Spyware Warrior

Kankyo

I'm dealing with a Win2000 Pro SP4 that had some malware installed previously, had been removed by Ad-aware and Spybot S+D, both with up to date definitions. I do not have information on what specific malware had been present. NortonAV with the most recent definitions finds no virus infection in the classical sense.

Now, whenever IE is opened the following message appears:

"IEXPLORE.EXE has generated errors and will be closed by Windows"

The Microsoft article Q303728 references this error, and even calls some malwares by name. I've followed those suggestions with no change in the problem.

I'm wondering if some BHO was installed, later removed by AAW or SB:S+D... but some setting left over is still trying to call this now-non-existant file.

I would suggest avoiding IE and going with FireFox or similar at this point... but that's not an option here, sadly.

Any suggestions will be appreciated. I should be able to get a HijackThis log if needed, wasn't going to post it without prompting. Thanks!

PS: I'm new here. If I'm not following any standard procedures for this forum, please let me know.

MadameX · Posted: Fri Sep 03, 2004 10:51 am Post subject:

Why is Firefox (or similar) not an option?

Not enough room on your pc?

Deb
_________________
CARMA

radio · Posted: Fri Sep 03, 2004 10:58 am Post subject:

Welcome to the Forum Kankyo Smile

could you post a hijackthis log, make sure you've got the latest version 1.98.2

and could you also create a list of installed programs?
the easiest way I've found doing this is with easycleaner: http://www.majorgeeks.com/download.php?det=414

start easycleaner, press 'add/remove', then 'save', then open the html file created, and copy & paste that list back to here.

I'll move things around after seeing what we're working with... Wink

_________________
PcPitstop Forums

Kankyo · Posted: Fri Sep 03, 2004 10:59 am Post subject:

In this case, I'm helping someone who supposedly needs IE for some business applications.

Embarassed

Is it OK that I'm asking for help on someone else's behalf?

Kankyo · Posted: Fri Sep 03, 2004 11:05 am Post subject:

Doh! I will read responses more carefully in the future. I'll post the requested items to this thread as soon as I can.

Kankyo · Posted: Fri Sep 03, 2004 11:36 am Post subject:

Here is the HTJ log. Working to get the EasyClean information.

Logfile of HijackThis v1.97.7
Scan saved at 3:20:42 PM, on 09/03/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

edit: out of date hjt version, radio

Kankyo · Posted: Fri Sep 03, 2004 11:55 am Post subject:

EasyClean info:

Name
3Com DMI Agent
3Com NIC Diagnostics
Ad-Aware SE Personal
AOL Instant Messenger
ATI Display Driver
Citrix ICA Client
Citrix ICA Web Client
Dell OpenManage Client Instrumentation
EasyCleaner
fax@vantage
fax@vantage TIFF Printer Driver
Intel Application Accelerator
Internet Explorer Q867801
LiveUpdate 1.90 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 SR-1 Standard
Microsoft Word Viewer 97
MSXML 4.0 SP2 Parser and SDK
Outlook Express Q823353
Pennsylvania AcceleRater
Pennsylvania AcceleRater
Pennsylvania Internet Raptor
Residential Component Technology - Standalone
Spybot - Search & Destroy 1.3
Symantec AntiVirus Client
User's Guides
Viewpoint Manager (Remove Only)
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828028
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows Media Player 7.1
YAMAHA SoftSynthesizer S-YXG50

Kankyo · Posted: Fri Sep 03, 2004 11:59 am Post subject:

Looking at the requested info, I noticed SpyBlast.exe listed. I used HJT to remove this since this was made.

The EC reference to "Pennsylvania Internet Raptor" also struck me as odd. I used traditional Add/Remove to uninstall this...

No change Crying or Very sad

radio · Posted: Fri Sep 03, 2004 12:04 pm Post subject:

could you download the latest version of hijackthis, http://spywarewarrior.com/files/HijackThis.exe

then post a new scan log please.

also, have you tried going to add/remove programs and selecting Microsoft Internet Explorer, then try the repair option?
_________________
PcPitstop Forums

Kankyo · Posted: Fri Sep 03, 2004 12:19 pm Post subject:

I apologize for not getting the most current version, thought I had it. I'll get that item in place as soon as I can. (looks like it won't be until 9-6 though.)

As far as trying to uninstall and reinstall IE6, this was not listed by Windows standard Add/Remove dialog. Apparently some ServicePacks for Win2000 take IE out of the Add/Remove list (SP2, I think)

Earlier, I found the 'HKLM...\IsInstalled' value for IE6, and flipped it from 1 to 0 and reinstalled IE6 over the top of itself.

I'll use EasyCleaner to remove IE6SP1 ASAP and see if we get better results... along with the current-version HTJ log.