Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Removing Popup Message: "notice: Your System Is Infected..."


  • Please log in to reply
8 replies to this topic

#1 Dwon

Dwon

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 November 2007 - 03:41 AM

I am new to this site so, forgive me if this is a long post. I'm trying to be as detailed as possible.

I continually receive the popup stating: "Notice: your system is infected and your computer performance is not at the highest level. Full system optimization will greatly increase your computer's performance and prevent data loss."

It displays all the symptoms of an IE defender spy/malware and I have gone through the self help tutorial but, have ran into some hang ups with a few of the steps.

Much like the member Valerie123, from this thread: (http://www.bleepingcomputer.com/forums/index.php?showtopic=114873&hl=defender), I couldn't find the IE Defender program in the "Add or Remove Programs" option and I wasn't able to find the IE Defender folder, after setting the computer in safe mode, through the path of C:\Program Files\.

Also, in the thread above, the person assisting the member stated to follow the directions for manual fix in the tutorial, because of the non-existent program and folder. I didn't see any instructions labeled as "manual fix." Therefore, I followed the directions from #7 on forward (below), without finding the IE folder in safemode, as mentioned before.

Also, I downloaded the FixIED.reg file but, wasn't prompted to merge the information as stated on step #17. I am asked to Run the program and after clicking the Run option, it then asks: "Are you sure you want to add the information in C:\Document and settings...?"

After clicking Yes, it then states: "Information in C:\Documents and Settings...\FixIED.reg has been successfully entered in the registry."


1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Click on the Start Menu button.

3. Click on the Control Panel option.

4. Double-click on the Add or Remove Programs icon.

5. Find the entry for IE Defender and double-click on it to uninstall the program. Follow the prompts to uninstall the
program, but do not allow it to reboot the computer if it asks.

6. When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.

7. Next, please reboot your computer into Safe Mode by doing the following:

(1.) Restart your computer

(2.) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

(3.) Instead of Windows loading as normal, a menu should appear

(4.) Select the first option, to run Windows in Safe Mode.

(5.) Login as a user with administrator privileges.

....

17. On your desktop find and double-click on the FixIED.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.


....

Edited by Dwon, 07 November 2007 - 03:42 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:31 AM

Posted 07 November 2007 - 05:26 AM

Are you sure you are infected with Ie Defender? How many of these files did you find and remove?
C:\Windows\System32\bDivX.dll
C:\Windows\System32\bDivX.dll.bak
C:\WINDOWS\system32\IR9V0_QCX.dll
C:\WINDOWS\system32\IR9V0_QCX.dll.bak
C:\Windows\System32\Video32.dll
C:\Windows\System32\Video32.dll.bak
C:\WINDOWS\system32\IntelVideo.dll
C:\WINDOWS\system32\IntelVideo.dll.bak
C:\WINDOWS\system32\IntelVideoDivX.dll
C:\WINDOWS\system32\IntelVideoDivX.dll.bak
C:\WINDOWS\system32\XunLeiBHO_Now.dll
C:\WINDOWS\system32\XunLeiBHO_Now.dll.bak
C:\Windows\System32\dx50codec.dll
C:\Windows\System32\dx50codec.dll.bak
C:\Windows\System32\a3gpcodec.dll
C:\Windows\System32\a3gpcodec.dll.bak
C:\WINDOWS\system32\aDivX.dll
C:\WINDOWS\system32\aDivX.dll.bak
C:\WINDOWS\system32\mp3avi.dll
C:\WINDOWS\system32\mp3avi.dll.bak

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

SAS will remove the zlob trojan as well as many other types of malware

Edited by buddy215, 07 November 2007 - 10:20 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 07 November 2007 - 09:09 AM

It displays all the symptoms of an IE defender spy/malware

By that do you mean your getting hijacked searches that say you are infected and that you need to install the IE Defender rogue anti-spyware program?

Please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions; ignore the part that shows symptoms in a HijackThis log as they will not apply your case.)
If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated and some of the infectors from IE Defender were recently added.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Dwon

Dwon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 November 2007 - 02:27 PM

"By that do you mean your getting hijacked searches that say you are infected and that you need to install the IE Defender rogue anti-spyware program?"

Yes, exactly that. When I search through Google, it states that "Google error: Your computer is infected..." and there is a pornographic link beneath that message. When I go to yahoo and do a search, I receive a similar error message but, it doesn't contain the pornographic picture and link.

Also, after a few searches the IE defender program comes on and scans my computer.

In this situation, would I follow the steps you mentioned with the link on "How to remove the Smitfraud/Generic Zlob?" Or, do I go through the self help tutorial of removing an IE defender in the link and steps I mentioned in my first post? If it is the latter, what would I do if I wasn't able to find the IE program in the add/remove programs option and the folder was non-existent when I rebooted the computer in safemode and went to run the path of C:\program files\?

thanks,

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 07 November 2007 - 02:47 PM

If your not finding it in Add/Remove and not finding the files, then go ahead and use the generic removal instructions I provided. Smitfraudfix was recently updated to include some of the files related to IE Defender. It will also remove any other smitfraud files it detects during its scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Dwon

Dwon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 08 November 2007 - 06:54 AM

After going through the generic process, it appears the IE Defender has been successfully removed. Google and Yahoo are functionally normally and the Internet Explorer pop up is gone.

Just a little feedback, a few of the steps didn't go as planned and didn't display the results as mentioned in the link.

For example, during the cleanup process on step #9, the instructions states that it would take a couple of hours. The computer was stuck on that process for a good 9 hours from 12pm-9pm or so. So, I cancelled that process and rebooted the computer. I went back into safemode and continued with the steps as before.

This time around, the cleanup process was a lot shorter. I didn't see a red screen stating "Computer will reboot now. Close all applications." Therefore, I proceeded with step 10 to choose Yes for the cleaning of the registry.

After that was done, a notepad appeared containing all the logs. All the while, the computer never rebooted automatically. I rebooted it back into the normal mode and it seems that all is fine.

I'm not sure if I did something wrong and the steps didn't flow as it should, according to the directions.

So, my question is: since my procedure didn't provide the exact same results as described in the directions, was this procedure done correctly?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 08 November 2007 - 09:43 AM

Disk Cleanup can take up to several hours depending on your computer and how much junk you have accumulated in your temp folders. Sometimes it may even hang which causes it not to complete. If the second time around the cleanup was quicker that means it removed much of the junk during your first attempt even though it did not finish. After running smitfraudfix a reboot may be needed to finish the cleaning process but that does not always happen. In those cases you have to restart it yourself manually which you did.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Dwon

Dwon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 08 November 2007 - 03:09 PM

I have setup a new system restore point and would like to thank you very much, quietman, for all of your help and patience. :thumbsup:

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 08 November 2007 - 04:02 PM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users