Solve : Infections won't go away, IE freezes?

1.	Solve : Infections won't go away, IE freezes?
Answer» Hey all! Recently I've been having problems with Trojans and other infections. Also my Internet Explorer keeps freezing on me. This hasn't been a problem before. But almost every time I open IE and open some new tabs, it freezes. I keep running spyware and virus scans and they keep popping up. I'm attaching my SuperAnti spyware, Malwarebytes and HJT logs as requested. If anything else is needed, please just let me know. I'd appreciate any help! Thanks in advance- Christy [recovering disk space -- attachment deleted by admin]I'll take a look and get back to you in a minute...Looks like someone's been DOWNLOADING cracks, which is probably how you got infected. Also, I don't see any anti-virus or firewall software running on your computer. This needs to be corrected ASAP. On that note, I also see that you have CyberDefender installed...you may want to read a little about it here: http://forums.spybot.info/archive/index.php/t-10042.html Personally, I would get rid of it. Is Juno your current ISP, or is it NetZero? Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it. Go ahead and run HijackThis and place checkmarks next to the following entries... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;microsoft.com;windowsupdate.com; (the rest is cut off to reserve space) O2 - BHO: (no name) - {14F4272A-5E14-439F-B1ED-3B50E78B7739} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O15 - Trusted Zone: http://www.bigfishgames.com O15 - Trusted Zone: http://.bigfishgames.com O15 - Trusted Zone: http://onecare.live.com O15 - Trusted Zone: http://www.pogo.com As a general rule of thumb, it's best to not allow any sites into your Trusted Zone, so you should remove those. With that said, close all windows except for HijackThis (you may want to print my instructions, as you will have to close this window as well) and click on Fix Checked. Once you are done with that... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt* file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. 5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post. When you post those logs, post a new HJT log as well.Ok, did what you suggested. I'm attaching the logs here too. As for the firewall, I've been relying on WinXP firewall. What else is suggested for the firewall and virus protection? thanks for the help- Christy [recovering disk space -- attachment deleted by admin]Did VundoFix not produce a log? Well, in any case, it looks like your Vundo infection has already been cleaned out. However, I would like you to run one more scan. Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. Your logs are coming up clean, but this little program is really good at finding things that we can't see. The Windows Firewall helps, but its protection is subpar. There are several free firewalls available, but my favorite is Comodo. There are others such as ZoneAlarm, Kerio/Sunbelt, and several others. Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall. As for anti-virus, many people prefer AVG, and it is what I currently use. The protection is great, but the current version gives some people trouble, so you may want to consider using Avast, Avira/AntiVir, or another program (I can give you a list if you'd like). Just look around on Google and see which one seems to be more to your liking. Like with a firewall, you should only have one anti-virus active. While you're at it, you may also want to go to Tools > Windows Update from your IE browser and upgrade your Windows to SP3. Also, you didn't answer this question... Quote from: CBMatt on August 05, 2008, 11:33:05 PM Is Juno your current ISP, or is it NetZero? Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it. Hey CBMatt- Alrighty then, first of all I ran VundoFix and then the VirtumundoBeGone but the only log I got was the one I attached on the previous post. After your last post I ran ComboFix and am attaching the log for you. I now have AVG AV and Firewall installed and running. I also updated my IT browser to SP3. Quote Is Juno your current ISP, or is it NetZero? Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it. I'm sorry, I completely forgot about that question! I am now using Hughes Net as my internet provider. The others are dial-up I have in case of a satellite outage. I DID tell HijackThis to get rid of them though since I haven't used them in quite a while. Oh, also, since installing AVG, it put a toolbar on my desktop too. Should I get rid of it as well? So, I think I've finished everything you suggested. Anything else you need? thanks! Christy [recovering disk space -- attachment deleted by admin]A toolbar? I've never known AVG to install a toolbar. Unless it's related to the SafeSearch, which I have never used... http://one9.us/blog/how-to/disable-avg-80-safe-search ComboFix picked up a few things and you should be relatively clean now (be sure to keep running scans on a regular basis), but it's hard to say because it looks like you crack a lot of games, and these cracks and keygens are notorious for infecting users with viruses. If you keep up such activity, you will never keep your computer virus-free. Also, you must be very careful with HJT because if you remove the wrong things, you can really screw up your system. Anyway, how is your computer running now? Any changes?The toolbar came with a paid subscription to AVG. I've used the free AVG before and decided to try the paid one. The info on the toolbar is here: http://www.grisoft.com/ww.product-avg-toolbar-tlbrc if you are interested. I think my computer is running better now. Haven't had any freezes lately. thanks for your help- ChristyOkay, gotcha. I've never used the paid version, so I'm not entirely familiar with every feature. According to AVG's site, the toolbar comes with Active Surf-Shield and LinkScanner. Personally, I am against these extra features as they are known for causing a lot of lag with some users, so I would remove it. However, if you aren't experiencing any problems and/or you want the toolbar, it's not going to cause you any harm. If you end up experiencing anymore problems, FEEL free to come back and we'll give it all another run-through. But if you're not having trouble, then you should be good to go. I think ComboFix is a HANDY program to keep around, but because it's constantly being updated, it's best to re-download it whenever you need it. So, let's go ahead and uninstall by going to Start > Run...then type in combofix /u and click on OK. Note the space between "combofix" and "/u". Here are some additional procedures that you should follow to help with the security of your computer... Next, let's clean your restore points and SET a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. To keep your operating system up to date visit here MONTHLY: Microsoft Windows Update And to keep your system clean run these free malware scanners weekly: AdAware SE Personal Spybot Search & Destroy And be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?Once again thanks a lot for your help. I completed this list of things to do and am good to go..I hope! lol If anything else comes along I'll be back. take care- ChristySounds good to me. Best of luck to you!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Answer»

Hey all! Recently I've been having problems with Trojans and other infections. Also my Internet Explorer keeps freezing on me. This hasn't been a problem before. But almost every time I open IE and open some new tabs, it freezes. I keep running spyware and virus scans and they keep popping up. I'm attaching my SuperAnti spyware, Malwarebytes and HJT logs as requested. If anything else is needed, please just let me know.

I'd appreciate any help!

Thanks in advance-
Christy

[recovering disk space -- attachment deleted by admin]I'll take a look and get back to you in a minute...Looks like someone's been DOWNLOADING cracks, which is probably how you got infected. Also, I don't see any anti-virus or firewall software running on your computer. This needs to be corrected ASAP. On that note, I also see that you have CyberDefender installed...you may want to read a little about it here:
http://forums.spybot.info/archive/index.php/t-10042.html
Personally, I would get rid of it.

Is Juno your current ISP, or is it NetZero?
Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it.

Go ahead and run HijackThis and place checkmarks next to the following entries...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com; (the rest is cut off to reserve space)
O2 - BHO: (no name) - {14F4272A-5E14-439F-B1ED-3B50E78B7739} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O15 - Trusted Zone: http://www.bigfishgames.com
O15 - Trusted Zone: http://*.bigfishgames.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://www.pogo.com

As a general rule of thumb, it's best to not allow any sites into your Trusted Zone, so you should remove those. With that said, close all windows except for HijackThis (you may want to print my instructions, as you will have to close this window as well) and click on Fix Checked.

Once you are done with that...
1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.

When you post those logs, post a new HJT log as well.Ok, did what you suggested. I'm attaching the logs here too. As for the firewall, I've been relying on WinXP firewall. What else is suggested for the firewall and virus protection?

thanks for the help-
Christy

[recovering disk space -- attachment deleted by admin]Did VundoFix not produce a log? Well, in any case, it looks like your Vundo infection has already been cleaned out. However, I would like you to run one more scan. Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.

Your logs are coming up clean, but this little program is really good at finding things that we can't see.

The Windows Firewall helps, but its protection is subpar. There are several free firewalls available, but my favorite is Comodo. There are others such as ZoneAlarm, Kerio/Sunbelt, and several others. Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

As for anti-virus, many people prefer AVG, and it is what I currently use. The protection is great, but the current version gives some people trouble, so you may want to consider using Avast, Avira/AntiVir, or another program (I can give you a list if you'd like). Just look around on Google and see which one seems to be more to your liking. Like with a firewall, you should only have one anti-virus active.

While you're at it, you may also want to go to Tools > Windows Update from your IE browser and upgrade your Windows to SP3.

Also, you didn't answer this question...
Quote from: CBMatt on August 05, 2008, 11:33:05 PM

Is Juno your current ISP, or is it NetZero?
Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it.

Hey CBMatt-

Alrighty then, first of all I ran VundoFix and then the VirtumundoBeGone but the only log I got was the one I attached on the previous post. After your last post I ran ComboFix and am attaching the log for you. I now have AVG AV and Firewall installed and running. I also updated my IT browser to SP3.
Quote

Is Juno your current ISP, or is it NetZero?
Either way, all of these toolbars might be contributing to your IE problem. If you want, we can look into it.

I'm sorry, I completely forgot about that question! I am now using Hughes Net as my internet provider. The others are dial-up I have in case of a satellite outage. I DID tell HijackThis to get rid of them though since I haven't used them in quite a while. Oh, also, since installing AVG, it put a toolbar on my desktop too. Should I get rid of it as well?

So, I think I've finished everything you suggested. Anything else you need?

thanks!
Christy

[recovering disk space -- attachment deleted by admin]A toolbar? I've never known AVG to install a toolbar. Unless it's related to the SafeSearch, which I have never used...
http://one9.us/blog/how-to/disable-avg-80-safe-search

ComboFix picked up a few things and you should be relatively clean now (be sure to keep running scans on a regular basis), but it's hard to say because it looks like you crack a lot of games, and these cracks and keygens are notorious for infecting users with viruses. If you keep up such activity, you will never keep your computer virus-free.

Also, you must be very careful with HJT because if you remove the wrong things, you can really screw up your system. Anyway, how is your computer running now? Any changes?The toolbar came with a paid subscription to AVG. I've used the free AVG before and decided to try the paid one. The info on the toolbar is here: http://www.grisoft.com/ww.product-avg-toolbar-tlbrc if you are interested.

I think my computer is running better now. Haven't had any freezes lately.

thanks for your help-
ChristyOkay, gotcha. I've never used the paid version, so I'm not entirely familiar with every feature. According to AVG's site, the toolbar comes with Active Surf-Shield and LinkScanner. Personally, I am against these extra features as they are known for causing a lot of lag with some users, so I would remove it. However, if you aren't experiencing any problems and/or you want the toolbar, it's not going to cause you any harm.

If you end up experiencing anymore problems, FEEL free to come back and we'll give it all another run-through. But if you're not having trouble, then you should be good to go. I think ComboFix is a HANDY program to keep around, but because it's constantly being updated, it's best to re-download it whenever you need it. So, let's go ahead and uninstall by going to Start > Run...then type in combofix /u and click on OK. Note the space between "combofix" and "/u".

Here are some additional procedures that you should follow to help with the security of your computer...
Next, let's clean your restore points and SET a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit here MONTHLY:

Microsoft Windows Update

And to keep your system clean run these free malware scanners weekly:

And be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?Once again thanks a lot for your help. I completed this list of things to do and am good to go..I hope! lol

If anything else comes along I'll be back.

take care-
ChristySounds good to me. Best of luck to you!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Solve : Infections won't go away, IE freezes?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment