Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Home Page hijacked by About:Blank

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Elrond » August 12th, 2005, 5:43 pm

I am just closing down my computer. Will be back with you on Sunday or Monday. It could be that I need to ask some questions to my colleagues.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Unread postby Elrond » August 14th, 2005, 10:59 am

Hi steve:
Your friend is missing one important program on that computer.
You need to install an antivirus program as soon as you can and run a complete scan of the computer. Let us see if that will clear up the problem.
I personally prefer one of these
Nod32 : http://www.nod32.com/home/home.htm
or
AVG Anti-Virus (Free version available) http://www.grisoft.com/

Both of them have relatively small demands on the computer.


  • Install the one you choose and then run a full scan. Let it delete anything it finds. Let me know if there is anything that it reports but can not delete.

  • Download Pocket Killbox http://www.bleepingcomputer.com/files/killbox.php and unzip it; save it to your Desktop.

    Run it, and click the radio button that says Delete a file on reboot. For each of the following files
    C:\WINDOWS\iau.exe
    C:\WINDOWS\[b]stisvsq.exe

    C:\WINDOWS\svshost.exe
    C:\WINDOWS\msqdevl.exe
    C:\WINDOWS\lssas.exe
    C:\WINDOWS\mservice.exe
    paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time. Do not reboot the computer.
  • Open HijackThis and click "Do a System Scan Only" or "Scan". Put a check mark by the items that are listed below.

    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    Close all open windows except HijackThis and then click the "Fix checked" button.
  • Reboot the computer
  • Run a new HijackThis scan and post the log.



Let us see if this will cleanup the computer and restore the internet connection.


E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

HJT log

Unread postby steved99 » August 16th, 2005, 4:56 pm

Hi Elrond,
All viruses found were auto cleared by AVG. Did killbox - no messages. Deleted the line you stated and got another HJT log (see below). Unfortunately, still got same error message when try to connect to internet (address bar auto changes to http://auto.search.msn.com/response.ASP?MT=<<website name requested>>&srcg=5&prov=&utf8)

E-mails still coming through OK.

Logfile of HijackThis v1.99.1
Scan saved at 9:27:55 PM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\POINTSOFT\LANCEUR.EXE
C:\MY DOCUMENTS\PROGRAMS\ALARM.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\STEVE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Lanceur Pointsoft.lnk = C:\pointsoft\lanceur.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\My Documents\programs\alarm.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/


Any ideas graatly appreciated.

Thanks
Steve
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby Elrond » August 16th, 2005, 5:46 pm

Hi steve.

I hope that took care of that infection.
there is an odd item in the log. The computer is set to start Internet Explorer every time the computer is started. If You or somebody who helped setting up the computer put it there please fix it by


Open HijackThis and click "Do a System Scan Only" or "Scan". Put a check mark by the items that are listed below.
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

These are optional:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler is installed along with RealOne Player and is running in startup, and is not needed. Once installed, it runs independently of RealOne Player and consumes resources. You can fix this with HJT, but you will also need to set it not to load in RealPlayer itself to keep it from resetting itself:
  1. Start RealOne Player
  2. Click on "Tools"
  3. Click "Preferences"
  4. Select "Automatic services" in the "Categories" pane
  5. Uncheck all options and then OK.

At the moment the startpage is set for Google. Is that on purpose? Threre are better ways to have google avaiable at any moment. If this was not done on purpose then please place a check mark next to
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

Close all open windows except HijackThis and then click the "Fix checked" button.


If you want to have Google avaiable easily you can download the Google bar which also is a first class popup blocker from http://toolbar.google.com/


The message that you get should take you to MSN. Not my favorite start page but not malicious and should not give an error.


Try the following:

I am not sure exactly how to do it in Windows ME as have no computer running that operating system but try to go to the control panel and find Internet Options or something similar. You should be able to find a way of resetting the the home page. Try setting it as blank or as default. If it works we can alwyas reset it later.


Run a HijackThis Scan and post the log. Also let me know what is happening. The way you posted the message was very helpful.


Good luck.

E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby NonSuch » August 31st, 2005, 8:59 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby ChrisRLG » September 22nd, 2005, 9:13 am

re oppened on required.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby steved99 » September 22nd, 2005, 10:40 am

Hi Elrond,
Sorry it's been such a long time since I was last in touch. A combination of holidays of the computer owner and myself + a separate computer malfunction (now resolved) and general busyness are my excuses. Please can you take a look at the latest Hijackthis log and let me know if any further action is required.

Logfile of HijackThis v1.99.1
Scan saved at 7:14:17 AM, on 9/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\STEVE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/


Thanks for your help.
Steve
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby Elrond » September 22nd, 2005, 2:16 pm

The log on that computer now looks clean.

Do you have any problems with the computer? Please let me know with details if that is the case.

I still do not see an antivirus program and or a firewall on that computer. It is extremely important that you have those programs on the computer or you will get reinfected.

Now I want you to clean up some loose ends and take some precautions to avoid being re-infected

  1. If you reconfigured Windows to show hidden files you should reset this to its original state using the instructions from here except that
    1. Under the "Hidden files and folders" heading put a mark for "Do not show hidden files and folders".
    2. Uncheck "Display content of system folders"
    3. Check the "Hide protected operating system files (recommended)" option.
  2. Clean out Temporary Files etc. Download System Security Suite from http://www.igorshpak.net/software/3ssetup104.zip. Extract it from the zip file into a folder and double click on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. Reboot when prompted. It is a good idea to do this every few weeks as a lot of junk collects there over time.

  3. . Disable and Enable System Restore.
    You are using Windows MEand you should disable and re-enable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and re-enable system restore here:

  4. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
    Also see the following:


Many exploits are directed at Internet Explorer, you don't have to use it.
Try a different browser like Firefox .
It is also worth trying Thunderbird for controlling spam in your e-mail.


[*]Always use a anti-virus program and KEEP IT UPDATED
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
This alone can save you a lot of trouble with malware in the future.


[*] Always use a firewall.
I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen to often with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

Be restrictive with granting access to the internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.


[*]Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.


[*] [b]MOST IMPORTANT : You Need to keep “Windowsâ€
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby steved99 » September 22nd, 2005, 3:40 pm

Hi Elrond,
Many thanks. I've completed the first 4 steps. I did download AVG antivirus for my neighbour (its his computer, not mine) which I thought was free. However, I noticed this morning that the license had expired so I uninstalled it. Isn't AVG free or just for 30 days? I'll get another anti-virus program installed from those you suggested.

My intention when everything was fixed was to download Zonealarm, Spywareguard and AdAware (which I use on my PC).

However, we still have the problem that despite being able to download e-mails into Outlook Express, we can't display any internet pages. A windows style message box appears with the mesage "Internet Explorer could not open the search page". There is only an "OK" button which when pressed IE displays the "Page could not be displayed" screen.

Are you able to help me overcome this problem or is that outside the scope of malware? If so, any idea who can help me please?

I think the help you have supplied to date is fantastic. I really appreciate it.

Look forward to hearing from you.
Steve
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby steved99 » September 23rd, 2005, 12:17 am

Hi Elrond,
Someone mentioned the problem may be caused by a winsock error. I don't know anything about this but found this website:-

http://www.compu-docs.com/winsock9x.htm

Do you think this is worth a try?

Thanks
Steve
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby Elrond » September 23rd, 2005, 11:54 am

I am not sure but I always thought that a winsock error would make it impossible to recive E-mail as well as you lost all your connections to the internet. Have you tried Firefox to see if it is a IExplorer problem. It could be a wrong setting in IE left by the infection that is the cause. See if you can find a way of setting the IE web settings. In the controll panel of XP it is under Internet Options > Programs > WebSettings. Trouble is that I do not have ME box avaiable to to test with so I can not give you better instructions. If you can not find how to do it I will ask around and see if I can find somebody who knows ME.

E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby steved99 » September 23rd, 2005, 6:09 pm

Many thanks Elrond,
I tried resetting IE to default settings to no avail. In the end I downloaded Firefox and (rather stupidly) selected the option to import settings from IE. Needless to say Firefox didn't work either (message "The proxy server you have configured could not be found. Please check your proxy settings and try again" with only an "OK" button.)

I uninstalled Firefox and reinstalled (this time NOT importing IE settings) and HOORAY! -we have an internet connection.

I'm curious what is wrong with the proxy server settings and what they should be. Do you know?

If not, millions of thanks for all your help over the last few weeks and we can call this resolved.

What a fantastic service you provide. You have my greatest admiration for your skill and knowledge - but also for sharing it with others.

Thanks again.

Steve :P
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby Elrond » September 24th, 2005, 7:40 pm

I wondeer if you should need a proxy server at all. That could be the problem that it is set for a proxy server that does not exist. Try setting it for no proxy server.

E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby steved99 » September 25th, 2005, 4:33 pm

Thanks
How do I check and change the proxy server settings?

Also, I have run AVG free antivirus and 2 files were infected with a virus. It was a trojan horse named Downloader.Generic.SN but the message "Selected object is located inside the archive and cannot be healed. The infected files were :-

c:\eiied_s7_cab\eiied_s7_c_2.exe (I think eiied but could be just eied)
c:\eiied_s7_cab

I have been unable to find anything about this trojan horse in eith AVG's virus encycyclopedia or on the Symantec website.

Hopefully this will be the last problem to resolve. The PC now works OK but I am concerned that the presence of these trojan horses will cause a swift re-infection. Can you help me to remove them please?

Thanks again.

Steve
steved99
Regular Member
 
Posts: 21
Joined: August 2nd, 2005, 4:28 pm

Unread postby Nellie2 » October 10th, 2005, 5:14 pm

Hello Steve99

I'm sorry that you haven't had an answer but Elrond has some 'real life' stuff come up, I'll carry on with you until either he gets back or we get you sorted out, if that is ok? :oops:

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Post Panda scan results in your next reply
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 310 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware