Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 address redirect/fail virus?


  • This topic is locked This topic is locked
22 replies to this topic

#1 55cans

55cans

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 23 March 2013 - 05:13 PM

Hi.

 

New to this site.  Was hoping for some advice/help after trying on my own with no success.

 

Am running XP Pro 32 and IE8 with SP3.

 

My home page is set to google.com.  When IE8 starts google homepage loads properly.

 

Then I type "dailymotion" (as an example) in search engine and the page loads and displays properly for a moment, then disappears, then tries to reload, the page loads and displays properly again for a moment, then disappears and the following ends up in IE8 address bar:

 

res://ieframe.dll/acr_error.htm#dailymotion.com,http://www.dailymotion.com/ca-en

 

It does the same if I launch IE8 and manually type "http://www.dailymotion.com/ca-en" in the address bar and I don't uses google at all.

 

It seems like some type of redirect virus.  If I replace google.com with yahoo.com and use it as a search engine, the same problem/result happens with IE8.

 

After infected I downloaded/installed mozilla/firefox and have used this browser without problem.

 

I have tried spybot, superantispyware, malwarebytes, hitman, ccleaner, rougekiller, tdsskiller, ms security essentials, esetsmart, etc. to try and find/remove problems.  All have ended up finding something and fixing it, but with all diplaying no problems, my problem with IE8 still happens.

 

I also tried to delete and retype google.com as the IE8 default homepage, and start IE8 without addons, restore and reset IE* to defauts, etc. but problem persists.

 

I also selectively restricted startup programs and services to only essential ones.  No change.

 

The problem seems to be imbedded in some other restart startup procedure. 

 

Are there any ideas I can try, or more information that is needed?

 

Thanks for any help you can provide.

 

Don

 

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 23 March 2013 - 05:35 PM

AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well
  • ===================================================


    Junkware Removal Tooll by thisisu

    -------------------
    • Please download Junkware Removal Tool and save it to your desktop.
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
    • Please allow the program time to run
    • Once completed a Notepad document will open on your desktop
    • Copy and paste the contents in your reply

Edited by narenxp, 23 March 2013 - 05:36 PM.


#3 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 23 March 2013 - 06:06 PM

Hi narenxp.  Thank you for your help.

 

Here is the AdwCleaner log:

 

# AdwCleaner v2.115 - Logfile created 03/23/2013 at 16:48:20
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LIFEBOOK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uwv72ds7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [868 octets] - [23/03/2013 16:44:18]
AdwCleaner[S2].txt - [800 octets] - [23/03/2013 16:48:20]

########## EOF - C:\AdwCleaner[S2].txt - [859 octets] ##########
 

 

Here is the junkware removal tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sat 03/23/2013 at 16:53:32.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\uwv72ds7.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.safesearch.net/?utm_medium=ff&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=1128DAFAB5174065");
user_pref("browser.search.defaultengine", "SafeSearch");
user_pref("browser.search.defaultenginename", "SafeSearch");
user_pref("browser.search.defaulturl", "hxxp://www.safesearch.net/search?q={searchTerms}&utm_medium=ff&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=1128DAFAB5174065");
user_pref("browser.search.order.1", "SafeSearch");
user_pref("browser.search.selectedEngine", "SafeSearch");
user_pref("extensions.av_ssearch.ss_domain.www.safesearch.net", "{\"url\":\"hxxp://www.safesearch.net/?utm_medium=ff&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=1128D
user_pref("keyword.URL", "hxxp://www.safesearch.net/search?q=");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/23/2013 at 16:58:29.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Tried running IE8 after this, still the same issue as described.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 23 March 2013 - 06:07 PM

This is not a redirect issue.Can you try reinstalling IE 8?


Edited by narenxp, 23 March 2013 - 06:07 PM.


#5 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 23 March 2013 - 06:41 PM

Hi narenxp.

 

When I open IE8 and the google home page loads, some other webpages seem to work properly, while others do not.

 

For example if I search "cbc" using the google search engine, then select cbc news option and open that link, the page opens and all links on it work properly.  I can also open IE8 and type "www.cbc.ca/news" in the address bar and this page opens properly and all links on it work properly.

 

But when I do the same for the "dailymotion" site IE8 only loads this page momentarily.  The website fails to load.

 

I'm puzzled, some websites work, others do not.  Is there some "parameter" difference from these two website examples that IE8 interprets, one being safe, the other not?

 

I will try the IE reinstall as you suggest.



#6 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 23 March 2013 - 07:14 PM

Hi narenxp.

 

Reinstalled IE8 and no difference.

 

IE8 and google work properly for the http://www.cbc.ca/news page but do not work for the http://www.dailymotion.com/ca-en page.

 

For Mozilla/Firefox both webpages work.

 

Anymore ideas to try?

 

Thank you

 

Don



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 23 March 2013 - 07:16 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • RKILL log
  • ESET log

Edited by narenxp, 23 March 2013 - 07:16 PM.


#8 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 March 2013 - 12:08 AM

Hi narenxp,

 

Here's the last few lines of the tdsskiller log:

 

21:04:47.0781 0836  C:\WINDOWS\system32\rasdlg.dll - ok
21:04:47.0781 0836  [ 635A90D73E600FF2F68F63A99413E960 ] C:\Program Files\Nuance\PaperPort\ssocr.dll
21:04:47.0781 0836  C:\Program Files\Nuance\PaperPort\ssocr.dll - ok
21:04:47.0781 0836  ============================================================
21:04:47.0781 0836  Scan finished
21:04:47.0781 0836  ============================================================
21:04:47.0781 0752  Detected object count: 0
21:04:47.0781 0752  Actual detected object count: 0
 

 

Here's the rkill log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/23/2013 09:07:37 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\acs.exe (PID: 1848) [WD-HEUR]
 * C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\44950501-6334-4720-AFCE-4DF7D51EAA81.exe (PID: 2084) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/23/2013 09:08:10 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)
 

 

For the EST Smart program, no threats were found and no log file was generated.

 

 

What do you think?  Anything else I can try?



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 24 March 2013 - 11:28 AM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Remove Policies Set By Infections
Repair Winsock & DNS Cache

  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair

Try to browse now.Does this happen on IE 7?



#10 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 March 2013 - 02:54 PM

Hi neranxp,

 

I tried this but still doing same thing.

 

I did notice that my Windows Firewall was down and would not open.  Kept getting the error message, "Due to an inidentified problem Windows cannot display Windows Firewall settings."  So I used the repair program you provided to fix it, then had to uninstall/reinstall MS Security Essentials to get the MS Security Center to recognize that MS Security Essentials was providing virus protections.  Firewall and all is back up and fine.  Thank you.

 

The problem is getting better, almost solved.  At least now the redirect doesn't go to another website, the site just fails to open and the site "res" fail message happens.  I can remember it redirecting searches to "livesearch" and "digger" sites before.  Also removed that nasty bit of antivirus software that keeps routing to a buy it or die option.

 

Can I try anything else?



#11 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 March 2013 - 06:32 PM

Hi neranxp,

 

Sorry, I missed your suggestion about IE7.  When I was looking into this I found this forum post:

 

res://ieframe.dll error in IE 8
I just moved from IE7 to IE8 (so far big mistake); I'm still on Windows XP, and have been getting the following error message when attempting to access barnesandnoble.com:

res://ieframe.dll/acr_error.htm#barnesandnoble.com,http:www.barnesandnoble.com

I have received the res://ieframe.dll/acr_error.htm# with several websites, but not all.

Any suggestions, or do I need to go back to IE7?

 

 

At this link in the same forum thread a solution is explained:

 

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_xp/resieframedll-error-in-ie-8/7f657540-474f-4587-b661-c3ffbb1aed06?page=3

 

Does the post by "aJohnMiller" shed any light on this problem?

 

I will try the IE8 uninstall now.

 

Thanks for your help.

 

Don



#12 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 March 2013 - 07:43 PM

Hi narenxp,

 

Its not working properly with IE7 either.  I still have google as the home page.

 

When I open IE7 and type www.cbc.ca/news in the address bar the page opens properly and all page links work properly.

 

When I open IE7 and type cbc in the google search box, then select cbc news from the search results, www.cbc.ca/news opens properly and all page links work.

 

When I open IE7 and type www.dailymotion.com in the address bar, the webpage opens, then IE7 warns than an error has occured and the page must close.  I selected the "don't send error report" to close IE7.

 

When I open IE7 and type "dailymotion" in the google search box and press enter, google gives me all the right search choices but I notice that the IE7 address bar has been preloaded with the following before I make a search choice:

 

DON'T CLICK ON THIS LINK

http://www.google.ca/search?hl=en-CA&source=hp&q=dailymotion&gbv=2&oq=dail&gs_l=heirloom-hp.1.0.0l10.2516.13235.0.16750.4.4.0.0.0.0.204.672.0j3j1.4.0...0.0...1c.1.HbkV2YgE13Y

 

This doesn't seem right.

 

If I select www.dailymotion.com from the search choices, the webpage opens for a moment, then IE7 closes without warning.

 

I noticed that if I reopen IE7 and try to retype "dailymotion" in the google search box, IE7 closes without warning when just the "d" is typed, but if I repeat this and type something else, then backspace to clear what I typed, I can re-enter the whole word "dailymotion" in the google search box again.  Weird.

 

So far Mozilla/Firefox is unaffected.

 

Does this observation help you any?

 

Don


Edited by 55cans, 24 March 2013 - 07:47 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 24 March 2013 - 09:08 PM

Did you try the fixes given microsoft forum?

 

At this link in the same forum thread a solution is explained:

 

Press Windows+R key and type

 

cmd and click ok and run these commands one by one and press  <ENTER>

 

cd\

dir /s ieframe.dll>0.txt & notepad 0.txt

 

A notepad should pop up,post the contents of it here



#14 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 24 March 2013 - 11:14 PM

Hi narenxp,

 

The fixes to uninstall ie8 didn't work, but at least the change to ie7 reveals there is some kind of virus problem.

 

Altering the unprotected memory available did not help either.

 

Here is the result of the notepad after the two system commands were run:

 

 Volume in drive C has no label.
 Volume Serial Number is 2024-9D19

 Directory of C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE

06/24/2010  06:24 AM        11,079,168 ieframe.dll
               1 File(s)     11,079,168 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE

09/10/2010  11:27 AM        11,082,240 ieframe.dll
               1 File(s)     11,082,240 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE

12/20/2010  05:58 PM        11,082,752 ieframe.dll
               1 File(s)     11,082,752 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE

02/23/2011  04:57 AM        11,082,752 ieframe.dll
               1 File(s)     11,082,752 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE

04/25/2011  10:09 AM        11,083,776 ieframe.dll
               1 File(s)     11,083,776 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE

06/25/2011  01:03 AM        11,083,776 ieframe.dll
               1 File(s)     11,083,776 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE

08/22/2011  05:47 PM        11,084,288 ieframe.dll
               1 File(s)     11,084,288 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE

11/05/2011  03:19 PM        11,083,776 ieframe.dll
               1 File(s)     11,083,776 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE

12/17/2011  01:45 PM        11,085,312 ieframe.dll
               1 File(s)     11,085,312 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE

03/01/2012  04:58 AM        11,085,312 ieframe.dll
               1 File(s)     11,085,312 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE

05/11/2012  08:41 AM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE

07/02/2012  11:48 AM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE

08/28/2012  09:13 AM        11,113,472 ieframe.dll
               1 File(s)     11,113,472 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE

11/01/2012  06:15 AM        11,113,472 ieframe.dll
               1 File(s)     11,113,472 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE

12/26/2012  02:15 PM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE

02/06/2013  01:34 AM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB969897-IE8\SP3QFE

05/01/2009  04:22 PM        11,064,832 ieframe.dll
               1 File(s)     11,064,832 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB972260-IE8\SP3QFE

07/19/2009  07:17 AM        11,068,416 ieframe.dll
               1 File(s)     11,068,416 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE

08/29/2009  01:31 PM        11,069,952 ieframe.dll
               1 File(s)     11,069,952 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE

10/29/2009  02:15 PM        11,070,464 ieframe.dll
               1 File(s)     11,070,464 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE

12/22/2009  03:09 PM        11,070,976 ieframe.dll
               1 File(s)     11,070,976 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE

02/25/2010  12:19 AM        11,073,024 ieframe.dll
               1 File(s)     11,073,024 bytes

 Directory of C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE

05/06/2010  04:06 PM        11,078,144 ieframe.dll
               1 File(s)     11,078,144 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\60592bc9e478a3c60830f8835d653e9f\SP3GDR

02/05/2013  02:05 PM        11,111,424 ieframe.dll
               1 File(s)     11,111,424 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\60592bc9e478a3c60830f8835d653e9f\SP3QFE

02/06/2013  01:34 AM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR

04/30/2009  03:22 PM        11,064,832 ieframe.dll
               1 File(s)     11,064,832 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE

05/01/2009  04:22 PM        11,064,832 ieframe.dll
               1 File(s)     11,064,832 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3GDR

08/28/2012  08:44 PM        11,111,424 ieframe.dll
               1 File(s)     11,111,424 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE

08/28/2012  09:13 AM        11,113,472 ieframe.dll
               1 File(s)     11,113,472 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR

11/04/2011  01:20 PM        11,081,728 ieframe.dll
               1 File(s)     11,081,728 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE

11/05/2011  02:19 PM        11,083,776 ieframe.dll
               1 File(s)     11,083,776 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\e66b4743816c49dca51948af9e24f676\SP3GDR

02/05/2013  02:05 PM        11,111,424 ieframe.dll
               1 File(s)     11,111,424 bytes

 Directory of C:\WINDOWS\SoftwareDistribution\Download\e66b4743816c49dca51948af9e24f676\SP3QFE

02/06/2013  01:34 AM        11,112,960 ieframe.dll
               1 File(s)     11,112,960 bytes

 Directory of C:\WINDOWS\system32\dllcache

02/05/2013  02:05 PM        11,111,424 ieframe.dll
               1 File(s)     11,111,424 bytes

     Total Files Listed:
              34 File(s)    377,088,000 bytes
               0 Dir(s)  203,223,285,760 bytes free
 

 

Does this mean anything to you?

 

Edited:  Looks like it gives the dates when ieframe.dll changed?

 

Think in the meantme I should reinstall ie8 now and check this text file again.

 

 

Thanks,

 

Don


Edited by 55cans, 24 March 2013 - 11:43 PM.


#15 55cans

55cans
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 25 March 2013 - 02:08 AM

Hi narenxp,

 

Okay, I reinstalled IE8 and all suitable updates.

 

IE8 now brings up the website "www.dailymotion.com" but then a security message comes up that says "You are about to leave a secure internet connection,  It will be possible for others to view information you send.  Do you wish to continue?"  I take the "no" option and the website remains open and is normally displayed.  If I click a link on the page, the link opens and the security message repeats.  When I reply "no" the link continues to remain open and displayed normally.

 

When IE8 brings up the website "www.cbc.ca/news" it opens normally and no security messages are received.  All page links and navigation work properly.

 

I think this is some type of redirect for hit revenue virus, but now the active security is blocking the redirect.  The virus seems active or inactive depending on the website address entered.  Is there somekind of log that can isolate what is generating the redirect and what the redirect destination is?  At the security prompt is there a way to see what the redirect address is so the virus type can be determined?

 

Thanks again.

 

Don


Edited by 55cans, 25 March 2013 - 02:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users