Can't Connect to Internet via IE 6.0 (Possible Malware?)

**FreudianSlippers** · 26-06-2006

I am currently unable to access the Internet via Internet Explorer. (I am still able to connect through Mozilla Firefox, which is how I am posting this message.) Inter

The problem began last night, but I am not sure what caused it. Internet Explorer was working fine when I got off the computer, but when my husband got on a few minutes later, he was unable to access the Internet. He realized that it was something peculiar to this computer -- and not our Internet connection -- when he was able to access the Internet on my laptop.

When I launch Internet Explorer, I see a blank page. The following "address" appears in the status bar:

res://C:\Windows\system32\shdoclc.dll/dnserror.htm

I have not changed any of my settings, and I don't think that the problem is caused by malware. The "Work Offline" option is disabled. This morning, I did a number of scans -- all clean -- and purged all of my cookies and temp files, and I was still having the problem.

I also went through my Windows Services and Msconfig to make sure that nothing suspicious had been added. Everything looked clean. I do have Ad-Aware, but if this problem is caused by malware, there must still be a hole in my system. (I once had Spy Subtract, but it never worked correctly, and I ended up uninstalling it.)

EDIT: My LAN Settings (IE -> Tools -> Connections) had the proxy server option checked. Unchecking it seems to have fixed IE, something must have caused the problem in the first place. Here is my Hijack This log. Glancing it over quickly, nothing on it seems suspicious to me, but please let me know if you see something that is out of place.

Firewall: Norton Personal Firewall 2003 (current definitions)
Antivirus: Norton AntiVirus (current definitions)

Logfile of HijackThis v1.99.1
Scan saved at 6:55:07 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet\Norton Personal Firewall\NISUM.EXE
C:\Program Files\System\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\System\SecureClean 4\scwatch4.exe
C:\PROGRA~1\System\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Imaging\ScreenPrint32\ScreenPrint32.exe
C:\WINDOWS\system32\zstatus.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.yahoo.com/web/advanced

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Imaging\SnagIt\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\Internet\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: West Group CiteLink Microsoft IE Shell - {80230FFE-53DD-11D2-AE5F-0000832F3A64} - C:\Program Files\Productivity\CiteLink\clie\clie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - C:\Program Files\Imaging\Picture Ace\PictureAce.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\Internet\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\Imaging\ScreenPrint32\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O8 - Extra context menu item: AdSubtract: Bypass Site - res://\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://\AdSub.exe/359
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\Productivity\PDF Professional 3.0\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Picture Ace - {1FCAD22D-3FC8-4811-A247-9EBA202F01CE} - C:\Program Files\Imaging\Picture Ace\PictureAce.dll (HKCU)

O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116108255704

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Internet\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Audio\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Internet\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\System\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ptssvc - Unknown owner - C:\Program Files\Imaging\Kodak Picture Transfer Software\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\System\SecureClean 4\scwatch4.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\System\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Neal** · 26-06-2006

Welcome to DAL,

Don't see a thing, you apparently have Intermute Adsubtract also?

Let's do a couple scans just to be sure.

Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

**FreudianSlippers** · 27-06-2006

Yes, I have AdSubtract and SpySubtract (by Intermute). Here are the results of the scans. (Warning: long post!)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:33:02 PM 6/26/2006

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c3pj4all.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.

::Report end
---------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:36:36 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet\Norton Personal Firewall\NISUM.EXE
C:\Program Files\System\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\System\SecureClean 4\scwatch4.exe
C:\PROGRA~1\System\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Imaging\ScreenPrint32\ScreenPrint32.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Internet\Ewido Anti-spyware 4.0\guard.exe
C:\Program Files\Internet\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.yahoo.com/web/advanced
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:2196
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhaps ody_app*.listen.com;<local>
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Imaging\SnagIt\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\Internet\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: West Group CiteLink Microsoft IE Shell - {80230FFE-53DD-11D2-AE5F-0000832F3A64} - C:\Program Files\Productivity\CiteLink\clie\clie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - C:\Program Files\Imaging\Picture Ace\PictureAce.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\Internet\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\Imaging\SnagIt\SnagItIEAddin.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\Imaging\ScreenPrint32\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O8 - Extra context menu item: AdSubtract: Bypass Site - res://\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://\AdSub.exe/359
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\Productivity\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Picture Ace - {1FCAD22D-3FC8-4811-A247-9EBA202F01CE} - C:\Program Files\Imaging\Picture Ace\PictureAce.dll (HKCU)
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116108255704
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Internet\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Internet\Ewido Anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Audio\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\System\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Internet\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\System\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ptssvc - Unknown owner - C:\Program Files\Imaging\Kodak Picture Transfer Software\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\System\SecureClean 4\scwatch4.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\System\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Mon, Jun 26, 2006 - 20:04:35

Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2

C:\Program Files\Imaging\YY_Chr 97\yy-chr.exe
Infected with: Trojan.Killfiles.BI

C:\Program Files\Imaging\YY_Chr 97\yy-chr.exe
Disinfection failed

C:\Program Files\Imaging\YY_Chr 97\yy-chr.exe
Deleted

C:\Program Files\Installers\Imaging\YY_Chr 97.zip=>yy-chr.exe
Infected with: Trojan.Killfiles.BI

C:\Program Files\Installers\Imaging\YY_Chr 97.zip=>yy-chr.exe
Disinfection failed

C:\Program Files\Installers\Imaging\YY_Chr 97.zip=>yy-chr.exe
Deleted

C:\Program Files\Installers\Imaging\YY_Chr 97.zip
Updated

---------------------------------------------------------

**Neal** · 27-06-2006

How's your computer running now?

**FreudianSlippers** · 28-06-2006

It's running perfectly. The only problem I've noticed is the changed IE settings, which only happened once. IE has not given me any trouble since I fixed the LAN settings (under IE Tools -> Connections).

**Neal** · 28-06-2006

Stranger things have happened.

If you are no longer having any more trouble here is some preventative measures for you.

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

http://www.d-a-l.com/help/showthread.php?t=32403

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx

Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender

http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

OutPost Personal Firewall:
Outpost

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Block access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.

Mcafee SiteAdvisor

Surf the Net safer with SiteAdvisor, SiteAdvisor notifies you of safe sites or dangerous sites before you ever go there with a simple green check or a red x or a yellow caution when you do a Google search. Just put your cursor on the green check or red X or caution and recieve information about the site.

SiteAdvisor works with Internet Explorer and FireFox.

SiteAdvisor

See what it looks like Here

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free

Can't Connect to Internet via IE 6.0 (Possible Malware?)

Can't Connect to Internet via IE 6.0 (Possible Malware?)

Similar Threads

My internet wont connect to the internet!

How to connect to the internet...

can't connect to internet

Please help! Major Internet/Malware

can connect to LAN but not to internet