Posted 25 October 2010 - 03:42 AM
More than a week ago I got the FAKE NORTON security warning while doing Google search. I knew it was bogus & immediately closed browser & ran a Norton scan. The report said that an intrusion attempt was blocked. For several days after that, I could not get the browser to open any web pages, even though a good connection was present. The Internet Explorer 8 browser must be corrupted & no longer has a toolbar, Favorites buttons are visible but non-functioning. I have been using the laptop to download files to run to try to correct the problem. After running Microsoft for Malicious software, the browser worked (still no toolbar) for a short time, but reverted back to the white screen while unsuccessfully trying to open my homepage.
I thought that I posted in this forum several days ago, but can't find it now.
I cannot access my Internet Options by right clicking on the IE ICON nor from the icon in the Control Panel. Since there is no toolbar on my browser, I cannot access it from there either. I tried the right click on a blank portion of the browser to see if I could get anything with no success. I found a run command on the internet that got it to open (%systemroot%\ServicePackFiles\i386\inetcpl.cpl) The LAN proxy boxes were NOT checked, so I proceeded with the Uninstall instructions.
Today I followed the REMOVE Antivirus IS instructions. Ran Malwarebytes (Had done this last week & removed all files that it had found at that time) & no infected fileswere found today.
I typed rkill.com in my address bar, but the site that came up looked bogus & said that the domain was for sale & had nothing on it except ads, so back to the laptop I went & clicked on the link in the instructions to download this program & transferred it to the Pc VIA FLASH DRIVE. Again, no infected files found.
Installed & ran TDSSKiller--no infected files found.
I found 2 of the registry files that were listed at the end of the instructions & deleted them The PHISHING FILTER ENABLED (0) & "PROXYOVERRIDE"
There were two files that were questionable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable "1"
I have a file that exactly matches this one, but the value is "0" so I did NOT delete it.
I also found HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyServer" but it did NOT have "http=127.0.0.1:27811 after it, so I did NOT delete it.
I can still get my home page to open, & move to a page or two, but I cannot download from Microsoft, the rkill download attempt failed to get me where I wanted to go, my IE8 toolbar is gone, cannot access Internet Options as stated above.
Things that happened before last week were warnings that I had no RAM & Google autopopulate could not work due to lack of memory.
The affected computer is an HP, running Windows XP Home SP3, Internet Explorer 8 (Although Firefox, Netscape, Google Chrome get the same results when I try to access with them)Internet connection via Belkin 54 Router with Linksys USB Adapter.
The computer seems to function fine with non-internet programs.
Norton 360 4.0 scans find tracking cookies & intrusion sttempts, network connection problems. I can try to provide the list if needed.
I welcome any help. Thanks