove your add ons.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 8th, 2010, 7:43 am

You can enable active x
1. Open Internet Explorer.
2. Click on Tools then Internet Options.
3. Choose Security Tab.
4. Click on Custom Level.
5. Check the radio button against Enable, under ActiveX controls and Plug-ins.
6. Click OK.
7. In warning window asking Are you sure you want to change the security settings at this zone?, Click Yes.
8. Click Apply and then Click OK.

Did you go to This actual Microsoft update site?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 8th, 2010, 1:20 pm

This is making no sense

i have followed your instructions but still cant download adobe reader x from internet explorer.

I have reopened a full add on enabled internet explorer window and tried again but this does not work

I now have a message in the internet explorer information bar saying that it is curently running with add ons disabled, but when i click on it to manage the addons they all state that they are enabled anyway.

I have tried setting internet explorer back to its default levels but this has not resolved the problem.

I originally installed internet explorer 8 from a download on my flash drive, because it would not install from the proper microsoft update site although it was included in the dowwnload list.

I have since downloaded adobe reader x through firefox with no trouble.

Shall I uninstall internet explorer 8 and then try to reinstall it again from the windows update site.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 9th, 2010, 6:47 am

Shall I uninstall internet explorer 8 and then try to reinstall it again from the windows update site.


It is worth a shot at this stage as I do not think the problem left is malware related.

You can also try and uninstall Combofix as per the instructions I gave you earlier. If it does not work we will do it manually.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 9th, 2010, 8:19 am

I have uninstalled and reinstalled internet explorer 8 and it seems to be running ok.

I have also uninstalled combofix with no problems.

I went to system restore to create a restore point so that my friend could have a safe reference point and windows told me it was switched off - could this be malware related?

I am also running a final MBAM scan (updated definitions) to see if that shows any problems - although I'm hoping that this one does not take 13 hours. Why should a complete scan take that long - it only takes about 90 minutes on my comparable laptop?

I'll post back when the scan has finished - if there are any issues I'll post a logfile.

Thank you for your continued support.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 9th, 2010, 4:45 pm

I went to system restore to create a restore point so that my friend could have a safe reference point and windows told me it was switched off - could this be malware related?

Were you able to turn it on and successfully create a new restore point?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 10th, 2010, 3:27 am

Yes - but I'm not sure why this was turned off - is this likely to have been malware related?

The MBAM scan came up empty - here is the log - it still took over 12 hours to complete?

Does this mean that the pc is now free from malware?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5278

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2010 05:47:46
mbam-log-2010-12-10 (05-47-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 369942
Time elapsed: 12 hour(s), 38 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 10th, 2010, 9:05 am

Yes - but I'm not sure why this was turned off - is this likely to have been malware related?


Not necessarily, there is a lot bandied about in forums regarding Malware, and quite often people are advised that the first thing they should do is turn of system restore if infected. This advice is wrong as turning off system restore will not clean a computer, and it is better to have an infected one than none at all.

ESET found things in System Restore, so I am not sure what happened there. Just to make sure all infection is cleaned and cleared I would like you to do the following as a double check for me. This includes making one more restore point.

Please create a new Restore Point
To to this
  • Click Start -> All Programs -> Accessories -> System Tools -> System Restore
  • Choose the Create a restore point option then click on next
  • You can name your restore point something like All clean then select create
  • Once the Restore Point has been created you can hit close

Since we have created a New and Clean Restore Point, I would like you to remove all the Old Restore Points as some of these are infected and if used would re-infect your computer.

To do this
  • Click Start then click on My Computer Right Click Local Disk c:then select Properties
  • Click on Disk Cleanup a box shall open scanning you files. This could take a few minutes.
  • Once the scan is complete another window will appear. Select the More Options Tab
  • Under System Restore select clean up this will remove all System Restore points except for the most recent one. The one we created earlier.


Does this mean that the pc is now free from malware?

The logs are certainly looking good, but you must bear in mind system changes could have been made by the infections that we will not find.

How is the computer running now, any problems or error messages?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 10th, 2010, 9:59 am

I made a clean restore point yesterday when I turned on system restore, and another this morning after the MBAM scan was clear.

These are the only 2 restore points listed, so there is nothing to delete

Shall I run a new eset scan to confirm this as this originally it showed some infection in the restore points previously (which are now not displayed?).

The pc appears to be running ok - although 12 and a half hors for a MBAM scan is ridiculously long.

My friend is eager to get his pc back, but I am just as eager to ensure that it is clean!!
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 10th, 2010, 5:11 pm

I have just completed an eset scan with internet explorer and am still having the same problems as before - after I accept the agreement the next window opens and stays blank.

I run it again from firefox and it found no threats, so I assume that my issue is with internet explorer rather than malware, although I would be happier solving the internet explorer issue as I'm concerned that its subject to vulnerabilities and further attack in the future.

Thank you again for all of your help.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware