Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010, can't open programs, big problems... need help please!!!


  • Please log in to reply
18 replies to this topic

#1 sean342125

sean342125

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 January 2010 - 12:47 PM

Running Windows xp pro. Internet Security 2010 is one popping up, may be more. Can't open antivirus or Malewarebytes. Won't allow system restore. Safe mode loads but won't open these programs either. Won't allow me to download other removal tools. Not sure what else to do, please help

BC AdBot (Login to Remove)

 


#2 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 January 2010 - 12:49 PM

Also tried putting Malewarebytes on cd from separate computer and loading through drive, that didn't work either

#3 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 02 January 2010 - 01:50 PM

Have you tried using the guide below?
http://www.bleepingcomputer.com/virus-remo...t-security-2010

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 PM

Posted 02 January 2010 - 04:39 PM

After using the above guide post the scan log here and tell us how it's going.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 January 2010 - 09:35 PM

finally got malewarebytes to update and run under a different filename. Pasting the log file.


Malwarebytes' Anti-Malware 1.43
Database version: 3484
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/2/2010 9:35:09 PM
mbam-log-2010-01-02 (21-35-09).txt

Scan type: Quick Scan
Objects scanned: 125680
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\H8SRTqptamrftho.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sean\Local Settings\Temp\H8SRT32f0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTcvxyiyltof.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTwbsmkqnpxn.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTyqwwhqjemr.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTsspmepybne.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.

#6 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 January 2010 - 09:52 PM

also, safe mode with networking seems to be working fine. but in normal mode, internet explorer wont load but malewarebytes will... just won't update

#7 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 02 January 2010 - 11:13 PM

Go to http://support.kaspersky.com/viruses/solutions?qid=208280684 and download TDSSKiller and run it.

After download atf cleaner and remove all temp files, and then run an online virus scan if you are able at eset.com.

I just noticed that you only ran a quick scan with MBAM. You should run a full scan.

Edited by trev47, 02 January 2010 - 11:35 PM.


#8 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 January 2010 - 09:07 AM

okay... put a lot of things on my zip drive and ran them. malewarebytes full scan, super anti spyware, rkill. also did an atf cleaner like you suggested. i don't see any traces of the virus itself anymore. computer speed seems pretty good but still no internet. i open explorer and it just tells me there is an error loading page. i can get online in safe mode with networking but not in normal mode. any ideas?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 PM

Posted 04 January 2010 - 11:29 AM

Hi, do these 2 next and see.
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


OR

Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 January 2010 - 11:57 AM

will paste the kenco log with this. tried both options, internet still not working. i don't know if this makes a difference, but when i let microsoft run the diagnostics for connection it then comes up with a screen telling me to contact the company that provides me with Windows XP Product Support. Thanks again for your help.


Kenco by jpshortstuff (31.12.09.1)
Log created at 11:51 on 04/01/2010 (Sean)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
AppleSoftwareUpdate.job -> [21:01 22/10/2009] 284 bytes
axlcdfvz.job -> [02:09 16/12/2008] 292 bytes
FRU Task #Hewlett-Packard#hp officejet 6100 series#1257443834.job -> [17:57 05/11/2009] 400 bytes
GoogleUpdateTaskMachineCore.job -> [15:55 17/12/2009] 878 bytes
GoogleUpdateTaskMachineUA.job -> [15:55 17/12/2009] 882 bytes
RegCure Program Check.job -> [18:05 26/12/2008] 436 bytes
RegCure.job -> [18:05 26/12/2008] 370 bytes

-=E.O.F=-

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 PM

Posted 04 January 2010 - 12:30 PM

Ok now we'll run SAS. This should be run in safe mode.. I want to get the scan done to remove some thimds. Then do the "Repairs" below.. We can rerun all the tools again.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 January 2010 - 02:06 PM

ran SAS with options selected like you asked in safe mode and then did the repair also. still no internet. here is the sas log.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/04/2010 at 01:38 PM

Application Version : 4.32.1000

Core Rules Database Version : 4442
Trace Rules Database Version: 2266

Scan type : Complete Scan
Total Scan Time : 00:59:08

Memory items scanned : 266
Memory threats detected : 0
Registry items scanned : 6851
Registry threats detected : 0
File items scanned : 65728
File threats detected : 0

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 PM

Posted 04 January 2010 - 02:34 PM

Rats!!
3 Methods of repairing connectivity
METHOD 1

LSP-Fix
Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access
LSP-Fix Home Page
Using LSP-Fix to remove Spyware & Hijackers

METHOD 2

WinSock XP Fix 1.2
It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.
If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.
Download WinSock XP Fix 1.2

METHOD 3

Microsoft KB article to reset TCP/IP
One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.
Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh)
How to reset Internet Protocol (TCP/IP) in Windows XP
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 sean342125

sean342125
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 January 2010 - 05:31 PM

neither of the 3 worked... so much for this being an easy fix huh?? I am sorry but thank you so much for your time so far. any other ideas?

#15 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 04 January 2010 - 09:35 PM

Sean,
Go to start --> Run, and in the box type CMD and press enter. A command prompt window should pop up. In that window type
Ipconfig /all
and press enter. Next type ping google.com and press enter.
Once it is done. Right-click in the window and press "select all", and press enter again.
Open notepad and press ctrl+v
Paste that text into your next reply. It would be awesome if you could do this from safemode and a normal boot to see if there is a difference. Also, in normal boot disable any firewalls and make sure you do not have any proxy settings. Check that here:
In IE go to Tools -->Internet options -->click the connections tab -->Click lan settings
In the box that pops up make sure everything is unchecked! Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users