Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE5 working IE6 not working


  • Please log in to reply
10 replies to this topic

#1 James_D

James_D

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 May 2005 - 10:30 PM

Please note I've posted another topic containing a hijack log Here after posting these messages which is probably more relevant.


Hello there,

This post relates to this thread (which I tried to post to but I think it's closed)

Original Topic

I recently (like 5 mins ago) had exactle the same problem. I'm an AOL user but I sign in & acess the web via IE.

Shortly after the problem I checked my Wnidows directory for files that were created about the same time the problem occured. This is what I found:

bkezokej.exe

iasada.dll

l.bat

timon2.dll
(after searching for this it lead me to this forum - no hits for the other files)

I.bat contains this:

@ECHO OFF
regedit /s /i %windir%\install.reg
regsvr32 /s %windir%\timon2.dll
del /Q %windir%\install.reg
del /Q c:\myvbs.vbs


I rebooted in safe mode, backed up these files & their location & deleted them in their original location.. rared them up here if anyone knows what to do with them: NB Please don't d/l this unless you KNOW what you're doing Weird zipped up files

I'm also on Windows 2000 - if there's anyone there who knows what I should do with this then go for it.

And many thanks to OldTimer who suggested reinstalling IE by right clikcing IE.inf in the win/inf folder... this is the only thig I did (apart from a thorough virus & spyware scan) & it sorted out the problem.

James

Edited by James_D, 24 May 2005 - 09:22 PM.


BC AdBot (Login to Remove)

 


#2 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 May 2005 - 10:32 PM

Something else I've noticed is that even though IE works now, some links open a new IE window but nothing comes up... just a white screen...

edit:

Went to the windows update site & updated to IE 6 - rebooted & the problem's happening again?! I'll go through all the steps suggested & see if this fixes it.

edit:

Seems to be working OK with IE 5 - so I guess it was updating to IE 6 that is triggering the problem again.

Edited by James_D, 23 May 2005 - 11:15 PM.


#3 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 24 May 2005 - 08:49 PM

Hi again,

This post refers to my original thread:

Orig Thread

A similar problem can be found here & I followed all the steps recommended by OldTimer:

Similar Problem

IE does indeed work, but clicking on the IE.inf in c:\winnt\in re-installs IE5. When I updated to IE6 the problem was there again... IE6 fails to start & brings up this box: "The application fails to initialise properly (0x0000005)"

Un-installing IE6 from add / remove programs brings me back to IE5.. which works... this was done a few times & still no joy.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 02:39:16, on 25/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\util\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\util\NORTON~1\navapw32.exe
C:\WINDOWS\SYSTEM32\gsicon.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\util\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Util\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Util\XDesk95\XDesk95.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Util\WinTasks pro 4\wintasks.exe
C:\Program Files\Util\WinRAR\WinRAR.exe
C:\DOCUME~1\JAMESD~1\LOCALS~1\Temp\Rar$EX00.113\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\util\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\util\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSICON] C:\WINDOWS\SYSTEM32\gsicon.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\util\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\util\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Util\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: XDesk95 - Get Organized.lnk = C:\Program Files\Util\XDesk95\XDesk95.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\Util\WinTasks pro 4\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Util\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Util\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1761bc38a9e10e...ip/RdxIE601.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\util\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thanks for any help.

Edited by James_D, 24 May 2005 - 08:50 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:03 AM

Posted 25 May 2005 - 12:39 AM

Hi James_D and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. Your log is clean.

Let's try this. Download and install ewido security suite. Update the program and then close it. Start ewido and click on the Scanner button. On the Scanner page click on My Computer and then click the Start button to begin the scan. Let it run to completion and fix anything that it finds.

When it is finished, download CCleaner and install it.
Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Now, reboot your computer and try the IE6 installation again.

Let me know what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 May 2005 - 10:04 AM

Hi OT,

Thanks for the reply. I did everything you suggested but I still get the IE6 problem... this is weird. I'm sort of thinking that IE6 isn't uninstalling properly 'cause I really don't understand why reinstalling isn't sorting the problem.

James

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:03 AM

Posted 25 May 2005 - 10:54 AM

Hi James_D. Are you trying to install IE6 from the website or through Windows Update? If so, try downloading the full installation package and installing it from your hard drive instead.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 May 2005 - 03:26 PM

Windows didn't seem to offer a full package but I found some info on how to use the 450kb net installer to download the files to a folder to use offline.

Still no joy...

I tried uninstalling IE5 before the installation too... this has really got me stumped.

Surely if the malware had modified any file that IE used I would have found it by searching for files created / modified (how I found the malware deploy exe)? So I'm now thinking that it might be a registry problem... the I.Bat file that the malware deployed added something to the registry via a .reg file that I.bat deleted afterwards.

Maybe it's about time for a fresh windows install?

Edited by James_D, 25 May 2005 - 03:26 PM.


#8 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 May 2005 - 03:52 PM

Not sure if this is important - but after looking at Internet Explorer files in System Information tool I've noticed a few dlls aren't there.

Here's a link to a snapshot (the pic is too big to include in the post.)

System Info : Internet Explorer

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:03 AM

Posted 25 May 2005 - 06:18 PM

Hi James_D. You can download the full installation version here:

http://www.microsoft.com/windows/ie/downlo...p1/default.mspx

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 James_D

James_D
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 May 2005 - 07:17 PM

Yeah.. the only thing that's on offer there is a small ie6setup.exe file which downloads IE via the net. The only way (as far as I know) to download it is to run the program like this:

"c:\ie6sp1\ie6setup.exe" /c:"ie6wzd.exe /d /s:""#E"

Which is what I did.

No matter OT - thanks for your help, I'll just reinstall the OS.

Thanks again,
James

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:03 AM

Posted 25 May 2005 - 07:46 PM

Hi James D. See this article on how to download the entire package:

http://www.petri.co.il/download_the_full_ie_package.htm

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users