Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer cannot display the webpage


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mol_Bolom

Mol_Bolom

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 29 July 2010 - 08:12 PM

Original thread here -> http://www.bleepingcomputer.com/forums/ind...t&p=1863890

Possible malware causing IE and automatic updates to not connect to internet. Network connection is fine, however, other programs and browsers are just fine.

<Edit> Whew, things sure got confusing since the last time I've been here, ;)...

Anyway...Some new and interesting info...

Been having probs with gmer, and is running at this moment...

Anyway...

Had IE opened for some time, so don't know if this is related or whatnot, but a Norten Security Scan download window had popped up after about 30 minutes. Closed it and "end task" on IE. Ran an error report just to test to see if the error report might return any errors, it did not.

I had left for about an hour and when I returned, gmer was still running (this is now), no apps will load now. Still gmer and firefox, which were left running, are just fine.

Got a baloon popup, second popup just now,
CODE
gmer.exe - Corrupt File
The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.

Don't know how long this balloon has been coming up. The owners don't know if it's popped up before either.
(Note, just popped up a third time).

Once gmer is finished I'll reboot (to be able to load cmd) and check ipconfig /all (if there might be anything in there).

<Edit 2>
OS crashed after gmer finished so couldn't add the info. Did a chkdsk though, since I had to hard boot, and got several errors, don't think it has anything to do with this issue, though.

after running ipconfig, nothing out of the ordinary...Don't see how this could be problematic, but here's two lines from ipconfig.
CODE
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No


<Edit 3>
Ok, went the road less traveled and created a new user account, this time "limited", and voila IE works. So the problem is definitely a user problem and not a system wide problem.
So if anyone is willing to help figure this out, at least point to the configuration files that is loaded from user startup and I could start disabling from there to test certain things...Or better yet, just delete that user...Either way, since this user does not have administrative priviledges could there be any problem that could arrise if I ran autoupdates from this user while entering password for the administrator from this user could the infection attack this user as well?

<Edit 4>
Logged back into the affected user, now have a Resident Shield alert that pops up, overlaps all windows, can be moved back only with task manager. Task manager does not show any application for it, though.

CODE
File name:   c:\WINDOWS\wuscofe.dll
Threat name:    Trojan horse Agent2.BCCZ

Process name  C:\WINDOWS\system32\rundll32.exe
Process ID:     2556


Searches turn up 0 for wuscofe.dll.
In regedit.
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run\Osoxec rundll32.exe "C:\WINDOWS\wuscofe.dll",Startup
HKEY_USERS as well.
Now to check this against the other user.

Attached Files


Edited by Mol_Bolom, 30 July 2010 - 06:04 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 07 August 2010 - 01:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 12 August 2010 - 05:00 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users