Malwareteks: Forums / Resolved Malware Threads / [RESOLVED] ie defender removal

Forums

Malwareteks :: Forums :: Malware Support :: Resolved Malware Threads		<< Previous thread \| Next thread >>
[RESOLVED] ie defender removal


Moderators: ShadowPuterDude, tayspen, D3m3nt3d, Brandon, Neal, jholland1964, TurcoLoco, Windsor, JeanInMontana, RatHat, MrCharlie, evilfantasy	This thread is now closed

Author

Post

deadoaks

Thu Nov 08 2007, 05:31PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

HijackThis

I'm not sure this is what you want. (new to this)

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 05:49PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

Welcome to the MalwareTeks support forums.

Download to your Desktop:
- HiJackThis v2.0.2 by TrendMicro http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Install HijackThis

Run HijackThis

Double-Click the HijackThis shortcut on your Desktop. If there is no shortcut, navigate to C:\Program Files\Trend Micro\HijackThis and double-click hijackthis.exe.
Note: On XP, an Open File security window may pop up, click Run.
Click the Do System Scan and Save Logfile button.
Hijackthis will scan your system, it may take a little while.
When it has finished a notepad will automatically pop up.
Note: Do NOT attempt to fix anything yourself as a lot of what HijackThis lists is useful and even essential to the running of your PC.
Close the notepad file and exit Hijackthis.
Note: The HijackThis log file is already saved in the HijackThis installation folder (C:\Program Files\HJT\hijackthis.log).

Post that log

[ Edited Thu Nov 08 2007, 05:50PM ]

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218

deadoaks

Thu Nov 08 2007, 05:59PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

I attached the hijackthis log.

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 06:02PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

The log didn't attach.

Copy & paste the log to you next reply.

deadoaks

Thu Nov 08 2007, 06:03PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

I may have screwed that up too. I'll attach the actual log.

hijackthis.log

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 06:07PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

Your HijackThis log doesn't show any indications of IE Defender. However, it is a lot shorter than I would normally expect.

Did you download and run the updated FixIEDef tool?

deadoaks

Thu Nov 08 2007, 06:13PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

I did but it seemed to quit prematurely also. I got the iedefender shield removed from the programs list but I still get a popup that wants to direct me to iedefender and when I go to google it seems to be hijacked by them. There is always an ie defender warning that says my computer is infected right at the top of the google list.

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 06:33PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

Sorry, there was an error in the script. I just corrected it. Download it again and run it, everything should work just fine now.

deadoaks

Thu Nov 08 2007, 06:49PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

I tried downloading the fixiedef.zip again and it still did not seem to work right.

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 06:56PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

What is it doing or not doing? At what point does it terminate?

Download to your Desktop:
- ISeeYouXP by ShadowPuterDude

Double-click ISeeYouXP.exe ISeeYouXp will be extracted to C:\ISeeYouXP.

Using Windows Explorer (right click the Start button and select Explore to open Windows Explorer) navigate to C:\ISeeYouXP and locate:
ISeeYouXP.bat

Double-click to run the script.

Possible Error Messages

If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000 follow the steps further down that relate to your OS
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.

To fix the above error message choose the download below which is appropriate for your system
- For Windows XP Pro: download and run: XPproFix
- For Windows XP Home: download and run: XPHomeFix
- For Windows 2000: download and run: W2KFix
Then run ISeeYouXP.bat again and attach the log.
A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

After attempting to fix the above errors run ISeeYouXP.bat and attach the log.

IMPORTANT NOTE:

Vista Users Only

UAC must be turned off to run this script.

Turning Off/On UAC in Vista
1. Open the Control Panel.
2. Under User Account and Family settings click on the Add or remove user account.
3. Click on your user account.
4. Under the user account click on the Go to the main User Account page link.
5. Under Make changes to your user account click on the Change security settings link.
6. In the Turn on User Account Control (UAC) to make your computer more secure click to unselect the Use User Account Control (UAC) to help protect your computer. Click on the Ok button.
7. You will be prompted to reboot your computer. Do so.

In order to re-enable UAC just select the above checkbox and reboot.

To Run ISeeYouXP right-click on the batch file and select Run as Administrator

Post the following logs:
ISeeYouXP (On the Desktop)

[ Edited Thu Nov 08 2007, 07:06PM ]

deadoaks

Thu Nov 08 2007, 07:33PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

Here is the iseeyou log

iseeyouxp.txt

Ed Ochs

deadoaks

Thu Nov 08 2007, 07:35PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

I am not sure but it seems like something worked and got rid of the iedefender popups. I am not seeing the hijacked google anymore either. Maybe it's fixed?

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 07:45PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

IE Defender is gone.

The ISeeYouXP log shows no malware.

However, your system appears to have inadequate security.

You only appear to be running Windows Defender, which is an Anti-Spyware application. I see no resident Anti-Virus or a software firewall installed and running on the system.

See Protect Yourself From Malware: Tools And Tips

deadoaks

Thu Nov 08 2007, 07:55PM

Registered Member #92

Joined: Thu Nov 08 2007, 05:14PM
Posts: 8
Thanked 0 times in 0 posts

Thanks for your help, I will get some more defenses.

Ed Ochs

ShadowPuterDude

Thu Nov 08 2007, 08:00PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

You are welcome.

Safe Surfing!


Jump: Back to top