Internet Explorer IEPageSpoofer(Virus)

[Guest]

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks

 

[db]

have you thought about
uninstalling SiteAdvisor ?

i am not famaliar with the
above program, but sometimes
they can be misleading.

ie7 has anti phishing already
integrated in the browser and
netscape has the same. these
features check out sites as well.

i would go into safemode and
uninstall that program, remove
any startups from msconfig related
to that program, then run your mcafee
and any other antivirals you may have.

afterwards i would run an sfc /scannow
to replace any files that were replaced with
ingenuine versions..

- db
Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks

 

[Guest]

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties window you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced.
Click on General Tab and clean up the History, internet Files and delete
cookies.
Then Run Disk CleanUp on your Hard drive to clean up the junk. Then Open
windows Explorer and locate this path:
C:\Windows\Temp\Temporary Internet files\ Content.IE5\( Delete all Folder
here they all will be in capital letters)

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Network connection and there right your
Internet connection and Disable the NeTBIOS Over TCP under WINS.

Open a Run command and type in;
regedit click [OK]
[-] HKEY_CURRENY_USER\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it

Download these software and update their definitions and run a scan for
malwares:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D.
HTH.
Let us know.
nass

 

[Guest]

nass
many thanks for reply
tried to follow though the process but need to clarify :-
After clearing folder under temp .. contentIE5 I have gone in to Network
and Internet Connection and my correct Lan appears --- how and where do I
disable NeBIOS Over TCP under wins
I opened Run with regedit and have the following files
HKEY_CLASSES_ROOT
HYEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
All have multi sub files and I cannot see anything strange but there is so
much it would be so easy to have an extra file without it appearing strange

I´ll down load file to my other pc and copy and run after I have cleared the
above
Many thanks again


--
trev

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties window you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced.
Click on General Tab and clean up the History, internet Files and delete
cookies.
Then Run Disk CleanUp on your Hard drive to clean up the junk. Then Open
windows Explorer and locate this path:
C:\Windows\Temp\Temporary Internet files\ Content.IE5\( Delete all Folder
here they all will be in capital letters)

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Network connection and there right your
Internet connection and Disable the NeTBIOS Over TCP under WINS.

Open a Run command and type in;
regedit click [OK]
[-] HKEY_CURRENY_USER\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it

Download these software and update their definitions and run a scan for
malwares:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D.
HTH.
Let us know.
nass

 

[Guest]

Hold a second Tev don't go made and clear the Registry!.
On the Registry Editor Click the Plus to expand the KEY like this:

[-] HKEY_CURRENY_USER\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run = look in the Right Pane/Window for any bad entry, if you are not
sure you can post them here in your next post or search the net for them and
you will get info if they are good or bad, but still if you are unsure don't
go a head!.

[-] HKEY_LOCAL_MACHINE\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run =look in the Right Pane/Window for any bad entry, if you are not sure
you can post them here in your next post or search the net for them and you
will get info if they are good or bad, but still if you are unsure don't go a
head!.
If there is a suspicious running process there remove it.
Also you can download the HijackThis and scan and save the log file then
send it to one of many forums for analysis after creating an user account
with them.
Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know.
Regards,
nass

nass
many thanks for reply
tried to follow though the process but need to clarify :-
After clearing folder under temp .. contentIE5 I have gone in to Network
and Internet Connection and my correct Lan appears --- how and where do I
disable NeBIOS Over TCP under wins
I opened Run with regedit and have the following files
HKEY_CLASSES_ROOT
HYEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
All have multi sub files and I cannot see anything strange but there is so
much it would be so easy to have an extra file without it appearing strange

I´ll down load file to my other pc and copy and run after I have cleared the
above
Many thanks again


--
trev

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties window you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced.
Click on General Tab and clean up the History, internet Files and delete
cookies.
Then Run Disk CleanUp on your Hard drive to clean up the junk. Then Open
windows Explorer and locate this path:
C:\Windows\Temp\Temporary Internet files\ Content.IE5\( Delete all Folder
here they all will be in capital letters)

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Network connection and there right your
Internet connection and Disable the NeTBIOS Over TCP under WINS.

Open a Run command and type in;
regedit click [OK]
[-] HKEY_CURRENY_USER\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it

Download these software and update their definitions and run a scan for
malwares:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D.
HTH.
Let us know.
nass

 

[Guest]

Thanks for help -will study what you have advised and will come back to you
--
trev

Hold a second Tev don't go made and clear the Registry!.
On the Registry Editor Click the Plus to expand the KEY like this:

[-] HKEY_CURRENY_USER\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run = look in the Right Pane/Window for any bad entry, if you are not
sure you can post them here in your next post or search the net for them and
you will get info if they are good or bad, but still if you are unsure don't
go a head!.

[-] HKEY_LOCAL_MACHINE\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run =look in the Right Pane/Window for any bad entry, if you are not sure
you can post them here in your next post or search the net for them and you
will get info if they are good or bad, but still if you are unsure don't go a
head!.
If there is a suspicious running process there remove it.
Also you can download the HijackThis and scan and save the log file then
send it to one of many forums for analysis after creating an user account
with them.
Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know.
Regards,
nass

nass
many thanks for reply
tried to follow though the process but need to clarify :-
After clearing folder under temp .. contentIE5 I have gone in to Network
and Internet Connection and my correct Lan appears --- how and where do I
disable NeBIOS Over TCP under wins
I opened Run with regedit and have the following files
HKEY_CLASSES_ROOT
HYEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
All have multi sub files and I cannot see anything strange but there is so
much it would be so easy to have an extra file without it appearing strange

I´ll down load file to my other pc and copy and run after I have cleared the
above
Many thanks again


--
trev

:

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks
--
trev


Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties window you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced.
Click on General Tab and clean up the History, internet Files and delete
cookies.
Then Run Disk CleanUp on your Hard drive to clean up the junk. Then Open
windows Explorer and locate this path:
C:\Windows\Temp\Temporary Internet files\ Content.IE5\( Delete all Folder
here they all will be in capital letters)

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Network connection and there right your
Internet connection and Disable the NeTBIOS Over TCP under WINS.

Open a Run command and type in;
regedit click [OK]
[-] HKEY_CURRENY_USER\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it

Download these software and update their definitions and run a scan for
malwares:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D.
HTH.
Let us know.
nass

 

[Guest]

Well good luck, about the NeTBIOS Over TCP/IP I forget to include in my last
Message:
Click Start >> Control Panel >> Network and Internet connections >> Network
Connections.
There Right click on your connection and select Properties, on the
Properties highlight the Internet Protocol ( TCP/IP) then click the
Properties button.
On the Internet Protocol Click on Advanced Button and you will see the WINS
Tab click and do the changes.
HTH.
Let us know.
nass

Thanks for help -will study what you have advised and will come back to you
--
trev

Hold a second Tev don't go made and clear the Registry!.
On the Registry Editor Click the Plus to expand the KEY like this:

[-] HKEY_CURRENY_USER\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run = look in the Right Pane/Window for any bad entry, if you are not
sure you can post them here in your next post or search the net for them and
you will get info if they are good or bad, but still if you are unsure don't
go a head!.

[-] HKEY_LOCAL_MACHINE\
[-]Software\
[-]Microsoft\
[-]Windows\
[-]CurrentVersion\
[-]Run =look in the Right Pane/Window for any bad entry, if you are not sure
you can post them here in your next post or search the net for them and you
will get info if they are good or bad, but still if you are unsure don't go a
head!.
If there is a suspicious running process there remove it.
Also you can download the HijackThis and scan and save the log file then
send it to one of many forums for analysis after creating an user account
with them.
Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know.
Regards,
nass

nass
many thanks for reply
tried to follow though the process but need to clarify :-
After clearing folder under temp .. contentIE5 I have gone in to Network
and Internet Connection and my correct Lan appears --- how and where do I
disable NeBIOS Over TCP under wins
I opened Run with regedit and have the following files
HKEY_CLASSES_ROOT
HYEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
All have multi sub files and I cannot see anything strange but there is so
much it would be so easy to have an extra file without it appearing strange

I´ll down load file to my other pc and copy and run after I have cleared the
above
Many thanks again


--
trev


:



:

Internet access being blocked by Web Proxy being inserted into the Internet
Settings section LAN Auto Configuration .. address shown as http : //
localhost:9100/proxy.pac - when this is deleted it resets itself. I had
McAfee Security Center installed and it detected on 13.02.07 Exploit
IEPageSpoofer(Virus) iexplorer.exe - deleted and removed. This does not
appear to have worked - I have had no sense out of McAfee and wasted 2 hours
ontheir support chat but got no where. In XP Home Control panel-Help& Support
Center-Tools-Network Diagnostics I scanned and revealed under Windows Watson
Crash Information 12.02.07 Application
C\ProgrammeFiles\SiteAdviser\SiteAdviser.exe, generated application error.
This error occurred on 12.02.07 at 07.07.43. The exception generated was
c0000005 at address 1000170C(SiteAdv). Under the same sectionof Help &
Support I ran System Restore to a date in Dec2006 well prior to this problem
- it failed to reset Internet Exploere as files are not affeted and it seems
that there is a virus file installed or linked through to this "localhost"
web. Can anyone advise what steps I need to take to clear this.
Many thanks
--
trev


Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties window you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced.
Click on General Tab and clean up the History, internet Files and delete
cookies.
Then Run Disk CleanUp on your Hard drive to clean up the junk. Then Open
windows Explorer and locate this path:
C:\Windows\Temp\Temporary Internet files\ Content.IE5\( Delete all Folder
here they all will be in capital letters)

Click Start >> Double click Control Panel >> Double click Network and
Internet Connections >> Double click Network connection and there right your
Internet connection and Disable the NeTBIOS Over TCP under WINS.

Open a Run command and type in;
regedit click [OK]
[-] HKEY_CURRENY_USER\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
If there is a suspicious running process there remove it

Download these software and update their definitions and run a scan for
malwares:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D.
HTH.
Let us know.
nass