One user profile can not browse Internet using IE7 ...

E

E-Double

We have a Win XP, sp3 machine that was infected with many viruses and
Trojans. We used various cleaning tools to clean-up the machine (ie
Malwarebytes, Spybot, CCleaner, HiJackThis, AVG, and Windows Malicious
Software Removal Tool), and the machine seems to be clean and running well
now. But for some reason there is one user profile that can not browse to
the Internet. They just get various Page Cannot Be Displayed errors within
IE7 (we have not tried another browser yet but perhaps that is an option).
When going to a command prompt in that profile and pinging various sites like
Yahoo! and Microsoft the DNS query gets resolved correctly, but the pages
never display in a browser. The Hosts file is okay. Also, the other three
user profiles on that machine work fine. Is there anything else we can check
on this to get that one user profile to work correctly ?

TIA ...
 
P

Pegasus [MVP]

E-Double said:
We have a Win XP, sp3 machine that was infected with many viruses and
Trojans. We used various cleaning tools to clean-up the machine (ie
Malwarebytes, Spybot, CCleaner, HiJackThis, AVG, and Windows Malicious
Software Removal Tool), and the machine seems to be clean and running well
now. But for some reason there is one user profile that can not browse to
the Internet. They just get various Page Cannot Be Displayed errors
within
IE7 (we have not tried another browser yet but perhaps that is an option).
When going to a command prompt in that profile and pinging various sites
like
Yahoo! and Microsoft the DNS query gets resolved correctly, but the pages
never display in a browser. The Hosts file is okay. Also, the other three
user profiles on that machine work fine. Is there anything else we can
check
on this to get that one user profile to work correctly ?

TIA ...
Click to expand...

It is a popular myth that virus scanners and cleaning tools can repair all
damage done by a virus. They can't and they don't. Some damage will remain,
same as the scars in the face of someone afflicted with smallbox. If my PC
had been infected with "many viruses and Trojans" (your words) then I would
consider it compromised. If you want a robust installation then it's time to
format the disk and re-install Windows, this time with a good virus scanner
that is updated regularly. You should also review your policy about
practising "safe hex".
 
K

Ken Blake, MVP

It is a popular myth that virus scanners and cleaning tools can repair all
damage done by a virus. They can't and they don't. Some damage will remain,
same as the scars in the face of someone afflicted with smallbox. If my PC
had been infected with "many viruses and Trojans" (your words) then I would
consider it compromised. If you want a robust installation then it's time to
format the disk and re-install Windows, this time with a good virus scanner
that is updated regularly. You should also review your policy about
practising "safe hex".
Click to expand...


E-Double, let me second everything Pegasus says here. I strongly agree
with him. The idea that a virus is just a nuisance, and one that can
be eliminated by running an anti-virus program, is completely false. A
virus is a piece of software designed to do irreparable damage to your
computer.

Does that mean that viruses can never be removed? No, of course not.
In practice it is often possible to remove a virus, especially if you
haven't been infected with it very long. However, if you say you had
"many viruses and Trojans," your chances of having successfully
removed all of them are very poor. The more you have, the less likely
it is that they can all be properly removed, and with "many," it's
highly likely that your situation was bad enough to be uncorrectable.
 
P

PA Bear [MS MVP]

"Seems to be clean" and "is clean" aren't the same things. You have (much)
more work to do, especially if Automatic Updates is still disabled and you
can't & haven't update the computer manually via Windows Update website.

There is a very good chance that you are seeing the affects of a hijackware
infection.

1. See if you can download/run the current version of the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!

2. Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe
Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
ing your local Microsoft subsidiary. There is no-charge for support calls
that are associated with security updates.
 
P

Pegasus [MVP]

PA Bear said:
"Seems to be clean" and "is clean" aren't the same things. You have
(much) more work to do, especially if Automatic Updates is still disabled
and you can't & haven't update the computer manually via Windows Update
website.

There is a very good chance that you are seeing the affects of a
hijackware infection.

1. See if you can download/run the current version of the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!

2. Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe
Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting
this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
ing your local Microsoft subsidiary. There is no-charge for support calls
that are associated with security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Click to expand...

If the OP decides to explore all eleven links that you quote then he is
likely to spend substantially more time than he would if he reloaded
Windows. Under these circumstances a reload would appear to be preferable
for several reasons:
a) It's faster.
b) A successful outcome is guaranteed.
c) Little technical expertise is required.
 
E

E-Double

Perfect, thanks everybody for the replies !

I agree 110% that a reload would definately be the way to go, but this
machine is for a user who has the machine customized in such a way with his
apps and data that we would not be able to get it back to its current config
(and sadly he would not either). And, even if we did to a clean reinstall
with WinXP and MS Office this user would/will have it infected again in under
two months. Really frustrating for us, but what can you do (??). But as
mentioned I do agree that is usually the best option in these cases.

It turns out that the Dell Support Center was also having a strange effect
and causing IE to always route to a loopback address (I found that address
under the Dell Support Center settings in the registry and it was showing-up
on the status bar at the bottom of IE). So in addition to the myriad of
malware scans I uninstalled Dell Support Center, reset IE to the default
settings, unchecked Use Proxy Server, and ran the browser/Internet fixes that
were listed on this site that linked to Kelly's Korner for WinXP, and then
ran the Windows Live Safety Scanner, followed the instructions on KB articles
956196 & 813444, and it seems to work okay.

Thanks again all, much appreciated. A lot of the suggestions on this post
not only helped me with this machine but will be used for future problems as
well.

e.
 
P

Pegasus [MVP]

E-Double said:
Perfect, thanks everybody for the replies !

I agree 110% that a reload would definately be the way to go, but this
machine is for a user who has the machine customized in such a way with
his
apps and data that we would not be able to get it back to its current
config
(and sadly he would not either). And, even if we did to a clean reinstall
with WinXP and MS Office this user would/will have it infected again in
under
two months. Really frustrating for us, but what can you do (??).
Click to expand...

There is an easy answer to this one:
1. Set up the machine so that it is just right.
2. Create an image, using a product such as Acronis TrueImage.
3. Restore the image when the installation goes bad. This will take less
than half an hour. Success guaranteed!
 
E

E-Double

You are right, we should do that. Otherwise it is going to be a lesson in
futility for us in trying to keep this thing running well over the long
term. So this is a good answer ...

Thanks,

e.
 
P

PA Bear [MS MVP]

Is the machine now fully patched at Windows Update?

Is Automatic Updates enabled and functioning?
 
E

E-Double

Yes, fully patched and has WinXP, sp3 applied as well. Scanned for rootkits
too.

We are actually only indirectly responsible for maintaining this particular
PC as it is for an independent sales person for our organization that works
out in the field and purchases their own computing equipment. When dealing
with PC's that we are 100% responsible for (ie that our organization owns) we
always erase the PC and reinstall the OS from scratch in these situations.
But with the PC's out in the field that we only have limited control and
responsibility for we have to take a 'best efforts' approach to maintaining
them.

Thanks again all for your help, this forum is great !

e.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

"Windows cannot load the locally stored profile" for a domain user 4
IE7 breaks Windows Media Player streaming media 1
user profile cannot be located / user profile service failed the logon, 5
Files wiped clean on only one opersonal profile setting 4
User logon with Temp profile? 3
User Always get Temporary Profile 2
User profile program settings 3
Should I worry at all about Local Profile Size? 2

Top