Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Won't Start And Viruses


  • This topic is locked This topic is locked
15 replies to this topic

#1 doodles1

doodles1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 15 October 2007 - 09:18 PM

Hi, new to bleepingcomputer, but hoping to get some help from you wizards out there.
My Internet Explorer won't start. Just get "windows service pack setup has encountered a problem and needs to close. We are sorry for the inconvenience." On the error report the Exception info is: 0x80000004.
I have run McAfee, Spybot, Adaware and AVG and have tons of .t files. AVG found worms and trojan horses. I have healed what could be healed and quarantined others. IE still won't start. I can run a Hijack This log if someone can help. Please let me know. I don't want to have to reinstall IE if I don't have to. Thanks.

BC AdBot (Login to Remove)

 


#2 Crizz44

Crizz44

  • Members
  • 496 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:08:39 AM

Posted 15 October 2007 - 09:53 PM

Hi Doodles1 and Welcome,

Did you run your antivirus and spyware scans in safe mode? Its also good to run an online scan like Bitdefender.com in safe mode with Networking.

How to get into safe mode:

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:39 AM

Posted 15 October 2007 - 10:04 PM

Since you cannot get on the net to run an online scan (Panda Active scan) then follow the instructions to post your HiJackThis log.
Preparation Guide for use before posting a HijackThis Log


btw Welcome to BC

Edited by boopme, 15 October 2007 - 10:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 15 October 2007 - 10:19 PM

AVG has found I-Worm/Luder-A, Trojan Horse Downloader.Generic3.RG, Trojan Horse Downloader.Generic3.AKH, Trojan Horse Downloader.Generic3.LM, Trojan Horse Dropperagent.WJ, Downloader.TIBS, Downloader.TIBS.3.A, Trojan Horse Downloader.small.57.c, Trojan Horse Downloader.small.57f, win32/PEPATCH, I-worm/nuwar, Trojan Horse Downloader.agent.KSF.

I haven't run anything in Safe Mode. Also I'm low on memory (probably due to this) I have defragged but don't have Bitdefender downloaded yet.

#5 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 15 October 2007 - 10:22 PM

actually I'm on through aol and I do have hijack this on my desktop.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:39 AM

Posted 15 October 2007 - 10:43 PM

Do you feel you can run these scans before posting the Hijack. Although safe Mode would be freferable these can run in Normal. The first 2 are online,the last is an excellent trojan killer.
If you can't do these than post the HJT log as instructed above


ESET online Scanner

Panda Active Scan

SuperAntiSpyware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 16 October 2007 - 01:01 PM

Hi I'm back. Thanks for your patience and your welcome to your community. I have been trying all last night and today to follow your instructions. Now I have used McAfee, AVG, Spybot, Adaware, Panda (no disinfection, just a scan) and now I will attempt using AVERT Stinger. I am very nervous about disabling my restore function. Is that what I must do? I have noticed that many of the bad files were in the restore area. I also have an external backup drive which seems to have been infected as well. What do I do there? (and is there a way I can prevent the backup drive from viruses in the future?)
Thanks all, awaiting your replies.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 AM

Posted 16 October 2007 - 01:45 PM

I am very nervous about disabling my restore function. Is that what I must do?

Disabling System Restore as a step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors recommend disabling System Restore before attempting malware removal which is not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. Without a restore point to fall back on, you are then stuck with a limited means of restoring your system such as a Repair Install or Reformat. Although System Restore is not 100% guaranteed to work all the time, it at least gives you another option. When your system is clean, then you can create a new Restore Point and purge the old ones to prevent accidental re-infection.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 16 October 2007 - 03:26 PM

Since my Internet Explorer won't start (my original problem) Dr. Web Cure It will not open/save. I have saved ATF cleaner to my desktop. what to do next?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 AM

Posted 16 October 2007 - 04:35 PM

Save Dr.Web CureIt the same way as you did AFT Cleaner. When you run cureit, click Cancel when asked to download the lastest. You just downloaded it so you have the most current version. Then click Start and follow the directions I provided. If you can't save the file, then you will have to download from another computer (family, friend) with Internet access, save to a usb stick and transfer it to yours.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Crizz44

Crizz44

  • Members
  • 496 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:08:39 AM

Posted 16 October 2007 - 04:45 PM

Have you tried the Safe Mode with Networking? I have had computers that the IE won't work in regular startup, but will work in Safe Mode. Then you may be able to use it to run the online scans. It's worth the try.

#12 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 16 October 2007 - 05:29 PM

Now I was able to save Dr.Web CureIt to my desktop. I think I will try rebooting in safe mode first to see if IE starts. Then I'll go from there.
Should I uninstall Windows XP SP2 and see if there is a difference in my IE?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 AM

Posted 16 October 2007 - 08:47 PM

Should I uninstall Windows XP SP2 and see if there is a difference in my IE?

I would not recommend that you remove SP2. BTW, what version of IE do you have?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 doodles1

doodles1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 17 October 2007 - 04:24 PM

IE 7.0

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 AM

Posted 17 October 2007 - 04:41 PM

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users