Unable to start Internet Explorer or Windows Explorer

[Guest]

It seems like my PC has been infected with virus. Since this morning I had
not been able to start Internet Explorer. Everytime I try, a message window
will pop up saying "Internet Explorer has encountered a problem and must
close" and then it will ask me if I want to send the error report to
Microsoft. Since the error report will be sent via IE and IE cannot be
launched, the transmission will always hang even if I agree to send the
report. Here is the detail of the report if it is to be sent:

AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: ole32.dll
ModVer:5.1.2600.2180 Offset: 000426d0

The same problem will occur if I try to start a Window Explorer but of
course AppName will be explorer.exe in the above error report. I don't
believe I have install any program between two days ago and yesterday morning
but I do have inadvertently agreed to installing some kind of pnp through a
webpages. I have run Ad-Aware to scan and remove and suspicious object but
the problem still persist. However, before suggesting downloading the latest
security patch from Microsoft, please be reminded that I can't start Internet
Explorer now so I don't know if there is any way to update the security patch
bypassing Internet Explorer. Right now my PC has more or less rendered as
useless since neither Internet Explorer nor Window Explorer can be launched.
Any help will be much appreciated. Thank in advance

 

[Jan Il]

Hi Jobseeker

You likely have a hijacker and/or malware on your system that is causing the
problem and will require that you load the necessary removal tools to get
rid of it. As you can not download these programs from the Internet, if
your PC has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to the hdard drive of the infected machine, then
install the programs in the HOLD folder and run them. After you have IE
access again, update all programs where possible to get the latest
definitions and run them again in Safe Mode to be sure there are no
lingering items on the system.If you can not connect to the Internet, you
will have to use another PC to download the programs to it and burn them to
a CD to load onto the infected machine.

Run the programs below in Safe Mode with Hidden Files enabled. Some malware
can replicate itself repeatedly if not removed properly, so even if you have
run some of the programs listed here, it is important that you run them
again according to the information below so that Windows is not operating to
hide any files 'in use' Follow all instructions carefully.

First, Clear the TIF's and empty the recycle bin:
http://www.mvps.org/winhelp2002/delcache.htm

Also…empty your Recycle bin.

Then do the following:

WARNING>>>> Backup all documents and files before removing any spyware!!

Most importantly, download install and run CWShredder here
http://www.majorgeeks.com/download3019.html
or here
http://www.trendmicro.com/cwshredder/
and About Buster, which searches for hidden .dlls that recreate the malware.
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Then download, install and immediately update these three programs before
running:
AdAware SE - Update immediately after installing
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
AdAware Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
SpyBot S &D - Update immediately after installing
http://www.majorgeeks.com/download2471.html
SpyBot S&D Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
Microsoft Windows Antispyware Program (Beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure that you choose "fix" or "clean".

Download Pocket Killbox from
http://www.thespykiller.co.uk/files/killbox.exe
and put it on the desktop where you can find it easily

Download, install, and run HiJackThis - it is one of the most important
tools to help clean your system of scumware. Follow the instructions
carefully:

How to download and install HiJackThis: (it does not need to be updated)
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below:
CastleCops HiJackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
or Bleeping Computer HiJackThis Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the program experts there to evaluate your log and advise you of
any
necessary steps to clean your system.
(Note: Look for and read the "Important- Read This First" messages in the
sections for HiJackThis logs so that you follow proper procedure. You will
have to Register before posting on these Forums. Please follow all posting
instructions carefully to avoid having your log deleted or ignored.)

Also, please post a link to the forum where you post your HJT log back to
this thread so that we can follow your progress there.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

How to Show Hidden Files
http://snipurl.com/6rl8

Hope this helps.

Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Guest]

Hi, Jan,

Thank you for your reply. I try to follow your instructions but I have a
few questions I need to clarify. First you told me to run all these program
in Safe Mode. However, correct me if I am wrong, there couldn't be any
internet connection to the PC when it is running in Safe Mode, right? If so,
many of these program cannot be run while it is in Safe Mode because it
require online transmission of defintion. Such as:

Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm

Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also, do I need to run Pocket KillBox, you only say download and put it on
my desktop

Download Pocket Killbox from
http://www.thespykiller.co.uk/files/killbox.exe
and put it on the desktop where you can find it easily

Regarding running HiJackThis, I scan the system with the program and it
gives me a list of suspicious objects. But it also specifically say be very
careful if I try to remove any of the objects and suggest me to save the list
in a log file and let some expert to decide what action should be taken. In
your instruction you told me to post the log to one of the forum, does it
mean I should defer any action after scanning my system with HiJackThis, just
save the output to the log and post it to the forum you suggest and let the
people there tell me what to remove?

Download, install, and run HiJackThis - it is one of the most important
tools to help clean your system of scumware. Follow the instructions
carefully:

How to download and install HiJackThis: (it does not need to be updated)
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below:
CastleCops HiJackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
or Bleeping Computer HiJackThis Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the program experts there to evaluate your log and advise you of
any
necessary steps to clean your system.

Finally you told me to download a copy of LSPFIX, WINSOCKXPFIX and WinsockXP
Fix- WinXP before removing any spyware using any of the programs *below*.
However, you didn't list any programs below except the link to download these
software. What program should I run after I download them? Also what do I do
with LSPFIX, WINSOCKXPFIX and WinsockXP Fix- WinXP after downloading them?
Should I run them?

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:

I would appreciate if you could clarify the instruction a little. Thank.

 

[Jan Il]

Hi Jobseeker

See my answers to your questions in line below:

Hi, Jan,

Thank you for your reply. I try to follow your instructions but I have
a
few questions I need to clarify. First you told me to run all these
program
in Safe Mode. However, correct me if I am wrong, there couldn't be any
internet connection to the PC when it is running in Safe Mode, right? If
so,
many of these program cannot be run while it is in Safe Mode because it
require online transmission of defintion. Such as:

Yes...you will not be able to access these sites until you have Internet
access. These programs should be run after you have been able to get
Internet connection again to make sure your system is thoroughly clean.

Also, do I need to run Pocket KillBox, you only say download and put it on
my desktop

Yes...you need to have that available IF you need it. It is a very good
tool for removing stubborn scumware that may not be fully removed by the
other programs. It is good to have at hand if you need it.

Regarding running HiJackThis, I scan the system with the program and it
gives me a list of suspicious objects. But it also specifically say be
very
careful if I try to remove any of the objects and suggest me to save the
list
in a log file and let some expert to decide what action should be taken.
In
your instruction you told me to post the log to one of the forum, does it
mean I should defer any action after scanning my system with HiJackThis,
just
save the output to the log and post it to the forum you suggest and let
the
people there tell me what to remove?

Yes, post your log to the forum and then wait until they reply. It may take
a bit of time as they are usually very busy, but, give them time to review
your log and then advise you what you need to do. This part of the process
is one of the more important ones, and it can help get rid of some types of
scumware residuals that can not be detected or removed otherwise. So you
can wait until you hear back from them. It would be very helpful to us here
if you posted the link to the forum where you post your log. That way we
can follow along and it will help us help you on this end as well.

Finally you told me to download a copy of LSPFIX, WINSOCKXPFIX and
WinsockXP
Fix- WinXP before removing any spyware using any of the programs *below*.
However, you didn't list any programs below except the link to download
these
software. What program should I run after I download them? Also what do I
do
with LSPFIX, WINSOCKXPFIX and WinsockXP Fix- WinXP after downloading them?
Should I run them?

Again, these are programs to keep at hand in case you are unable to connect
to the Internet after removing any spyware or malware. As it said, removing
some types of spyware and other malicious warez can damage some files and
prevent you from connecting to the Internet until they are repaired or
replaced. That is what these programs are for. So, only use them if you
need them, which you can determine after you have finished cleaning your
system. If you can open IE and have connection to the Internet, then you
likely won't need them. If not, then you have them at hand to use to repair
the system.

I would appreciate if you could clarify the instruction a little. Thank.

I hope that information has helped, if not, post back and I'll go over it in
more detail for you. If it important that you fully understand the
instructions.

Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm