1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: System Error Popup when IE starts

Discussion in 'Virus & Other Malware Removal' started by specialksan, Apr 3, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. specialksan

    specialksan Thread Starter

    Joined:
    Mar 27, 2007
    Messages:
    20
    I recently was searching around the internet, and I accidently installed an active control. Now, everytime I open IE. It won't go away. It says something like, " you have a something trojan. Click ok to download antivirus software.

    I scanned with Norton, and nothing is fixed. I am not sure which course of action to take. Please help me. I have included a hijackthis log, not sure if you need it, but I though I'd might as well anyway.

     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, specialksan :)

    Welcome.

    NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.

    1. Download FixIEDef.exe by ShadowPuterDude to the Desktop.
      Note: FixIEDef now supports Non-English Language Systems

    2. Double-click FixIEDef.exe:
      [​IMG]

    3. That will open the About FixIEDef screen. Click OK to continue:
      [​IMG]

    4. Next, press the Scan! button:
      [​IMG]

    5. FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
      [​IMG]

    6. Wait for the scan to finish. It shouldn't take very long:

      [​IMG]

      [​IMG]
      • WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
    7. After the !!! All Finished !!! message is displayed, click Exit:
      [​IMG]

    8. Post the FixIEDef log file, located on the Desktop.

      Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

      See: http://www.beyondlogic.org/consulting/proc...processutil.htm


      Mirrors: Alternate official download locations for FixIEDef.exe

      http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe
      http://hosts-file.net/download/fixiedef/fixiedef.exe
      http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef
      http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef
     
  3. specialksan

    specialksan Thread Starter

    Joined:
    Mar 27, 2007
    Messages:
    20
    Thanks for your reply. I did all the steps. Here is the log:

    Code:
    ********************************************************************************
    *                                                                              *
    *                                 FixIEDef Log                                 *
    *                             Version 1.3.10.3351                              *
    *                                                                              *
    ********************************************************************************
    
    Created at 23:04:44 on Thursday, April 03, 2008
    
    Time Zone         : (GMT-05:00) Eastern Time (US & Canada)
    
    Operating System  : Microsoft Windows XP Home Edition
    Service Pack Level: Service Pack 2
    System Langauge   : English
    Processor         : X86
    Boot State        : Normal boot
    
    --------------------------------------------------------------------------------
    
    !!! Files that have been deleted !!!
    
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\kiasys.dll
    
    --------------------------------------------------------------------------------
    
    !!! Directories that have been removed !!!
    
    No malicious directories to be removed
    
    --------------------------------------------------------------------------------
    
    !!! Registry entries that have been removed !!!
    
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DateTime
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\kiasys.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74D46BBA-5638-473A-83B6-97E7804A7411}
    
    ================================================================================
    
    All Done :)
    
    ShadowPuterDude
    
    Safe Surfing!!!
    everything seems to be ok now, Thanks a whole lot!
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, specialksan.:)

    We should check a little deeper.

    The Hijackthis version is outdated. Please remove your current copy.

    [​IMG]Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, don't let it launch Hijackthis yet.

    [​IMG]Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
    If the files are too long, attach them to a reply:
    1. Scroll down and click the [Manage Attachments] button
    2. Browse to the following folder:
      • C:\Deckard\System Scanner
    3. Click Upload to upload these files one by one
    4. Submit your reply
     
  5. specialksan

    specialksan Thread Starter

    Joined:
    Mar 27, 2007
    Messages:
    20
    The files were much too long, I have attached them.
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, specialksan. :)

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: Media Codec - {547F4E57-9025-403B-B619-073854A60DA1} - C:\WINDOWS\kiasys.dll (file missing)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    The rest looks clear, congratulations.[​IMG]

    Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

    Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (Windows XP)

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK..

    Create a Restore point:
    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
    2. In the System Restore dialog box, click Create a restore point, and then click Next.
    3. Type a description for your restore point, such as "After Cleanup", then click Create.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    5. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    6. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    7. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    8. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    9. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    10. Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
    11. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiemoes/prevention.html .
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

    Click Here for some advise from our security Experts.

    Please use the thread's Tools and mark this thread as "Solved".

    Best wishes! [​IMG]
     
  7. specialksan

    specialksan Thread Starter

    Joined:
    Mar 27, 2007
    Messages:
    20
    Thanks for all your help. You really, really helped me out. I appreciate it.
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You are welcome. :)

    Look at the top of this page. Next to donate there is an option labeled Thread Tools. Use that option to mark this thread as solved.

    Cheers.
     
  9. specialksan

    specialksan Thread Starter

    Joined:
    Mar 27, 2007
    Messages:
    20
    Oops, completely missed that... Guess i changed the wrong thing.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/700069

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice