Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Looking for guidance on post malware IEXPLORE errors

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion
View previous topic :: View next topic  
Author Message
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 10:40 am    Post subject: Looking for guidance on post malware IEXPLORE errors Reply with quote

I'm dealing with a Win2000 Pro SP4 that had some malware installed previously, had been removed by Ad-aware and Spybot S+D, both with up to date definitions. I do not have information on what specific malware had been present. NortonAV with the most recent definitions finds no virus infection in the classical sense.

Now, whenever IE is opened the following message appears:

"IEXPLORE.EXE has generated errors and will be closed by Windows"

The Microsoft article Q303728 references this error, and even calls some malwares by name. I've followed those suggestions with no change in the problem.

I'm wondering if some BHO was installed, later removed by AAW or SB:S+D... but some setting left over is still trying to call this now-non-existant file.

I would suggest avoiding IE and going with FireFox or similar at this point... but that's not an option here, sadly.

Any suggestions will be appreciated. I should be able to get a HijackThis log if needed, wasn't going to post it without prompting. Thanks!

PS: I'm new here. If I'm not following any standard procedures for this forum, please let me know.
Back to top
View user's profile Send private message
MadameX
Site Admin


Joined: 12 Jul 2004
Last Visit: 27 Apr 2008
Posts: 1438

PostPosted: Fri Sep 03, 2004 10:51 am    Post subject: Reply with quote

Why is Firefox (or similar) not an option?

Not enough room on your pc?

Deb
_________________
CARMA
Back to top
View user's profile Send private message Visit poster's website
radio
Moderator & HJT Expert


Joined: 21 May 2004
Last Visit: 05 Aug 2011
Posts: 260

PostPosted: Fri Sep 03, 2004 10:58 am    Post subject: Reply with quote

Welcome to the Forum Kankyo Smile

could you post a hijackthis log, make sure you've got the latest version 1.98.2

and could you also create a list of installed programs?
the easiest way I've found doing this is with easycleaner: http://www.majorgeeks.com/download.php?det=414

start easycleaner, press 'add/remove', then 'save', then open the html file created, and copy & paste that list back to here.


I'll move things around after seeing what we're working with... Wink
_________________
PcPitstop Forums
Back to top
View user's profile Send private message Visit poster's website
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 10:59 am    Post subject: Reply with quote

In this case, I'm helping someone who supposedly needs IE for some business applications.

Embarassed Is it OK that I'm asking for help on someone else's behalf?
Back to top
View user's profile Send private message
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 11:05 am    Post subject: Reply with quote

Doh! I will read responses more carefully in the future. I'll post the requested items to this thread as soon as I can.
Back to top
View user's profile Send private message
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 11:36 am    Post subject: Reply with quote

Here is the HTJ log. Working to get the EasyClean information.

Logfile of HijackThis v1.97.7
Scan saved at 3:20:42 PM, on 09/03/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!



edit: out of date hjt version, radio
Back to top
View user's profile Send private message
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 11:55 am    Post subject: Reply with quote

EasyClean info:

Name
3Com DMI Agent
3Com NIC Diagnostics
Ad-Aware SE Personal
AOL Instant Messenger
ATI Display Driver
Citrix ICA Client
Citrix ICA Web Client
Dell OpenManage Client Instrumentation
EasyCleaner
fax@vantage
fax@vantage TIFF Printer Driver
Intel Application Accelerator
Internet Explorer Q867801
LiveUpdate 1.90 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 SR-1 Standard
Microsoft Word Viewer 97
MSXML 4.0 SP2 Parser and SDK
Outlook Express Q823353
Pennsylvania AcceleRater
Pennsylvania AcceleRater
Pennsylvania Internet Raptor
Residential Component Technology - Standalone
Spybot - Search & Destroy 1.3
Symantec AntiVirus Client
User's Guides
Viewpoint Manager (Remove Only)
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828028
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows Media Player 7.1
YAMAHA SoftSynthesizer S-YXG50
Back to top
View user's profile Send private message
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 11:59 am    Post subject: Reply with quote

Embarassed
Looking at the requested info, I noticed SpyBlast.exe listed. I used HJT to remove this since this was made.

The EC reference to "Pennsylvania Internet Raptor" also struck me as odd. I used traditional Add/Remove to uninstall this...

No change Crying or Very sad
Back to top
View user's profile Send private message
radio
Moderator & HJT Expert


Joined: 21 May 2004
Last Visit: 05 Aug 2011
Posts: 260

PostPosted: Fri Sep 03, 2004 12:04 pm    Post subject: Reply with quote

could you download the latest version of hijackthis, http://spywarewarrior.com/files/HijackThis.exe

then post a new scan log please.


also, have you tried going to add/remove programs and selecting Microsoft Internet Explorer, then try the repair option?
_________________
PcPitstop Forums
Back to top
View user's profile Send private message Visit poster's website
Kankyo
Newbie


Joined: 02 Sep 2004
Last Visit: 08 Dec 2004
Posts: 8

PostPosted: Fri Sep 03, 2004 12:19 pm    Post subject: Reply with quote

I apologize for not getting the most current version, thought I had it. I'll get that item in place as soon as I can. (looks like it won't be until 9-6 though.)

As far as trying to uninstall and reinstall IE6, this was not listed by Windows standard Add/Remove dialog. Apparently some ServicePacks for Win2000 take IE out of the Add/Remove list (SP2, I think)

Earlier, I found the 'HKLM...\IsInstalled' value for IE6, and flipped it from 1 to 0 and reinstalled IE6 over the top of itself.

I'll use EasyCleaner to remove IE6SP1 ASAP and see if we get better results... along with the current-version HTJ log.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group