0

I have Windows XP Home Edition, Version 2002, which I run on eMachines version T2875. I also seem to have contracted a virus that uses Microsoft Internet Explorer to send pop-ups whenever I'm using Firefox, which is my main web browser. Yesterday, I noticed the virus for the first time, and ran AVG Free and Malwarebytes' Anti-Malware. AVG only managed to catch one infection, which was quarantined. MBAM caught 12 infections, and all were removed after rebooting ... or so I thought.

The virus comes up in my task manager processes as iexplore.exe. Every time it comes up, I end the task, though of course it comes back a bit later. I downloaded ATF-Cleaner and VundoFix with the intention of clearing out all my temporary internet files and running a scan while in safe mode, afterward running MBAM once more in safe mode, and then restarting my computer normally. Once the programs had been installed, I shut down my computer, then turned it back on, repeatedly pressing F8 until I was prompted into the safe mode menu. I chose Safe Mode, and received the message:

Windows could not start because the following file is missing or corrupt:
<Windows root>\system32\hal.dll.
Please re-install a copy of the file above.

My computer then re-booted and went back into safe mode. I chose to run safe mode once more, and was prompted as to whether or not I wanted to run "Windows XP Home Edition" or "Windows (default)". I tried both options, and both times, safe mode failed to boot and my computer once again restarted. At a loss, I started Windows up normally and ran VundoFix, disappointed to find that no files were detected as infected. Knowing that Internet Explorer may be my only adversary in this battle against a non-operating safe mode, I delved into what version of my Internet Explorer was, which was some 6.0 number. Thinking that perhaps an update was necessary, I updated my Internet Explorer to version 7.0, which did little to help my case. I once again tried safe mode and relentlessly was given the same errors. I thought about changing my boot process to safeboot, but in the instance that I might not be able to start windows up normally, I would be stuck going around in circles between systems errs and restarting.

Finally, I decided that I wanted live help. At first, I had gone to Microsoft's website, and then read that I should contact my manufacturer. After about 20 minutes of arguing with an automated machine, I got through to a consultant, who didn't help me much (which is alright; he was just doing his job). He was unable to help me because my computer was no longer under warranty; it doesn't really surprise me, considering my family has had the computer for eight years. I could have paid $60 for 30 minutes of help, but I didn't feel so inclined to be pulling out of my paycheck quite so early without seeking further help elsewhere, which is why I am posting this. (Also, the disk to re-install software seems to have gone missing somewhere in the past eight years; I'm not sure what to do...)

My main concern should probably be the virus, but I think that I can either subdue it or manage to fix it once I am able to get into safe mode, but herein lies my aforementioned predicament of not being able to access it. Any and all help would be very much appreciated. Thank you!

4
Contributors
14
Replies
15
Views
7 Years
Discussion Span
Last Post by Bob_180_Bob
0

First, do me a favour and run the Eset online scanner.
http://www.eset.com/onlinescan/
that will clean you up.

I downloaded it; 17 infections were found. I copied the information to my clipboard, receiving:

C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-42c5d702.class a variant of Java/TrojanDownloader.OpenStream trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jenny\Local Settings\Temp\~TM557.tmp a variant of Win32/Kryptik.ANP trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jenny\Local Settings\Temp\plugtmp-23\plugin-pfqe.php PDF/Exploit.Gen trojan cleaned by deleting - quarantined
C:\temp\Install_AIM.exe Win32/Adware.WBug.A application deleted - quarantined
C:\WINDOWS\system32\armbqohe.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\enubbbap.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\fPpWwyxx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\fPpWwyxx.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\gckaqqso.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\mljwgjxc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ngcoolqy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\npurvlfn.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\poviodja.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\uhixutbw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ulxycham.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\WGPooUvw.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\wulscxrn.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined


If it is definately still a hijacked iexplore causing an issue, uninstall it. But download a browser first, like ie8 or firefox

http://www.mozilla.com/en-US/firefox/personal.html

I have Firefox, version 3.0.16. I've been using it ever since I downloaded it I can't tell you how many months ago. I never use Internet Explorer, but wouldn't mind uninstalling it either. I thought about that when I was going through all my options last night, but I was unable to find it in my Add/Remove Programs section. Do you know a way to uninstall it other than that?

then delete any left overs from the registry
(let me know if you do not know how to do this.)

I do need help on how to do this, yes. When I was googling ways to try and get rid of the virus itself, I was told to run a registry and given download links, but I didn't know if they were trustworthy and didn't want to download anything else that could potentially harm my already ill PC. Thank you for helping; I really appreciate it.

I'd definitely like help with running a registry.

I'm going to go see if I can run Safe Mode now and will reply about what happens.


Edit to Add:

I shut down my computer, and Safe Mode still wouldn't cooperate with me. Assuming that the iexplorer infection is gone and not just dormant (since it seems to have gone away), I know I shouldn't necessarily need to get into Safe Mode, but I'd still like to know if that's an issue that I am able to fix.

Edited by _Jen_: Added information.

1

Hello _Jen_,

Through your vigilant attempt to rid your ailing PC, I doubt that you will be able to clean it 100% and without having some sort of problem in the future, especially with XP.
If it were my PC, I would back up all important data, photos, music, etc: to disc or another HDD, if you know of anyone with a XP Home CD, see if you can borrow it and do a fresh/clean install, reformatting the HDD (just remember to use your product key). This method will ensure a virus/trouble free OS.
Download and copy to disc XPSP2 or 3 and make sure you do the install disconnected from the internet, this will prevent any install hang-ups, then install all your anti-virus and spyware programs.
Reconnect to the internet and reboot if necessary to obtain any further updates and validate XP.

Good luck

Don

0

Hello _Jen_,

Through your vigilant attempt to rid your ailing PC, I doubt that you will be able to clean it 100% and without having some sort of problem in the future, especially with XP.

If it were my PC, I would back up all important data, photos, music, etc: to disc or another HDD, if you know of anyone with a XP Home CD, see if you can borrow it and do a fresh/clean install, reformatting the HDD (just remember to use your product key). This method will ensure a virus/trouble free OS.

My title of Newbie Poster is extremely fitting, I assure you. I'll see what I can do about getting the disc, since I suppose after eight years, my computer might really benefit from being wiped, but I don't know what HDD stands for, or how I'd reformat it? Perhaps the latter could be helped with knowing what it is. Haha, sorry. . .

Download and copy to disc XPSP2 or 3 and make sure you do the install disconnected from the internet, this will prevent any install hang-ups, then install all your anti-virus and spyware programs.
Reconnect to the internet and reboot if necessary to obtain any further updates and validate XP.

Okay, download XP Service Pack 2 or 3 (currently, I have 2). The only discs that I have are ones that can hold 700 MB, which looks like it will be enough, according to Microsoft's website. ( Note: The embedded links are more for my benefit; I'm hoping you can tell me if it would work. I don't want to end up wiping my computer without knowing that what I'm doing will work. )


Good luck

Don

Thanks. I'll need it. ... But I'd like your help, too? ( I feel so pushy. ) I appreciate all the input you've given.

0

... Excellent. It seems that the iexplore.exe virus isn't gone after all. That hardly lasted long.

...Are there any suggestions on its removal while I toy around with the idea of wiping my PC? I'd like to treat that as a last resort option.


Edit to Add:

I figured out how to get Internet Explorer off my system. I made all my hidden files visible and searched through my Windows files until I managed to find the uninstall package for Internet Explorer. Perhaps that will cease any virus problems, although I'm still unsure on how to search through my registry for the aforementioned "left overs."

Edited by _Jen_: Update.

0

I'd edit again, but it seems I'm unable to. After uninstalling Internet Explorer and restarting my computer, I came back to find that Internet Explorer was ... still, in fact, installed, and that the virus was still, in fact, infecting my system.

0

Hi _jen_,
First let me congratulate you on your efforts, especially for one that has very little idea about computers.
I think it is time to start from scratch and borrow a friends CD for their PC, You will need the right type of CD but rather than muck around here with that, get one and try it and see if it works.
Here are two sites to tell you how, if you Google it you will find sites with photos as well.
http://support.microsoft.com/kb/316941
http://www.daniweb.com/forums/thread55459.html
If you can borrow a CD go here...
http://lifehacker.com/386526/slipstream-service-pack-3-into-your-windows-xp-installation-cd
and read about making your own CD with SP3 and other updates.
I note that you say an 8 year old machine, it may be time to look at a new one???? Noah may want that one back. lol

Good luck.

0

my computer might really benefit from being wiped, but I don't know what HDD stands for, or how I'd reformat it?

Yes, indeed it would.
HDD stands for Hard Disk Drive (hard drive)
Reformatting is easy, once you start your PC with your Windows disc, just follow the prompts to delete the existing partition (which will erase all data on that drive) and then reformat it (which will make the drive as if it were new and ready for a clean install) to continue with the installation of Windows.
Since you currently have SP2, no need to rush in to SP3 yet.
That can wait till you get everything up and running properly.
Since you have also made it clear about being a novice, I will not attempt to guide you through any registry settings as deleting a wrong entry may render your current system unusable and at this point you have enough to think about.

Keep us posted

Don

0

Yes, indeed it would.
HDD stands for Hard Disk Drive (hard drive)
Reformatting is easy, once you start your PC with your Windows disc, just follow the prompts to delete the existing partition (which will erase all data on that drive) and then reformat it (which will make the drive as if it were new and ready for a clean install) to continue with the installation of Windows.
Since you currently have SP2, no need to rush in to SP3 yet.
That can wait till you get everything up and running properly.
Since you have also made it clear about being a novice, I will not attempt to guide you through any registry settings as deleting a wrong entry may render your current system unusable and at this point you have enough to think about.

Keep us posted

Don

I thought I just said that with the exception of SP3. If you do not install SP3 and all Windows updates, you are leaving your machine vunerable to infections.

0

I thought I just said that with the exception of SP3. If you do not install SP3 and all Windows updates, you are leaving your machine vunerable to infections.

Uh, you havin' a senior moment there Bob?
Read all the replies, if anything you repeated what I had said.
And explain to me why holding off on SP3 would leave her system open for infections?

0

Yes, indeed it would.
HDD stands for Hard Disk Drive (hard drive)
Reformatting is easy, once you start your PC with your Windows disc, just follow the prompts to delete the existing partition (which will erase all data on that drive) and then reformat it (which will make the drive as if it were new and ready for a clean install) to continue with the installation of Windows.
Since you currently have SP2, no need to rush in to SP3 yet.
That can wait till you get everything up and running properly.
Since you have also made it clear about being a novice, I will not attempt to guide you through any registry settings as deleting a wrong entry may render your current system unusable and at this point you have enough to think about.

Keep us posted

Don

Happy New Year!

I'm going to (with false hope) try just a few more things, but if I still can't fix my computer, I'm going to end up taking the advice to wipe it. I will keep you updated, and thanks again!

0

Okay, those "few more things" included talking to tech. support at Staples and getting advice from one of the employees, which mirrored the advice I was given here about wiping my computer if I didn't get anymore help from a website he suggested, namely tech. support guy.

They had me run ComboFix. I've run it twice, and after the second time running it, I can't seem to find any problems with my computer concerning iexplore.exe. I haven't tried to run in Safe Mode yet, but they told me there to download SP3, which I think I'll do. I also updated my anti-virus program (Grisoft's AVG) from 8.5 to 9 and it found an infection. I'll see if this'll solve it. If not, I'm going to order a CD from eMachines or Windows, I think.

The only problems I'm having now is that my web browser freezes every once in a while and is behaving very poorly as opposed to its normal standard, but I'll see if I can't fix that some other way. I'm not sure if it's because of recently downloaded programs taking up more space on my hard drive and making my PC slow since it's so old, or because of something else, but... It should be alright.

Thanks! I'll be keeping you updated, definitely.

0

Hi again _Jen_,
Try, as you have been advised, updating your machine to SP3 and the latest updates, also including IE8.
Windows develops updates for their operating systems and programs to repair areas discovered vulnerable to malware. As their description of SP3 states "Windows XP Service Pack 3 (SP3) is a free update for Windows XP. SP3 includes all previously released Windows XP updates, including security updates, hotfixes, and select out-of-band releases." (My highlight) They make these updates available on a regular basis and advise to update your machine regularly.

Why Use Scheduled Windows Automatic Updates?
If you have not turned on Windows Automatic Updates, your computer is more vulnerable to viruses and other security threats. When you turn on Automatic Updates, Windows routinely checks the Windows Update Web site for high-priority updates that can help protect your computer against attacks. High-priority updates include security updates, critical updates, and service packs.


http://www.updatexp.com/windows-automatic-updates.html
Microsoft has a very good internet security program that is free, you could download that and run it as well to check your machine.
http://www.microsoft.com/Security/ My personal recommendation would be to also run a third party firewall like Comodo and disable windows firewall in XP.
http://personalfirewall.comodo.com/download_firewall.html

Edited by Bob_180_Bob: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.