Ron
Please help with Hijacked Internet Browser
Started by
Richard C
, Jun 27 2010 05:07 PM
#16
Posted 28 June 2010 - 10:29 PM
Ron
#17
Posted 28 June 2010 - 10:48 PM
Hi Ron. I'm now having startup problems. My computer won't startup and my system us current running startup repair. Please advise.
#18
Posted 28 June 2010 - 10:53 PM
We will have to wait and see what it does with the repair. The file we played with is only used in the TCP/IP stack so should not cause it to not boot.
#19
Posted 28 June 2010 - 11:04 PM
Startup Repair seemed to have fix the problem, as I'm now using the computer. Here is the log of the Error:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 19
BCP1: 00000003
BCP2: 82F809C8
BCP3: 86693038
BCP4: 86693038
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\062810-27112-01.dmp
C:\Users\Richard Cantu\AppData\Local\temp\WER-41621-0.sysdata.xml
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 19
BCP1: 00000003
BCP2: 82F809C8
BCP3: 86693038
BCP4: 86693038
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\062810-27112-01.dmp
C:\Users\Richard Cantu\AppData\Local\temp\WER-41621-0.sysdata.xml
#20
Posted 28 June 2010 - 11:35 PM
Can't tell much from the error. Open IE by right clicking and Run As Administrator then click on Safety and then Windows Updates. It should offer you SP2 which will probably replace most of your critical files.
Ron
Ron
#21
Posted 29 June 2010 - 07:18 AM
#22
Posted 29 June 2010 - 07:23 AM
Those are the files we replaced. Combofix put them there in case we changed our mind. It adds the .vir extensions so that they can't possibly run.
Your next step is to see if you can get to windows updates and download sp2.
Ron
Your next step is to see if you can get to windows updates and download sp2.
Ron
Edited by RKinner, 29 June 2010 - 07:23 AM.
#23
Posted 29 June 2010 - 07:50 AM
Hi Ron, Windows Update doesnt indicate a service pack 2 is available for Windows 7. I am only getting optional updates at this time. Thanks.
#24
Posted 29 June 2010 - 08:01 AM
Somehow I thought this was Vista. Sorry.
Do you sill have problems?
Ron
Do you sill have problems?
Ron
#25
Posted 29 June 2010 - 08:04 AM
I think we might be in the clear now. The redirecting has stopped and you've identified the corrupted files. Is there anything else I need to do at this point? I'm still weary of accessing certain sites on this pc, sites that require passwords, online banking etc. Is it safe?
#26
Posted 29 June 2010 - 08:26 AM
I think you are OK now.
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK. If that's not how it works on Win 7 then you will have to read the help. I don't have Windows 7 just Vista.
Once you have created a Restore Point:
Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr
Select "Files from All Users."
Continue
Select OS (C:)
OK
It will think for a few minutes.
Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing. Again if that's not how it works in 7 you will have to read the help.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\george.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
To hide hidden files again:
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
You may not have the latest Java (6 update 20). Get the latest at:
http://www.java.com/...nload/index.jsp
Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.
If you use Firefox then get the AdBlock Plus Add-on.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
Ron
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK. If that's not how it works on Win 7 then you will have to read the help. I don't have Windows 7 just Vista.
Once you have created a Restore Point:
Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr
Select "Files from All Users."
Continue
Select OS (C:)
OK
It will think for a few minutes.
Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing. Again if that's not how it works in 7 you will have to read the help.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\george.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
To hide hidden files again:
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
You may not have the latest Java (6 update 20). Get the latest at:
http://www.java.com/...nload/index.jsp
Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.
If you use Firefox then get the AdBlock Plus Add-on.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
Ron
#27
Posted 29 June 2010 - 07:41 PM
hi Ron, before I begin cleaning system restore, what should I do with the two corrupt files in the Qoobox folder?
Thank you.
Thank you.
#28
Posted 29 June 2010 - 08:53 PM
I think when Combofix uninstalls that it removes the qoobox folder. If you want to delete it now that's OK.
Ron
Ron
#29
Posted 29 June 2010 - 11:01 PM
Hi Ron, quick question, my pc now has another user entitled Mcx1-RICHARDCANTU-PC. Do you have any idea what that is and if I should remove it?
I did all you said in the previous post and the problem is gone now. Thank you very much for all you have done.
I did all you said in the previous post and the problem is gone now. Thank you very much for all you have done.
#30
Posted 30 June 2010 - 12:32 AM
Supposedly it's something to do with Xbox 360 extender. If you use it then I guess you should leave it.
Ron
Ron
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users