Reinstall IE7 to remove adware?

[Paddy]

My daughter managed to download some malware onto her computer (she doesn't
know how she did it). The various anti-virus, firewall, and anti-malware
(including Defender, Spybot, ZoneAlarm Pro and AdAware) do not catch this
malware.

The malware opens Internet Explorer windows with ads.

Investigating the computer with Sypbot and others, the malware seems to be
"1 mags 16 more" and "BEND BOLT". I've disabled these programs with Spybot,
but of course have no way to uninstall these programs.

Unfortunately, a side-effect is that this has prevented IE from running at
all. When attempting to start IE7, nothing happens (no error message; it just
doesn't start).

Would it help to uninstall IE7 and then reinstall it from scratch? If so,
how do I go about it (and where do I find the IE7 download -- I don't seem to
be able to find it on the Microsoft website)?

I'd like to avoid a full hard drive reformat, if possible.

More information:
Vista Home Premium
Internet Explorer version 7
Fully updated with Windows Update

 

[Bob]

What happens when you try to uninstall these programs?

 

[Paddy]

What happens when you try to uninstall these programs?

They're malware, installed without permission and without warning. There is
no uninstall procedure for them. No "Start" icons, and no uninstall in the
"Programs and Features". They run uninvited when turning on the computer,
serving up unwanted ads for unwanted services. It took me ages just to find
how to disable them.

That's why I'm totally in the dark as to how to get around them. If you have
any ideas for me to follow up, I'll be happy to try.

Otherwise, I'll just have to do a full reformat and restore all files.

 

[Bob]

Try Right click>Delete.

They're malware, installed without permission and without warning. There
is
no uninstall procedure for them. No "Start" icons, and no uninstall in the
"Programs and Features". They run uninvited when turning on the computer,
serving up unwanted ads for unwanted services. It took me ages just to
find
how to disable them.

That's why I'm totally in the dark as to how to get around them. If you
have
any ideas for me to follow up, I'll be happy to try.

Otherwise, I'll just have to do a full reformat and restore all files.

 

[Malke]

They're malware, installed without permission and without warning. There
is no uninstall procedure for them. No "Start" icons, and no uninstall in
the "Programs and Features". They run uninvited when turning on the
computer, serving up unwanted ads for unwanted services. It took me ages
just to find how to disable them.

That's why I'm totally in the dark as to how to get around them. If you
have any ideas for me to follow up, I'll be happy to try.

Otherwise, I'll just have to do a full reformat and restore all files.

Even if malware has an uninstall entry in "Programs and Features" it is rare
for that to actually work. Malware lies.

You cannot get rid of the malware by tinkering with IE7; you can simply
break your machine further. You need to remove the malware in a systematic
way (see link below) or look on the BleepingComputer link below, or follow
the instructions in the "when all else fails" paragraph.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that worry
you. Scroll all the way down to almost the bottom of the page and you'll
see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see
"Download von www pctipp.ch" and the live link to download Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. If you are unable to remove the infection by following the
general steps, register at one of the HijackThis forums as suggested.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke

 

[Paddy]

Go through these general malware removal steps systematically...

Malke, thank you for your comprehensive reply. Your advice would be useful
to many people, I'm sure.

I've had a look at the sites you've shown me.

It's starting to look as though it'll be easier -- and faster -- to just do
a full reformat of the machine. (Yes, I have already made a complete backup
of all data!)

Thanks again for your reply; I'll keep it in mind.

 

[Malke]

Malke, thank you for your comprehensive reply. Your advice would be useful
to many people, I'm sure.

I've had a look at the sites you've shown me.

It's starting to look as though it'll be easier -- and faster -- to just
do a full reformat of the machine. (Yes, I have already made a complete
backup of all data!)

Thanks again for your reply; I'll keep it in mind.

You're welcome, Paddy. Yes, it is most definitely easier and possibly
smarter to do a clean install. Then point your daughter at the "staying
safe" links below.

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on Rogue
Antispyware Programs

Malke

 

[Hank Arnold (MVP)]

Malke, thank you for your comprehensive reply. Your advice would be useful
to many people, I'm sure.

I've had a look at the sites you've shown me.

It's starting to look as though it'll be easier -- and faster -- to just do
a full reformat of the machine. (Yes, I have already made a complete backup
of all data!)

Thanks again for your reply; I'll keep it in mind.

If you do format & rebuild, I would suggest you also get a copy of
either Ghost or Acronis. Once the system is working the way you want,
generate an image of the drive(s). Then, the next time she messes the
system up, just restore the image (after backing up new files)......

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

 

[Paddy]

... also get a copy of either Ghost or Acronis...

Thanks for the suggestion. I'll have a look at that.

 

[Paddy]

:
"staying

safe" links below...

Again, something that will help many people.

Thanks.

 

[Mick Murphy]

You say that you know what it is, but can't get rid of it.

At startup, tap F8, and go into Safe Mode, using the UP and DOWN arrows when
a list of options appears. hit ENTER, and do your scans from within there.

Spybot Search & Destroy should remove it in Safe Mode, as it has already
told you what it is when you are in dynamic mode!

 

[bobg]

This is, of course, very obvious...but did you try System Restore? (Of
course, you did?!)