InternetExplorerUpdate.exe

View previous topic View next topic Go down

InternetExplorerUpdate.exe

Post by Livingstone Cole on Fri Mar 25, 2011 11:09 am

Good morning all.

I have quite a huge issue with my laptop at the moment, it would be great if one of you kind ladies or gentlemen could give me a bit of advice.

I'm running microsoft XP on my laptop, the browser I usually use is google chrome or firefox.

Whilst on the 'net last night I had a pop up calling itself InternetExplorerUpdate.exe, I suspected that this was a virus - turns out I was right.
I tried searching for a removal tool on Google, but the browser was shutdown by the virus, then the computer restarted. When the computer came around, it has had all of the programmes removed (just My Computer and recycle bin on the screen). Though the memory is still as full as it was, so I'm not sure what's happened there.
I had a free antimalware and virus protection installed, Avast I think it was.

The laptop won't read anything from a memory stick thing, and there isn't any browser software left, so I can't access the internet.
There are now message popping up reading something about a blaster virus.

I'm really not sure what to do, I'm almost computer illiterate so if I do get some advice, can we dumb the language down as far as possible? Pretend I'm a toddler, and then take it down a notch. Smile

Thank you kindly for reading.

Livingstone.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Fri Mar 25, 2011 3:16 pm

OK.

I've just run the m-bam antimalware which cleared up a couple of things, (or at least told me it did), but nothing has changed - it's still the programme-less, background-less baron wasteland that the virus left it in.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Mar 25, 2011 8:24 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Sat Mar 26, 2011 10:27 am

Thanks for the advice, I'll try and give that a bash. I assume that I can save this program to a disc from another PC?
Anyway, if I figure it out, I'll post it on here.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Sat Mar 26, 2011 10:45 am

Nah. I'm gonna need some help with this.

I can't access the internet from my laptop, I have a PC (which I'm using now) but I can't seem to find a way to save the OTL program. If anyone could give me a pointer, I'd appreciate it!

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Sat Mar 26, 2011 9:22 pm

Can you use another machine then and transfer programs via USB if you don't have internet access.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Sun Mar 27, 2011 12:06 pm

Yeah, that's all done. Managed to run the OTL program and everything looked fine for an hour or so.
Now the browser keeps crashing - no matter which one I use; FireFox, Chrome or IE. It runs for a couple of minutes or so then just crashes. I don't get any other info from the computer security.
I'm getting fed up with this technology stuff!

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Mon Mar 28, 2011 3:30 pm

Hello.
Try this before using OTL.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Wed Mar 30, 2011 6:04 pm

Thanks for your help with this, but I don't seem to be getting very far.

I downloaded rKill, and tried to run it whilst the anti-malware was disabled.
However, rKill won't run. I get an error message saying 'access denied' and then a log file.

Any other suggestions?

Thanks.
Livingstone.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Wed Mar 30, 2011 7:06 pm

Okay lets try OTL from the outside, via bootable CD.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Thu Apr 07, 2011 8:18 pm

Hey guys.

It's not good news for my computer.
I tried to boot from a CD, but it didn't seem to work.
I changed the boot order to the CD ROM, but there was no different desktop.

Any program I have that won't start, not even in safe mode. If I click on it, I get the 'Open With..... Choose the program you want to use to open the file:'

Is there anything that can be done?

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Apr 08, 2011 1:30 am

Hello.

Try this.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Fri Apr 08, 2011 4:09 pm

Thanks.

I did as you said, it came up with this in a few seconds;


exeHelper by Raktor
Build 20100414
Run at 17:07:13 on 04/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 17:08:10 on 04/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Apr 08, 2011 8:59 pm

Okay, try running OTL in safe mode now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Apr 08, 2011 8:59 pm

Okay, try running OTL in safe mode now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Apr 08, 2011 8:59 pm

Okay, try running OTL in safe mode now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Tue Apr 12, 2011 6:07 pm

OTL logfile created on: 11/04/2011 19:09:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jessie\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.43 Gb Total Space | 37.45 Gb Free Space | 26.48% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 2.13 Gb Free Space | 27.89% Space Free | Partition Type: NTFS
Drive E: | 94.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VERONIQUE | User Name: Jessie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 19:09:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Downloads\OTL.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 10:45:13 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2011/04/11 19:09:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Downloads\OTL.exe
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (HP Health Check Service)
SRV - File not found [On_Demand | Stopped] -- -- (FontCache3.0.0.0)
SRV - [2011/03/30 14:20:27 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/08 15:57:47 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/04/24 02:11:44 | 000,106,593 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/24 02:11:42 | 000,262,243 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/12/14 03:21:20 | 000,045,056 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/20 21:30:06 | 000,073,728 | -H-- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/06/28 21:37:52 | 000,046,672 | -H-- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | -H-- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | -H-- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:56 | 000,050,256 | -H-- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 21:32:33 | 000,017,744 | -H-- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/12/04 03:42:00 | 007,606,688 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/12 11:08:42 | 000,211,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2007/04/12 03:30:52 | 000,160,768 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/07 05:15:58 | 001,059,112 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 15:42:22 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/17 00:50:32 | 000,012,032 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:03:28 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 17:40:20 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 18:24:58 | 000,008,192 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 17:44:52 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 09:51:03 | 000,006,144 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\beep.sys -- (Beep)
DRV - [2006/06/28 17:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=14982&l=dis"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ccd47bb&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 17:51:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 19:01:22 | 000,000,000 | -H-D | M]

[2009/03/24 02:00:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jessie\AppData\Roaming\mozilla\Extensions
[2009/03/03 13:44:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jessie\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/03/29 12:27:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jessie\AppData\Roaming\mozilla\Firefox\Profiles\q7dp1wwd.default\extensions
[2009/09/03 14:27:23 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessie\AppData\Roaming\mozilla\Firefox\Profiles\q7dp1wwd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/26 18:48:20 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Jessie\AppData\Roaming\mozilla\Firefox\Profiles\q7dp1wwd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/26 17:57:24 | 000,002,555 | -H-- | M] () -- C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\q7dp1wwd.default\searchplugins\askcom.xml
[2010/12/26 17:57:34 | 000,000,903 | -H-- | M] () -- C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\q7dp1wwd.default\searchplugins\conduit.xml
[2011/04/11 07:07:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/23 22:17:01 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/11 07:07:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 18:47:02 | 000,001,538 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 18:47:02 | 000,000,947 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,000,769 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 18:47:02 | 000,001,135 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/08 03:31:08 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0c967844-a526-11dd-b9be-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{0c967844-a526-11dd-b9be-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0e8fcd24-a1f0-11dd-b77a-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{0e8fcd24-a1f0-11dd-b77a-001b246a852b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{22a597ea-9e97-11dd-b935-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{22a597ea-9e97-11dd-b935-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{66c966f8-9dc7-11dd-83e5-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{66c966f8-9dc7-11dd-83e5-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{69febd55-a39c-11dd-b7c9-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{69febd55-a39c-11dd-b7c9-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{73d7256a-603d-11de-94be-001a737dfd5f}\Shell - "" = AutoRun
O33 - MountPoints2\{73d7256a-603d-11de-94be-001a737dfd5f}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{74163ee9-47ab-11de-b436-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{74163ee9-47ab-11de-b436-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74163f02-47ab-11de-b436-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{74163f02-47ab-11de-b436-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74e47ef7-9c2f-11dd-bfce-001a737dfd5f}\Shell - "" = AutoRun
O33 - MountPoints2\{74e47ef7-9c2f-11dd-bfce-001a737dfd5f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c6201b14-a44a-11dd-beec-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{c6201b14-a44a-11dd-beec-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cde9df26-9b69-11dd-88d9-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{cde9df26-9b69-11dd-88d9-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cde9df3e-9b69-11dd-88d9-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{cde9df3e-9b69-11dd-88d9-001b246a852b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e37e0152-a667-11dd-ba63-001a737dfd5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e37e0152-a667-11dd-ba63-001a737dfd5f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f5fe213b-e956-11de-ae39-001b246a852b}\Shell - "" = AutoRun
O33 - MountPoints2\{f5fe213b-e956-11de-ae39-001b246a852b}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 07:07:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/11 07:07:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/11 07:07:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/11 07:07:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/08 17:26:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 17:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/07 21:57:38 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/07 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Estu
[2011/03/30 21:53:47 | 098,078,016 | ---- | C] (Igor Pavlov) -- C:\Users\Jessie\Desktop\OTLPEStd.exe
[2011/03/30 15:26:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/30 14:28:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/03/30 14:28:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/03/30 14:28:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/03/30 14:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/30 14:20:12 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\Apps
[2011/03/30 14:20:06 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\Deployment
[2011/03/30 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\HpUpdate
[2011/03/30 13:30:54 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/03/30 12:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\InstallShield
[2011/03/29 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Yahoo!
[2011/03/29 11:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/03/26 17:02:25 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/26 16:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/26 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\Mar 26 2011
[2011/03/25 10:49:34 | 000,000,000 | ---D | C] -- C:\98ed0ae62a2497907f
[2011/03/25 02:08:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011/03/25 02:08:02 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2011/03/24 22:55:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/03/24 22:55:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/03/24 22:55:09 | 000,000,000 | -H-D | C] -- C:\Users\Jessie\Documents\Anti-Malware
[2011/03/24 19:04:17 | 000,000,000 | -H-D | C] -- C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Jessie\Documents\*.tmp files -> C:\Users\Jessie\Documents\*.tmp -> ]

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Tue Apr 12, 2011 6:11 pm

That's the OTL log from a safe mode scan.

Browsers are still crashing, whichever one I use crashes after 3-4 minutes.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Thu Apr 21, 2011 3:59 pm

I've been using the laptop in safe mode with networking.

Internet Explorer will work if the add ons are disabled, but it will crash whenever I click any kind of 'submit' button (such as logging in to forums, searching etc).

When I've tried to use the laptop not in safe mode, the browsers won't start up. The timer comes up for a second or two then dissapears and nothin else happens.

Do you have any suggestions?

Cheers.

Livingstone.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Thu Apr 21, 2011 8:07 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Fri Apr 22, 2011 9:36 am

ComboFix 11-04-21.02 - Jessie 21/04/2011 22:48:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1982.1338 [GMT 1:00]
Running from: c:\users\Jessie\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
c:\users\Jessie\Desktop\Windows Recovery.lnk
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combo-fix8070c\HarddiskVolumeShadowCopy2_!Windows!System32!userinit.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-21 22:19 . 2011-04-21 22:19 -------- d-----w- c:\users\Gary\AppData\Local\temp
2011-04-21 22:19 . 2011-04-21 22:46 -------- d-----w- c:\users\Jessie\AppData\Local\temp
2011-04-21 22:19 . 2011-04-21 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 20:59 . 2011-04-21 20:59 -------- d-----w- C:\Combo-Fix
2011-04-21 17:21 . 2011-04-21 17:21 -------- d-----w- c:\users\Jessie\AppData\Roaming\Sammsoft
2011-04-21 17:21 . 2011-04-21 17:21 -------- d-----w- c:\program files\ARO 2011
2011-04-21 16:01 . 2011-04-21 16:01 -------- d-----w- c:\users\Jessie\AppData\Roaming\SUPERAntiSpyware.com
2011-04-18 01:22 . 2011-04-18 01:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-18 01:22 . 2011-04-21 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-11 06:07 . 2011-02-02 20:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-11 06:07 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-08 16:26 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 19:36 . 2011-04-07 19:36 -------- d-----w- c:\users\Jessie\AppData\Roaming\Estu
2011-03-30 14:26 . 2011-03-30 14:26 -------- d-----w- c:\windows\system32\EventProviders
2011-03-30 13:28 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-30 13:28 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-30 13:28 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-30 13:28 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-30 13:28 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-30 13:20 . 2011-03-30 13:20 -------- d-----w- c:\users\Jessie\AppData\Local\Apps
2011-03-30 13:20 . 2011-03-30 13:20 -------- d-----w- c:\users\Jessie\AppData\Local\Deployment
2011-03-30 12:30 . 2011-04-08 17:34 -------- d-----w- c:\users\Jessie\AppData\Roaming\HpUpdate
2011-03-30 12:30 . 2011-03-30 12:30 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-30 11:37 . 2011-03-30 11:37 -------- d-----w- c:\users\Jessie\AppData\Roaming\InstallShield
2011-03-29 10:55 . 2011-03-29 10:55 -------- d-----w- c:\users\Jessie\AppData\Roaming\Yahoo!
2011-03-29 10:55 . 2011-03-30 08:17 -------- d-----w- c:\program files\Yahoo!
2011-03-26 16:02 . 2011-03-26 16:02 -------- d-----w- C:\$AVG
2011-03-26 15:45 . 2011-03-30 11:10 -------- d-----w- c:\programdata\MFAData
2011-03-26 10:35 . 2011-04-08 06:09 726536 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-25 14:00 . 2011-04-08 16:26 -------- d-----w- c:\users\Malwarebytes' Anti-Malware
2011-03-25 09:49 . 2011-04-12 18:08 -------- d-----w- C:\98ed0ae62a2497907f
2011-03-25 01:08 . 2006-11-02 08:51 6144 ---ha-w- c:\windows\system32\beep.sys
2011-03-25 01:08 . 2011-03-25 01:08 -------- d--h--w- c:\windows\Sun
2011-03-24 21:55 . 2011-04-19 12:26 -------- d--h--w- c:\program files\Emsisoft Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2011-04-16 11:27 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D50889-224A-45E2-A3A2-7FC12ECF8B48}\mpengine.dll
2011-02-02 17:11 . 2009-10-02 18:51 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ---ha-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 12:18 451808 ---ha-w- c:\program files\RadioBar\toolbar.ni.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
wgnjxhup.exe [2011-4-12 173419]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\oavwkhoy\wgnjxhup.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 iysydq;iysydq;c:\windows\System32\drivers\tlak.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-03-30 2860800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523678812-3291855049-766059140-1000Core.job
- c:\users\Jessie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 13:21]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523678812-3291855049-766059140-1000UA.job
- c:\users\Jessie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 13:21]
.
2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{050F2B3B-1251-4C15-AED6-240A29C73364}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{BFA460A0-0F82-4885-8D69-AD115A154A38}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
FF - ProfilePath - c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\q7dp1wwd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64889
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-21 23:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wgnjxhup.exe 173419 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wermgr.exe
c:\windows\system32\werfault.exe
.
**************************************************************************
.
Completion time: 2011-04-22 00:45:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-21 23:45
.
Pre-Run: 15,587,766,272 bytes free
Post-Run: 18,014,175,232 bytes free
.
- - End Of File - - B66FD84BDB2F8781DA6F10957CA62B5F

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Fri Apr 22, 2011 8:10 pm

Attention: Your computer is severely infected with Win32\Rammnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a [You must be registered and logged in to see this link.], which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a [You must be registered and logged in to see this link.], which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a [You must be registered and logged in to see this link.], which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:




Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the [You must be registered and logged in to see this link.] security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:


Guides for format and reinstall:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Fri Apr 22, 2011 9:14 pm


This is concerning.
I do not have the resources to reinstall. I think I may have used a bank card with this computer once or twice, but not since I got this infection.

I do have access to a clean computer.

Any help in cleaning would be great, I won't use it for card transactions in future.

Thanks.

Livingstone.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Sat Apr 23, 2011 7:56 pm

Sorry, but removing Rammnit isn't possible, it's a file infector.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Sun Apr 24, 2011 8:29 pm

OK Belahzur.

I'll try and do this reformat thing.

Thanks very much for your help.

I'll follow your donation link, not on the infected computer though!

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Livingstone Cole on Sun Apr 24, 2011 8:51 pm

If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again


Could you please tell me what this means/how to do this?


I'm assuming that the router is the wireless connection point?

Other computers in the household have/are being used for transactions.

Livingstone Cole
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-03-25
OS OS : XP
Points Points : 21043
# Likes # Likes : 0

View user profile

Back to top Go down

Re: InternetExplorerUpdate.exe

Post by Belahzur on Mon Apr 25, 2011 6:50 pm

Routers generally are WAP, it means just change the router password from it's default password (usually admin) to something stronger.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum