Help for Trojan infection of IE6

[Simple Guy]

I need help with a hijack of my IE6 homepage. I was infected by a
Trojan, at least that was the message from the virus acanners.
What happened was yesterday I opened my Internet Explorer IE6 but the
usual home page was not there. Instead there was a page that said that
mentioned my IP address and said that my computer IE and Firefox is not
secure and there was a need to download something to fix it. I did not
download.
The Norton Antivirus message box appeared and said something about
secure32.html and ibm00003 and ibm0004 infections. I ran A squared
free, Lavasoft Adware free, Norton Antivirus and One Button Checkup
from Norton SystemWork. That seem to clear up the virus infection
problem.
Now when I boot up my home computer it said that C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe not found.
This is my home computer. I tried looking for the file in the computers
in my office but none have any files with this name or anything near to
it.
I cannot no longer use my IE6. Clicking on Internet Explorer on the
Start Menu or the Desktop icon will result in the mouse cursor showing
an hourglass for showing a program being loaded. After a while the
hourglass disappear and nothing happen. No IE6.
When I shut down my computer a message that say that Internet Explorer
not loaded appear and the computer shut down normally and turn off.
I tried to download IE6 SP1 from Windows Update but can run it. The
message was that there is already a newer version IE6 on my computer. I
ran SP2 and it ran normally and rebooted.
Can anyone tell how can I reinstall into my home computer that program,
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
or how to change the registry and put some other files in the
subdirectory Web Folders.
Can anyone tell me how can I reinstall a working version of IE6 or IE7
beta so that I can use Internet Explorer.
My computer run Windows XP Professional. I have installed SP1, SP2 and
various updates including the very recent ones. I have dotnet 1.1. I
have also updated with the recent DirectX and Scripts and Java and
Firefox. I note that Firefox cannot run certain sites that require IE6
or IE5.X.


Using find of regedit I found only one instance of ibm00003.exe I tried
to export it but at the final screen I clicked on SAVE but nothing
happened. The screen just remain there.
The file details, Type REG_SZ.
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam|MUICache.
Using msconfig there is no item by the name of ibm00003 or whatsoever
ibm...
The files C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe or
ibm00003 or ibm0004 dot whatever cannot be spyware files because this
subdirectory is now empty. There should be something in this
subdirectory. There are few files in this subdirectory of my OFFICE
computer. Also I cannot use Control Panel Add/Remove program to
uninstall or install IE6 because Microsoft does not allow their
Internet Explorer to be uninstalled. Reference recent
Government/States court cases vs. Microsoft. I don't know if new
version being shipped now has IE in the Control Panel>Add/Remove
Program. Mine has none.
I can copy files from my office computer but which files do I need.

How to completely eliminated the
trojan.

 

[Lanwench [MVP - Exchange]]

In

I need help with a hijack of my IE6 homepage. I was infected by a
Trojan, at least that was the message from the virus acanners.
What happened was yesterday I opened my Internet Explorer IE6 but the
usual home page was not there. Instead there was a page that said that
mentioned my IP address and said that my computer IE and Firefox is
not secure and there was a need to download something to fix it. I
did not download.
The Norton Antivirus message box appeared and said something about
secure32.html and ibm00003 and ibm0004 infections. I ran A squared
free, Lavasoft Adware free, Norton Antivirus and One Button Checkup
from Norton SystemWork. That seem to clear up the virus infection
problem.
Now when I boot up my home computer it said that C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe not
found. This is my home computer. I tried looking for the file in the
computers in my office but none have any files with this name or
anything near to it.
I cannot no longer use my IE6. Clicking on Internet Explorer on the
Start Menu or the Desktop icon will result in the mouse cursor showing
an hourglass for showing a program being loaded. After a while the
hourglass disappear and nothing happen. No IE6.
When I shut down my computer a message that say that Internet Explorer
not loaded appear and the computer shut down normally and turn off.
I tried to download IE6 SP1 from Windows Update but can run it. The
message was that there is already a newer version IE6 on my computer.
I ran SP2 and it ran normally and rebooted.
Can anyone tell how can I reinstall into my home computer that
program, C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00003.exe or how to change the registry and put some other
files in the subdirectory Web Folders.
Can anyone tell me how can I reinstall a working version of IE6 or IE7
beta so that I can use Internet Explorer.
My computer run Windows XP Professional. I have installed SP1, SP2 and
various updates including the very recent ones. I have dotnet 1.1. I
have also updated with the recent DirectX and Scripts and Java and
Firefox. I note that Firefox cannot run certain sites that require IE6
or IE5.X.


Using find of regedit I found only one instance of ibm00003.exe I
tried to export it but at the final screen I clicked on SAVE but
nothing happened. The screen just remain there.
The file details, Type REG_SZ.
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam|MUICache.
Using msconfig there is no item by the name of ibm00003 or whatsoever
ibm...
The files C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe or
ibm00003 or ibm0004 dot whatever cannot be spyware files because this
subdirectory is now empty. There should be something in this
subdirectory. There are few files in this subdirectory of my OFFICE
computer. Also I cannot use Control Panel Add/Remove program to
uninstall or install IE6 because Microsoft does not allow their
Internet Explorer to be uninstalled. Reference recent
Government/States court cases vs. Microsoft. I don't know if new
version being shipped now has IE in the Control Panel>Add/Remove
Program. Mine has none.
I can copy files from my office computer but which files do I need.

How to completely eliminated the
trojan.

Sounds like malware/adware. I suggest you run a full anti-spyware scan with
sometihng like the MS Antispyware Beta (free download).
Also go to msconfig (start | run, type msconfig) and look in the startup tab
to untick whatever looks like it matches the stuff Windows is saying it
can't start.
A good place to post questions like this:
microsoft.public.windows.security.homeusers.

 

[Simple Guy]

Done what you suggested. I cannot find it.

 

[Lanwench [MVP - Exchange]]

In

Done what you suggested. I cannot find it.

Hi - please don't snip out all quoted text in your replies. It will make
this thread impossible for anyone else to follow. And it will also confuse
me. That isn't hard to do.

So, you ran a full / deep scan with MS Antispyware? Did you try this in safe
mode?

There are other tools out there, note - AdAware, Spybot, etc.

Might also try Winsockfix : http://www.majorgeeks.com/download4372.html

 

[Plato]

from Norton SystemWork. That seem to clear up the virus infection
problem.
Now when I boot up my home computer it said that C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe not found.

Sounds like the problem files were removed, but you are left with the
registry or other system file trying to load the nasty file again, even
tho it's gone. I'd search the registry, and delete any call to the nasty
file your pc is still trying to load.

STill, best bet in the future, is NOT to install viruses or trojand or
spyware. It's all up to you. It's your choice whether or not to install
virues, trojans, or spyware.

Personally, I always choose NOT to, thus, I never have to clean them
out.