Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE9 can't restore default internet security. Keeps reverting to custom settings.


  • Please log in to reply
13 replies to this topic

#1 Dodgechic49

Dodgechic49

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 07 October 2012 - 09:59 AM

After I change the setting to default, when I close and reopen IE9 the settings are back to custom which I never changed to begin with. I know I have a virus because SUPERanti spyware catches and removes up to 30 at every scan and I am being redirected to google when I try to do searches of certain things to get answer's to this problem. Iam using windows 7.Thank you for helping.

Edited by Queen-Evie, 11 October 2012 - 05:04 AM.
moved to AII to investigate the possibility of malware


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:44 PM

Posted 07 October 2012 - 11:16 AM

Is this occuring on one of the systems you mentioned in your Am I Infected topic?

http://www.bleepingcomputer.com/forums/topic470643.html/

#3 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 10 October 2012 - 06:08 PM

The other laptop issue is about wrapped up. The issue I mentioned here is still ongoing and seems to be getting worse.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 10 October 2012 - 07:28 PM

Scan your machine with ESET OnlineScan- Click on the following link to open ESET OnlineScan
You may be prompted to disable any antivirus programs for this to run - Information on A/V control (temp disable) HERE if needed
Download ESET online Scanner this will take a while to load the base program and then the updated definitions
Next -
Download, Install and Update Malwarebytes Anti-Malware Free and run a Quick Scan
Next -
Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.
AdWare Cleaner
Next -
Clean out your temporary internet files and temp files.
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista/Windows7, right-click on the file and choose Run As Administrator
Next -
TFC will close all programs when run, so make sure you have saved all your work before you begin.
1. Click the Start button to begin the cleaning process.
2. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
3. Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Copy / Paste any result from ESET Scan / the Last SUPERAntiSpyware log / Malwarebytes log / AdawareCleaner log -




#5 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 11 October 2012 - 10:56 AM

Hello, thank you for helping. I can not download the Adware Cleaner. I am getting a message that it is being blocked by Smart Screen filter. I don't know how to disable this.

#6 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 11 October 2012 - 02:59 PM

ESET Report

C:\Users\Julesba49r\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Users\Julesba49r\AppData\Local\Temp\tmpe29798a5\c.exe a variant of Win32/Kryptik.AMZI trojan cleaned by deleting - quarantined
C:\Users\Julesba49r\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\C.EXE a variant of Win32/Kryptik.AMZI trojan cleaned by deleting - quarantined
C:\Users\Julesba49r\AppData\Roaming\Unly\nepyr.exe a variant of Win32/Kryptik.AMZI trojan cleaned by deleting - quarantined
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2012 at 03:01 PM

Application Version : 5.6.1006

Core Rules Database Version : 9375
Trace Rules Database Version: 7187

Scan type : Complete Scan
Total Scan Time : 01:44:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 73131
Registry threats detected : 0
File items scanned : 96586
File threats detected : 36

Adware.Tracking Cookie
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6TH3PIO.txt [ Cookie:julesba49r@invitemedia.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMX11LHT.txt [ Cookie:julesba49r@msnbc.112.2o7.net/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\CHCX1516.txt [ Cookie:julesba49r@insightexpressai.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\MC08XI94.txt [ Cookie:julesba49r@doubleclick.net/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S09WGAT.txt [ Cookie:julesba49r@revsci.net/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3V0MWN7.txt [ Cookie:julesba49r@adserver.adtechus.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\73I0R9ZI.txt [ Cookie:julesba49r@serving-sys.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7HFM1AK.txt [ Cookie:julesba49r@www.googleadservices.com/pagead/conversion/1070299046/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\BYX4DUGE.txt [ Cookie:julesba49r@interclick.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNY88DZI.txt [ Cookie:julesba49r@zedo.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJNMHKCB.txt [ Cookie:julesba49r@a1.interclick.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\U1JGU00M.txt [ Cookie:julesba49r@atwola.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0BOQ0KF.txt [ Cookie:julesba49r@lfstmedia.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2NQ4G5X.txt [ Cookie:julesba49r@2o7.net/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\EGE0EJXO.txt [ Cookie:julesba49r@apmebf.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\TK590NZG.txt [ Cookie:julesba49r@at.atwola.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\AOYW19PC.txt [ Cookie:julesba49r@legolas-media.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\SUTMANQB.txt [ Cookie:julesba49r@mediaplex.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\UV0LRVSE.txt [ Cookie:julesba49r@adsonar.com/adserving ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\GTDQPAPI.txt [ Cookie:julesba49r@imrworldwide.com/cgi-bin ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\AAPBL1OX.txt [ Cookie:julesba49r@ad.yieldmanager.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ZYLQDEK.txt [ Cookie:julesba49r@ar.atwola.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW01JK5U.txt [ Cookie:julesba49r@c.atdmt.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\9PX1ELOC.txt [ Cookie:julesba49r@lucidmedia.com/ ]
C:\USERS\JULESBA49R\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4DASTNS.txt [ Cookie:julesba49r@adxpose.com/ ]
media.nbcdfw.com [ C:\USERS\JULESBA49R\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NTV7B7ED ]

Trojan.Dropper/Gen-C
C:\USERS\JULESBA49R\APPDATA\LOCAL\TEMP\TMP28863C8F\C.EXE
C:\USERS\JULESBA49R\APPDATA\LOCAL\TEMP\TMP39B47C84\C.EXE
C:\USERS\JULESBA49R\APPDATA\LOCAL\TEMP\TMP668F7C30\C.EXE
C:\USERS\JULESBA49R\APPDATA\LOCAL\TEMP\TMP7CD530CE\C.EXE
C:\USERS\JULESBA49R\APPDATA\LOCAL\TEMP\TMPF9A5A42B\C.EXE
C:\Windows\Prefetch\C.EXE-58A64B6E.pf
C:\Windows\Prefetch\C.EXE-6B1E20E0.pf
C:\Windows\Prefetch\C.EXE-7069F242.pf
C:\Windows\Prefetch\C.EXE-924BE3D8.pf
C:\Windows\Prefetch\C.EXE-9541D5ED.pf
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Julesba49r :: JULESBA49R-PC [administrator]

10/11/2012 12:35:57 PM
mbam-log-2012-10-11 (12-35-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200045
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


TFC Report
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112849109 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38668 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 13004192147 bytes
Process complete!

Total Files Cleaned = 13,071.00 mb

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 11 October 2012 - 04:38 PM

Hi -
This has cleaned out a lot of stored junk files that were not needed - Most likely one of your problems - Run TFC once a week -
I have not had problems with Adware Cleaner so far, but you can use Junkware Removal Tool by thisisu instead -

Have you ever run a DiskCheck scan to see if all is OK with this area -
Run a Disk Check on your C: drive in Windows :
•Click Start and open Computer
•Right-click on C: (or your main hard drive) and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and >>> Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This can take (on average) 1 hour, so please let all 5 stages finish, and your computer will reboot back to Normal mode -

Next -
Go - Start > Programs > Accessories > Find Command Prompt and Right click, select Run as Admin - Type sfc /scannow and let it run (average 15 minutes) -

After this tell us if there is any improvement in operation, or still any major problems -

Thanks -



#8 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 12 October 2012 - 10:12 AM

Hello, I can't install a windows update and the fan seems to be on over drive since doing the last steps. Any advice?

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 12 October 2012 - 04:39 PM

I know I have a virus because SUPERanti spyware catches and removes up to 30 at every scan and I am being redirected to google

Hi -
First, are you still being redirected on Google searches, and if you run an Updated scan with SUPERAntiSpyware, do you still find infections ??

Which update "KB ###" are you having problems with, and which "last steps" have caused the fan to seem faster
Please be specific in the replies and questions, as we have performed quite a few steps and removed several infections already -

Make sure the computer has been turned off at the wal overnight and not just left in sleep mode -

You could list the Make and Model of computer and post a snapshot with Speccy as this may give us a bit more to look at -
Publish a Snapshot using Speccy <<Follow These Directions

Please download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices (Problem only)
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and post the result (Result.txt).
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Thank You -



#10 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 13 October 2012 - 05:00 PM

http://speccy.piriform.com/results/qJlZXQO47KhG2R4Zcm3uU4d

#11 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 13 October 2012 - 05:13 PM

I hope I did that right. My fan is running all the time (after we did the disk check and sfc/scannow steps). It used to only run loudly when I was playing a game or looking at something with graphics. After I got out of it the fan would get quiet again. It does shut off when I close the lid. I am no longer being redirected, yahoo! The Windows update I am trying to install is KB2754670. I appreciate all your help here. :dance:

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 13 October 2012 - 05:44 PM

The infection you had has now been removed -

Clean out your remaining temporary internet files and temp files.
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
Keep and run this program once a week to clean out unwanted Temp files - Always be sure to Reboot after cleaning -

KB2754670
Microsoft has released security bulletin MS12-065
. To view the complete security bulletin, go to one of the following Microsoft websites:
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:
http://update.microsoft.com/microsoftupdate/ Direct download link to KB2754670

>> Use this link FIRST - Help installing updates: Support for Microsoft Update (http://support.microsoft.com/ph/6527)

Thank You -



#13 Dodgechic49

Dodgechic49
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:44 PM

Posted 14 October 2012 - 12:07 PM

Everything seems to be ok now. I am able to follow the link's given in here without being redirected to an error screen via google message. I appreciate all the help I have received to fix both of my laptop's and I will continue to read this forum for tid bit's on safe surfing and keeping a clean machine. Thank you again :thumbsup:

#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 14 October 2012 - 03:44 PM

You did have 2 active infections and a few that were present but no longer active - All have been removed -
Safe surfing -
Glad to help -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users