Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Micorsft Update prevent Internet Connection


  • This topic is locked This topic is locked
16 replies to this topic

#1 CluelessNI

CluelessNI

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 July 2010 - 01:39 PM

As requested by CryptoDan - here is a re-postng of an original topic. I apologise for the delay in re-submitting this but it took longer than anticipated to re-acquire the laptop.

I have run DDS, GMER, Malwarebytes and SuperAniSpyware as requested. All relevant logs have been attached and in the case of SAS I have copied the log into this topic. As you can see there was quite a bit of malware on this laptop that hs now been removed. I have included a link to my original post as requested but have also reproduced the original post for ease of reference.

http://www.bleepingcomputer.com/forums/t/326140/vista-security-update-prevents-internet-connection/

"Hi All,

I am currently working on a colleagues laptop running Vista Sp2 and IE 8. He complained recently that he could not get on the internet and that his ISP advised him that the problem was with his PC. Basically IE8 does load but cannot connect to the internet. I have identified that his laptop auto-updated 10 security updates on 11 Jun. One of these, KB982381, is causing the problem.I have uninstalled and re-installed it several tmes when it is applied he problem is there and when it is removed the internet connection works fine.

The closest related problem I can find concerns this update preventing infopath.exe from running. Is this likely to be the same issue?"

I hope this is OK. Please let me know if you need anything further.

With best wishes..............................

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2010 at 05:26 PM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type : Complete Scan
Total Scan Time : 01:37:42

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 27727
Registry threats detected : 0
File items scanned : 135772
File threats detected : 132

Adware.Flash Tracking Cookie
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\SERVING-SYS.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\ACVS.MEDIAONENETWORK.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\BROADCAST.PIXIMEDIA.FR
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\IA.MEDIA-IMDB.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\IMG-CDN.MEDIAPLEX.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\MEDIA.SCANSCOUT.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\MSNBCMEDIA.MSN.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\OBJECTS.TREMORMEDIA.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\PIXIMEDIA.FR
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\SKYMAGAZINELIVE.MYMEDIA.CO.UK
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\ATDMT.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\EC.ATDMT.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\SPE.ATDMT.COM
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\M.UK.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\M1.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\M1.EMEA.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\S0.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\STATIC.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\UK.2MDN.NET
C:\Users\Patrick\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXR9TABF\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
spe.atdmt.com [ C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3F4CLJC4 ]
acvs.mediaonenetwork.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
atdmt.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
broadcast.piximedia.fr [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
cdn4.specificclick.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
cdn5.specificclick.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
ec.atdmt.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
ia.media-imdb.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
img-cdn.mediaplex.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
m.uk.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
m1.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
m1.emea.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
media.scanscout.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
media.vmixcore.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
msnbcmedia.msn.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
objects.tremormedia.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
piximedia.fr [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
s0.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
secure-us.imrworldwide.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
skymagazinelive.mymedia.co.uk [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
spe.atdmt.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
static.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
track.webgains.com [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
uk.2mdn.net [ C:\Users\Patrick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXR9TABF ]
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@122.2o7[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ad.yieldmanager[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ad.zanox[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@adbrite[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ads.bleepingcomputer[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ads.cnn[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ads.gmodules[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@adserve.tescofinance[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@adtech[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@advertising[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@adverts2.propertynews[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@adviva[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@aerlingus.122.2o7[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@apmebf[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@at.atwola[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@atdmt[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@bs.serving-sys[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@cdn5.specificclick[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@clicktrk.laterooms[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@collective-media[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@collective-media[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@content.yieldmanager[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@content.yieldmanager[3].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@discountbicycles.co[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@doubleclick[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@eas.apm.emediate[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@ehg-independent.hitbox[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@eyewonder[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@fastclick[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@hairybikers[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@handpickedmedia.co[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@hitbox[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@invitemedia[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@kontera[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@mediaplex[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@onlineadtracker.co[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@pro-market[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@questionmarket[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@revsci[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@revsci[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@richmedia.yahoo[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@serving-sys[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@specificclick[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@statcounter[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@statse.webtrendslive[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@tacoda[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@tradedoubler[2].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@tribalfusion[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@www.discountbicycles.co[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@www.googleadservices[1].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@www.googleadservices[3].txt
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\patrick@xiti[1].txt
.doubleclick.net [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1bkm4jzb.default\cookies.sqlite ]


Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 25 July 2010 - 08:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 25 July 2010 - 04:03 PM

Hi Myrti,

Thanks for this. I appreciate you guys are busy but am glad to get a response. I have run the OTL.exe as requested and attached the logs rather than paste them. I hope this is OK.

With best wishes.......................

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 25 July 2010 - 04:22 PM

Hi,

can you please try to reset internet explorer: http://support.microsoft.com/kb/923737

Let me know if you can then get online.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 26 July 2010 - 03:44 PM

Hi Myrti,

Thanks for this. I have tried resetting IE but this has not resolved the issue. I should explain that I can get IE to work but only by removing the offending Microsoft download (KB982381). As this is an important security patch I dont view this as a permanent solution and would rather find out why this update is affecting IE this way and re-install this patch. I have alos noticed that when the laptop boots up and windows loads I get an Windows message that states " Windows has blocked some startup programs. Windows blocks programs that require permission to run when windows starts. Click to view blocked programs". However when I click on the dialogue box it closes and does not list any programs. I have tried looking in the system logs but nothing is listed. However some drivers are not loading - "The following boot-start or system-start driver(s) failed to load:SABKUTIL)". I imagine it is probably unrelated to the main issue but thought I would mention in for completeness.

hope this helps.

Please let me know if you need anything further.

With best wishes.........................

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 26 July 2010 - 05:02 PM

Hi,

how do you have no internet? Can only IE not reach the internet or can nothing log into the internet?

It is possible that the patch modified Internet Explorer to an extend that your AV is blocking it now. Could you please reinstall the patch, then disabel your anti virus program and test if you can log on to windowsupdate.com.

If that works close Internet Explorer, reenable your AV and let me know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 27 July 2010 - 04:10 PM

Hi Myrti,

Thanks for this. I have downloaded the update but unfortuantely am unable to disable Norton 360. I have tried to use the bleepingcomputer instructions but there is no icon in the system tray. I have looked in Services and the Norton 360 service has started but all options are greyed out and I cannot stop or disable it. I have tried giving full permissions but this has no affect.

Just to clarify what is happening: IE does run when clicked. However it displays the error "Internet explorer cannot display the webpage".

I get the feeling that Norton 360 is corrupt becasue if I try to run it nothing seems to happen, just a blank dialogue box - there is no console and no options to run a scan. There is also Norton Security Scan but this also does not run as it defers to Norton 360 all the. There is also another programme which I think is rubbish called FileCure which claims to have 18 extension problems.

Do you think I need to uninstall Norton 360?

Thanks...................

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 27 July 2010 - 04:29 PM

Hi,

yes it sounds as if Norton might have taken a turn for the worse. I would suggest you uninstall and reinstall it and see if that helps.

REMOVE NORTON

Please click HERE and follow the instructions in order to backup your key and download and run the norton removal tool.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 28 July 2010 - 03:49 PM

Hi Myrti,

Just to let you know I need to see the laptop's owner to find out his account details with Norton and check he has license keys/disks etc. I was hoping to do it today but had to change my plans. However I should be able to get this information tomorrow and cary out an uninstall of Norton 360. I'll post a reply when this has been done.

I hope this is OK.

With thanks........................................

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 28 July 2010 - 04:06 PM

Hi,

sure it's fine. Depending on whether your tomorrow becames my day after, my reply may delayed as I'm leaving for a couple of days though. Just so you know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 28 July 2010 - 04:12 PM

LOL - as long as all my yesterdays don't get ahead of all your tomorrows !!*!!

Yours faithfully,

Confused of England

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 28 July 2010 - 04:49 PM

Hi,

lol, I just wasn't sure which timezone you were in. If you'd been in the US thursday evening for you would have been friday morning for me and I'm not sure whether I'll be able to drop by one last time on friday morning..

anyhow we're basically in the same time zone and tomorrow evening should work nicely.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 29 July 2010 - 04:18 PM

Hi Myrti,

This is just a quick note as I know you are away from tomorrow.

I obtained the Norton account details from this user today and have removed Norton 360. Lo and behold IE was then able to access the internet with the patch downloaded. I am currently installing a fresh copy of Norton 360 and will do some further testing once it has installed. I will then let you know the results.

Have a good trip!

With thanks........................

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:50 AM

Posted 29 July 2010 - 04:32 PM

Hi,

happy to hear that the issue has resolved (more or less). The Microsoft Update you mentioned modified the internet explorer files. It is quite possible that your security programs thought this was by malware and blocked the program.
An update is usually quickly released in these cases... However it doesn't reach those that are already offline. wink.gif

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 CluelessNI

CluelessNI
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 30 July 2010 - 12:39 AM

Hi Myrti,

Thought I would get this on quickly in case you pick it up before going away.

Bottom line is that the IE is working fine. I have taken the following actions:

1. Updated Norton with the latest definition files and run a full scan - there was one threat found (VMain.class) and several other detections. I have included a copy of the Norton log in case you wanted to take a look. I note that the lesser detections have no action taken. I assume from this that they are no real threat. However should I do something about them?
2. I have now downloaded all Windows patches that were outstanding.
3. As the user has a full version of Norton I have removed other (spurious) security programs such as spyware doctor and Filecure partly to avoid clashes with Norton and partly because they are probably superfluous.
4. I have also removed the programs we installed (SAS and Malwarebytes) also to avoid potential clashes with Norton.

I hope this is OK. I don't know whether the offending microsoft patch corrupted Norton, or whether Norton was already corrupt before the patch, but this certainly seemed to be the issue. From my point of view the problem is resolved but I will wait until I hear from you before assuming this and closing the call.

Once again - many thanks for your help, and have a good trip.

With best wishes........................

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users