Sorry for not specifying what system I am using. I am
using Windows 98 on an IBM ThinkPad.
Also, with the new problem. I ran Kelly's edit again. I
have all of the tabs, but still no ability to change the
settings. Everything else works. I do not know if it began
working after the first edit and stopped or if it just did
not begin working at all. Unfortunately, the settings
under the advanced tab were the only things that I did not
try to change the first time you suggested it to me. I
noticed that it wasn't working when I tried to change the
some of the security settings and turn off enable image
resizing under that tab. This time I specifically went
through and checked every button, and the settings and
history buttons are indeed the only things that I cannot
press or change under internet options.
I did install the Spyware and made sure I had all of the
critical updates. When I checked my system again and it
still says no parasites, malware, or viruses.
-----Original Message-----
Hi Ivy - The %SystemDrive% etc. are a way of refering generically
to Environmental Variables independent of the particular Operating
System. You don't state your Operating System; however, if you're
on Windows XP, your System Drive would normally be C:, while
%SystemRoot% would normally be \Windows\, etc. If you're using
Windows XP or Windows 2000, then the folder location you need would
normally be C:\Documents and Settings\<your user account
name>\Local Settings\History. If you're on a different OS, then
please post back with that info, and we'll figure out where to
point you to.
Reference your new problem - It sounds like you may have become
re-infected, since you stated that you could change things after
running Kelly's edit. Try running the edit again and see what
happens. Please post back with your results.
Did you install SpywareBlaster? Did you run UPDATED versions of
CWShredder, AdAware and SpyBotS&D? Do you have a firewall in
place? Is your machine fully up-to-date for Critical Windows
Update patches?
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In Ivy <
[email protected]> typed:
I couldn't find the place you were referring to. I tried
navigating in Windows Explorer, but I didn't see anything
named "SystemDrive." I saw a folder named "System" and a
folder named "System 32." I did see the history folder
under there, but it said that it cannot be deleted since
it is a Windows system file. Also, a new problem I
noticed, even though I have all of my internet option tabs
back, under the advanced tab, it won't let me change any
of those settings. The button to restore defaults is
disabled as well.
Any suggestions for either one of those problems?
Again, thanks for the help.
-----Original Message-----
YW, Ivy - Glad it fixed it for you. As to the History button -
you may have a corrupted History folder. Try deleting it (it
will be re-created when you reboot). Close all instances of IE.
Now navigate in Windows Explorer to %SystemDrive% \Documents and
Settings\%Username%\Local Settings\History. Select this folder,
right click, Delete. Now re-boot. See if that restores things.
You'll have to reset the Time to save in IE6 Tools|Internet
Options|General tab.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In Ivy <
[email protected]> typed:
Thanks a lot Jim. I now have all of the internet option
tabs now, and I can turn off my autocomplete and change
other settings. However, the button to clear my history
did not enable (I have been deleting it manually myself
through the history tag in Windows), so that appears to be
a problem separate from not having all of my internet
option tabs.
Also I checked my computer for parasites and malware like
you suggested, but none were found. I made sure that I had
all of the critical updates as well.
Again, thanks a lot. I greatly appreciate your help.
-----Original Message-----
Hi Ivy - download and run:
http://www.kellys-korner-
xp.com/regs_edits/iegentabs.reg to restore
your tabs and remove any restrictions.
Note that this symptom often indicates the possibility of other
malware. You might want go to this page at Jim Eshelman's site,
here:
http://aumha.org/a/noads.htm or here:
http://inetexplorer.mvps.org/parasite.htm and wait a little bit
(be patient), while an analysis of a number of possible
parasites on your machine will be made to help you identify and
remove them. NOTE: You will need to disable Ad Blocking in Zone
Alarm 3.x, if present or any other Ad Blocking software which
interferes with Java Scripting for this scan to work. You
should get a message between the two lines of **** giving the
results of the scan.
Before you try to remove spyware using any of the programs
below, download both a copy of LSPFIX here:
http://www.cexx.org/lspfix.htm
AND a copy of Winsockfix
http://members.shaw.ca/installations/WinsockFix.zip
The process of removing certain malware may kill your internet
connection. If this should occur, these programs, LSPFIX and
WINSOCKFIX, will enable you to regain your connection.
In the following, all of these removal tools should be run from
Safe mode when possible
For the general hijack case, the best way to start is to get
Ad-Aware 6.0, Build 181 or later, here:
http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of
most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re- boot
and rerun AdAware again and repeat this cycle until you get a
clean scan. The reason is that it may have to remove things
which are currently "in use" before it can then clean up
others.
Another excellent program for this purpose is SpyBot Search and
Destroy available here:
http://security.kolla.de/ SpyBot
Support Forum here:
http://www.net-integration.net/cgi-
bin/forums/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with
SpyBot S&D, be sure to re-boot and rerun SpyBot again and
repeat this cycle until you get a clean "no red" scan. The
reason is that SpyBot sometimes has to remove things which are
currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about
what these programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
A currently common parasite is some malware called
CoolWebSearch. Do the following:
Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove
the parasite. Be sure to close all instances of IE and OE.
You may also get it here if that link is blocked:
http://www.zerosrealm.com/downloads/CWShredder.zip
BE SURE that you get v.1.59.0.1 or later!
There's a good tutorial about CWS and using CWShredder here:
http://www.bleepingcomputer.com/forums/index.php?
showtutorial=47#domain
You will need to show Hidden files first and then at the end
clear the malware garbage from your System Restore backups
after you've cleaned up. It's best to perform CWShredder (and
most other malware fixers too) from Safe mode and then reboot.
AFTER cleaning things up, then you can disable and then
re-enable System Restore. See ******** below.
The following links give instructions on how to do these
various functions:
HOW TO Restart in Safe Mode
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/
2001052409420406>
HOW TO Enable Hidden Files
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/
2002092715262339>
HOW TO Disable/Flush System Restore (do this at the end AFTER
cleaning or use the suggested procedure for XP at the ******'s)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/
2001111912274039> (WinXP)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/
2001012513122239> (WinME)
Then download and run:
http://www.kellys-korner-
xp.com/regs_edits/iegentabs.reg to restore
your tabs and remove any restrictions that the parasite has put
in place.
Now download and run:
http://www.kellys-korner-
xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they've been affected (as they
probably will have been).
Be sure that you also download and install hotfix Q816093,
here:
http://support.microsoft.com/?kbid=816093
which blocks the exploit upon which this parasite family
depends.
If they don't fix it then start here:
Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always
download a new fresh copy of HijackThis [and CWShredder also]
- It's UPDATED frequently.) You may also get it here if that
link is blocked:
http://www.majorgeeks.com/downloadget.php?
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
or here:
http://www.bleepingcomputer.com/files/spyware/hijackthis.zi
p
In Windows Explorer, click on Tools|Folder Options|View and
check "Show hidden files and folders" and uncheck "Hide protected
operating system files". (You may want to restore these when
you're all finished with HijackThis.)
Place HijackThis.exe or unzip HijackThis.zip into its own
dedicated folder at the root level such as C:\HijackThis (NOT
in a Temp folder or on your Desktop), start it then press Scan.
Click on SaveLog when it's finished which will create
hijackthis.log. Now click the Config button, then Misc Tools
and click on Generate StartupList.log which will create
Startuplist.txt
Then go to one of the following forums:
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
or Jim Eshelman's site here:
http://forum.aumha.org/
or Bleepingcomputer here:
http://www.bleepingcomputer.com/
Register if necessary, then sign in and READ THE DIRECTIONS at
the beginning of the particular sites HiJackThis forum, then
copy and paste both files into a message asking for assistance,
Someone will answer with detailed instructions for the removal
of your parasite(s). Be sure you include at the beginning of
your post "What problem(s) you're trying to solve" and "What
steps you've already taken."
*******
ONLY IF you've successfully eliminated the malware, you can now
make a new, clean Restore Point and delete any previously saved
(possibly infected) ones. The following suggested approach is
courtesy of Gary Woodruff: For XP you can run a Disk Cleanup
cycle and then look in the More Options tab. The System
Restore option removes all but the latest Restore Point. If
there hasn't been one made since the system was cleaned you
should manually create one before dumping the old possibly
infected ones. *******
Once you get this cleaned up, you might want to consider
installing the SpywareBlaster and SpywareGuard here to help
prevent this kind of thing from happening in the future: