Go Back   The Scream! > COMPUTER RELATED > Spyware Removal

Reply
 
Thread Tools Display Modes
  #31  
Old 23-May-2011, 13:40
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

What Firewall do you use ?

Is this PC on a Network or solo ?

Can you download this file called RSIT and run it directly from the .Exe. It runs a scan of HJT, plus gives some other info.

http://images.malwareremoval.com/random/RSIT.exe

It will scan the PC and make 2 .txt files, log.txt and info.txt, which will be in a folder in C:\ called Rsit

Upload both in your next reply as an attachment.


EDIT:

PS. What sort of web pages are opening up and are there any download windows like you had the first time it happened back in 2010 ?
__________________
JR51.

Last edited by JohnnyReb51; 24-May-2011 at 11:25. Reason: added info.
Reply With Quote
  #32  
Old 24-May-2011, 11:51
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Firewall is the normal one for XP.
Pc is on a router directly connected via the ethernet cable.I don't think that counts as network does it ?
I have d/loaded RSIT and attach the reports.

The pages that are opening are random but "adultfinder and screensavers " are the most.
There were some download windows opening up but not as many times as the IE opens up.
Reply With Quote
  #33  
Old 24-May-2011, 11:51
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Firewall is the normal one for XP.
Pc is on a router directly connected via the ethernet cable.I don't think that counts as network does it ?
I have d/loaded RSIT and attach the reports.

The pages that are opening are random but "adultfinder and screensavers " are the most.
There were some download windows opening up but not as many times as the IE opens up.
Attached Files
File Type: txt info.txt (29.1 KB, 607 views)
File Type: txt log.txt (24.7 KB, 431 views)
Reply With Quote
  #34  
Old 24-May-2011, 14:34
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

XP's firewall is pretty much useless, it stops incoming but not outgoing.

You may be more protected using another Firewall in its place like Agnitum Outpost Firewall. I use the 2009 version, which is free and basic, the newer free one is more of an all in Security/Firewall Suite.

Here is the link to the newer one....

http://free.agnitum.com/

From what I can remember, during the setup, it asks to automate the actions of the firewall, I chose to Manually choose what is allowed in and out. Its PITA at first but after a week or so, it will only ask now and again when somethig new is installed and needs a connection to the Internet, which isnt too bad.

This way you know exactly what is coming in and going out of your PC, if you dont know what it is or sounds/looks dodgy, block it.

Anything that is blocked can be undone in Settings > Application Rules if needed.

You can Allow, Block or set it to Ask/Prompt, whatever it is asking for permission.

If you decide to use Outpost, make sure Iexplore.exe is blocked, lol.

I see nothing in those Rsit logs, maybe we can try some other approach....

Go to Start > All Programs > Accessories > System tools and tick the entry for Internet Explorer No Addons. Some Addons cause problems with web pages randomly opening.

Go to Start > Control Panel > Internet Options and click on the Advanced tab, at the bottom should be a button for Restore Defaults, click on that and OK out. You may have to tell Firefox its the Default browser again.

What I meant about a Network is, if you have more than one PC and/or Laptop connected to a Router, either via an ethernet cable or via wireless and they are Sharing Files/Folders between each other, then effectively it becomes a Network as such. You can cross infect each PC if they share files, etc. If you only have 1 PC and/or Laptop connected to the Router, then it shouldnt affect you.
__________________
JR51.
Reply With Quote
  #35  
Old 25-May-2011, 10:32
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

hi JR51,

ok I'm D/loading and installing the agnitum security right now.


Go to Start > All Programs > Accessories > System tools and tick the entry for Internet Explorer No Addons. Some Addons cause problems with web pages randomly opening.
As for this I have no option for Internet Explorer when I goto system tools.
Maybe its located somewhere else in XP.

I done eberything else you have advsed.

Please advise further about the Internet Explorer addons.
Reply With Quote
  #36  
Old 25-May-2011, 11:32
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

I just checked my spare XP machine and its there in All Programs > Accessories >System Tools as Internet Explorer ( No Add-ons) I clicked on that entry and it disabled the addons in IE.

You can disable the addons manually from Internet Explorer > Tools > Manage Addons When the window opens, on the left there is a dropdown arrow box, with a selection of various Addon display options, choose > All addons

Then on the right it will display all the addons, you will have to click on each one to highlight it and then click on the Disable button at the bottom of the window. OK out when finished.

I dont know if it has any affect on other Windows functions, seeings though IE is embedded into Windows and is part and parcel of the OS.

Option 2.

You can also supposedly remove IE via Add/Remove Programs Then on the lefthand menu click on Add/Remove Windows Components (If the menu is not visible, you might have to set it to Classic View) From there untick Internet Explorer, Click Next and wait a few seconds for it to be removed, OK out. It wont be uninstalled, just not available in Windows.

Again I dont know the side affects, if any, of doing this, but it should be OK.
__________________
JR51.
Reply With Quote
  #37  
Old 25-May-2011, 19:12
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

I still cannot find the addons for the fast way...( I post a pic of my start menu )
I have disabled a few manually using the long method and want to see that if it'll effect FF like it did in changing the IP in IE.If it doesn't effect FF then I'll disable all of it.

Also since I have installed agnitum the pop up has not happend and I've been online for 20 mins !!

As for option 2 I would gladly get rid of IE but what if it will effect my FF like it did previously?

Thanks


Last edited by jin799; 25-May-2011 at 19:14. Reason: image
Reply With Quote
  #38  
Old 25-May-2011, 20:55
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

No idea why its not in System Tools, maybe it got deleted at some time.

Anyway from what I can tell its only temporary till you close IE again, you would have to use that Shortcut permanently for the addons to be disabled.

Go to Start > Run then type and/or copy/paste this into the text box....

iexplore -extoff Then OK it.

That is basically what the shortcut does in System Tools, IE will open up and state the Addons are disabled, now if you close IE and open it as normal from the correct IE Shortcut, it wont state anything, so its only temp from what I can see.

Option 2 should work OK, you can always revert it back if it doesnt by going back into Add /Remove Windows Components and ticking the Internet Explorer box again
, etc. We arent messing with the Proxy settings doing this and I dont know why yours stopped FF working, it worked fine on mine.

You may also want to do an online scan, using the following website. Click on the Run Eset Online
Scanner button on the top right and it will open another window, (It states you arent using IE if your using FireFox like I was) but from there you can download the esetsmartinstaller_enu.exe Download the setup file to your Desktop and run it, follow the intructions etc and also allow it out through the Outpost Firewall if/when asked.

I dont know how long it takes, but there should be some form of Log made, you might want to save that and post it here if it finds anything. The scanner may also remove any infections found, I dont use this online App, but is highly used/recommended by many Anti-malware forums, along side Kasperskys online scanner.

http://www.eset.com/home/products/online-scanner

__________________
JR51.
Reply With Quote
  #39  
Old 26-May-2011, 00:16
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: I have a IE virus I think

You could download and install Comodo Internet Security Pro 2011
it's a full version and is free for 12mths, the reviews etc that i have read say it's a good product light on system resources too,

I currently am using eset smart security 4, which apart from a few minor niggles with loading https web pages (with scan https selected) using Firefox, it seems to do what it says on the tin,& it isn't a resource hog ,

I still also use pc tools spyware doctor ,for a weekly on demand scan, as that so far has found things that all the av apps i have used have not, include bit defender internet security 2008.2010
__________________

Reply With Quote
  #40  
Old 28-May-2011, 19:58
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

@JR51
cheers I'm going to try this as I still have the problem.

@ tommy t
Ya i think that I'll try the comodo as well and see if it blocks the IE.
Reply With Quote
  #41  
Old 02-June-2011, 14:32
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

You could download and install Comodo Internet Security Pro 2011
it's a full version and is free for 12mths, the reviews etc that i have read say it's a good product light on system resources too....
Originally Posted by tommy t View Post
Tommy ...Its only giving me the 30day trial... any special codes for the year one ?

JR51... I done the instructions as u said on your last post but its still opening up the IE.Its showing page as not found but still its opening up..
Reply With Quote
  #42  
Old 02-June-2011, 15:22
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Did you try the Eset online scan and if so, did it find anything ?

You dont want to install too many Firewalls, anti-virus and malware programs, they may conflict with each other. 1 of each is sufficient.
__________________
JR51.
Reply With Quote
  #43  
Old 05-June-2011, 17:01
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

JR51... I did the Eset online scan and it showed many trojans that it seemed to have discovered and deleted it but the problem is still there and the IE is opening up as usual.
Any other ideas ?
Reply With Quote
  #44  
Old 06-June-2011, 03:04
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: I have a IE virus I think

Sorry about that here is the link to the Comodo Internet Security Pro 2011
Free for 12ths version, but the geek buddy support that comes with the paid version is not included Comodo Internet Security Pro 2011
__________________

Reply With Quote
  #45  
Old 06-June-2011, 16:40
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Eset should have made a log, did you save it at all ? I did ask you to post it here in a previous reply. We may be able to spot something in there that is self replicating. Many trojans etc, can be cleaned and re-triggered from other infected files, usually hidden (Rootkits) or resident in memory. Even an infection in your System Restore points can trigger it.

What I would do is scan the PC again and zap anything it finds. Disable System Restore and reboot the PC, then re-enable it and make a new restore point.

If you use any type of chat programs, (Skype, Facebook, etc.) you may also want to stop using them for a few days and see if IE stops popping up. You get a lot of sad !$%&d's on these sites, that their soul purpose is to trick you into downloading or transfering to you something nasty to infect your PC.

Also stop using any Bit Torrent programs.

Check your Java version to see if its up to date, many infections can be transfered through that via scripts, etc.

Go to Start > Run and type cmd into the text box, OK it. At the dos prompt type in java -version ( Note the space between the a and the dash. ) Press Return.

You should see something like this....

Code:
C:\Documents and Settings\JohnnyReb>java -version
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
I updated mine about 2 weeks ago to the above version, it may even be out of date now, lol. ( In fact it is. Now build 1.6.0_25-b06 )

Go to Start > Run and type/copy this into the text box, C:\Program Files\Common Files\Java\Java Update\jucheck.exe OK it.

It will say if its up to date or not and may if its not, launch the Java updater to install the latest version, follow instructions to install the new one.
__________________
JR51.
Reply With Quote
  #46  
Old 07-June-2011, 13:06
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

I done the update of the Java version as well I had 1.6.0_24 like u but have now updated it.But the IE is still coming on.
I am now on the alert to stop all my chats.
Reply With Quote
Reply

Tags
419, bad, cable, files, free, hijack, hijackthis, internet, key, make, modem, network, port, router, security, settings, share, sharing, software, tools, virus, voip, web, windows, wireless, zero

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Countdown for nasty Windows virus Scoobs PC Security 7 07-February-2006 13:12
Avast! Free Anti virus crankykick PC Security 12 08-February-2005 14:53
Virus W32/Sobig-F problems skysurfer General Software 7 20-August-2003 17:04
Firewall XP Home Worldlife PC Security 11 18-August-2003 14:22
Virus Alert HTML.VMExploit Worldlife PC Security 8 18-April-2002 12:20


All times are GMT +1. The time now is 04:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!