Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer won't run, tried some things...


  • Please log in to reply
10 replies to this topic

#1 DefiniteChoice

DefiniteChoice

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 19 August 2009 - 09:38 AM

Whenever I try to run my browser (Internet Explorer), it tells me "Internet Explorer Stopped Working" and then Windows closes the program (I have Vista). I ran Dr Web Cure It in both regular and safe mode and no problems. Then I ran Windows Defender which finds no problems. I have Malwarebytes already but whenever I try to run it (either in regular or safe mode) it won't start. I double click it, and it asks me to confirm the program (which I acknowledge) but then the program never opens. Since I can't get on the internet, I can't really explore that one (I'm using my laptop to make this post). It's weird because it still shows I'm online, all my instant messenger etc etc still works. Just can't get the browser to work. Or Malwarebytes.

Thoughts?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 19 August 2009 - 11:38 AM

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not run, try renaming it first.
  • Open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on the mbam.exe file and rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then right-click on the file and rename it to winlogon.exe.
If that still did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on the mbam.exe file, rename it to myscan and change the .exe extension to .scr, .com, .pif, or .bat.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DefiniteChoice

DefiniteChoice
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 19 August 2009 - 03:23 PM

Wow thanks, that worked great, Malwarebytes ran and took care of a trojan!

However I'm still having the trouble with Internet Explorer. I can't get to a webpage at all. I tried resetting IE but that didn't help.

#4 DefiniteChoice

DefiniteChoice
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 19 August 2009 - 08:34 PM

Upski!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 20 August 2009 - 06:54 AM

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs


Most Internet connectivity problems arise out of corrupt Winsock settings due to the installation of a networking software or Malware infestation.

Try resetting the IP address:
  • Go to Start > Run and in the open box, type: cmd
  • Press OK or Hit Enter. A dos Window will appear.
  • At the command prompt type or copy/paste:: ipconfig /release
  • Hit Enter.
  • When the prompt comes back, type: ipconfig /renew
  • Hit Enter.
  • Close the command box and and see if that fixes the connection. No reboot needed.
Vista users can refer to Where is the Vista Run Command?

If that did not resolve the problem:
  • Go to Start > Run and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Start > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically".
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.

Also check your Proxy settings to make sure malware did not alter them:
  • Open Internet Explorer > click Tools > Internet Options > Connections tab.
  • Click the LAN Settings... button and uncheck Use a proxy server for your LAN or
    or change the settings to the proxy you normally use if you previously reconfigured it.
  • Click Ok and then click Ok again.
  • Close Internet Explorer and restart the computer.
  • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  • Under the Connection section click on the Settings... button.
  • Under Configure Proxies to Access the Internet, Check No proxy. This is the default option if you don't use a proxy.
  • Click Ok and then click OK again.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 DefiniteChoice

DefiniteChoice
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 August 2009 - 10:38 AM

Those internet ideas were, unfortunately, unsuccessful. Below is the results from the "quick scan". Whenever I try the full scan I can almost get all the way through before it freezes (both in regular or safe mode). Trying it once again as we speak.


Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1

8/19/2009 1:20:11 PM
mbam-log-2009-08-19 (13-20-11).txt

Scan type: Quick Scan
Objects scanned: 77256
Time elapsed: 3 minute(s) 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cbf734b7-ab14-45c4-a6e6-6fbd7351205e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cbf734b7-ab14-45c4-a6e6-6fbd7351205e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbf734b7-ab14-45c4-a6e6-6fbd7351205e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.234 85.255.112.185 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 20 August 2009 - 11:16 AM

Your Malwarebytes Anti-Malware log indicates you are using an older version of MBAM (v1.37) with an outdated database. Please download and install the most current version (1.40) from here.

The database shows 2182. Last I checked it was 2664.

If you cannot use the Internet or download any required programs to the infected machine, you are going to need access to another computer (family member, friend, library etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive. If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.

You will also need to manually download the definition database from another computer, save and transfer them to the infected machine. After installing MBAM, just double-click on mbam-rules.exe to apply the update.

Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 DefiniteChoice

DefiniteChoice
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 August 2009 - 12:21 PM

Thanks for your continued patience and assistance!

Just did your recommendation and although the version is 2658 (the one in your link) I still managed to apparently clean some more up. I'm now running a full scan, but here's the results from the quick scan:



Malwarebytes' Anti-Malware 1.40
Database version: 2658
Windows 6.0.6001 Service Pack 1

8/20/2009 12:12:51 PM
mbam-log-2009-08-20 (12-12-51).txt

Scan type: Quick Scan
Objects scanned: 91412
Time elapsed: 5 minute(s) 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\137716606.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 20 August 2009 - 12:59 PM

Yes, run a full Scan but you are probably going to need to download other tools for dysinfection.

IMPORTANT NOTE: One or more of the identified infections is related to a nasty rootkit component. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 DefiniteChoice

DefiniteChoice
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 August 2009 - 01:28 PM

Thanks again!

I'm going to keep trying but I constantly have to cancel out or reboot when Malwarebytes freezes up while scanning D:\\Windows\System32\

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 23 August 2009 - 07:22 AM

If you cannot run MBAM or complete a scan in normal mode, then try performing a Quick Scan in "safe mode".

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM but in some cases, there is no alternative but to do a safe mode scan. If that is the case, after completing a scan, it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users