1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Internet Explorer 7 Will Not Launch after Trojan was removed

Discussion in 'Malware and Virus Removal Archive' started by BigMarklin, 2010/09/26.

  1. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
      O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Key error.)
      O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Key error.)
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2010/09/26 09:35:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
       "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  2. 2010/09/28
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Hi Broni,

    Here is the OTL scan. I'm working on the others. I had to get through a BSOD.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    Starting removal of ActiveX control {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
    C:\WINDOWS\Downloaded Program Files\VE3DInstall.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
    Starting removal of ActiveX control {428A9DEF-F057-402B-9F2D-A5887F4544ED}
    C:\WINDOWS\Downloaded Program Files\VE3DInstall.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{428A9DEF-F057-402B-9F2D-A5887F4544ED}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{428A9DEF-F057-402B-9F2D-A5887F4544ED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{428A9DEF-F057-402B-9F2D-A5887F4544ED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{428A9DEF-F057-402B-9F2D-A5887F4544ED}\ not found.
    C:\WINDOWS\System32\74F.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\003150_.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Dad
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temporary Internet Files folder emptied: 53357 bytes

    User: jim
    ->Temp folder emptied: 14284533 bytes
    ->Temporary Internet Files folder emptied: 261610 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 49384377 bytes
    ->Flash cache emptied: 3574 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Mackie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->FireFox cache emptied: 3471103 bytes

    User: Nancy
    ->Temp folder emptied: 339 bytes
    ->Temporary Internet Files folder emptied: 2479639 bytes
    ->FireFox cache emptied: 137109771 bytes
    ->Flash cache emptied: 13625 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 98787 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 198.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Dad

    User: Default User

    User: jim
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mackie

    User: Nancy
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09282010_225602

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\vtclrg41.tmp moved successfully.

    Registry entries deleted on Reboot...

    Thanks!
     

  3. to hide this advert.

  4. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
  5. 2010/09/28
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Here is the Security Check log

    Thanks!

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Symantec AntiVirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date Spybot installed!
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    AML Free Registry Cleaner 4.21
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Java(TM) 6 Update 21
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Mozilla Firefox (3.6.4) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Symantec AntiVirus DefWatch.exe
    Symantec AntiVirus Rtvscan.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  6. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, uninstall IBM 32-bit Runtime Environment for Java 2, v1.4.2 .

    Update Firefox to current 3.6.10 version.
     
  7. 2010/09/28
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Hi Broni,

    I uninstalled the IBM 32-bit Java you mentioned and updated Firefox. I still have to do the free online scan, but since that will take some time and it's approaching midnight, I'll do that tomorrow night.

    Thank you for all your work and perseverance.
     
  8. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
  9. 2010/09/29
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Hi Broni,

    I ran the ESET scan. I did get 1 BSOD and had to restart. The second time it went to completion (2 hrs +). It did not find anything. I did not see any way to save/print a log so I have nothing to post. If I just missed it, I can run the scan again tomorrow.

    Thanks
     
  10. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If Eset doesn't find anything, it won't produce any log.

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  11. 2010/09/29
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Broni,

    It looks like OTL messed up my Symantec antivirus. When I reboot I get a message that Symantec failed to load.

    Here is the OTL log.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Dad
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jim
    ->Temp folder emptied: 19810829 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 35285298 bytes
    ->Flash cache emptied: 456 bytes

    User: LocalService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mackie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Nancy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 115199 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 3608162 bytes

    Total Files Cleaned = 56.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Dad

    User: Default User

    User: jim
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mackie

    User: Nancy
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.14.1 log created on 09292010_232900

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\vtclrg41.tmp moved successfully.

    Registry entries deleted on Reboot...

    Jim
     
  12. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL couldn't do anything to your Norton.
    It merely did reset restore points.
    Restart and see how it goes.
     
  13. 2010/09/29
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Hi Broni,

    Well 2 reboots did the trick. Symantec is working again.

    Also, I have not had the error about my user profile not loading due to insufficient system resources for the last few reboots.

    However, IE still won't launch. It opens a blank window, and acts like it is attempting to load. Then the window closes.

    Thanks again. It's after midnight, so I'm pretty bleary. I'll pick this back up tomorrow night.
     
  14. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try couple of things...

    1. Close IE.
    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same thing?

    2. See, if IE will open in Safe Mode with Networking.
     
  15. 2010/09/30
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    When I tried 1 above, an IE window partially loaded. It was missing some icons, etc. When I tried to surf somewhere it was non-responsive.

    When I tried 2 above, more of the IE window loaded, but again it was non-responsive.

    Thanks
     
  16. 2010/09/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    In IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
    Restart computer.
     
  17. 2010/09/30
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    Hi Broni,

    I can't get into IE to follow your directions. Not enough loads to give me any menu items. Even in safe mode, no menus are visible. Perhaps I should try reinstalling IE7 ?:confused:
     
  18. 2010/09/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try Start>Control Panel>Internet options
     
  19. 2010/09/30
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    I tried that; same results
     
  20. 2010/09/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What do you mean by same results?
     
  21. 2010/09/30
    BigMarklin

    BigMarklin Inactive Thread Starter

    Joined:
    2010/09/26
    Messages:
    27
    Likes Received:
    0
    IE tried to start; a window opened, then closed
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.