Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus "Please update your internet explorer" even after formatting

26 May 2014   #51
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Which driver is (that driver) and from where?


My System SpecsSystem Spec
.
26 May 2014   #52
gregrocker

 

We're obviously on the same wavelength Jack as I just reconnected to copy out the driver location. Google doesn't recognize the driver so it may just be the infection itself.

Can we get some Security specialists on this? Thanks!

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 26/05/2014
Scan Time: 19:14:15
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.26.03
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Wintermoon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246339
Time Elapsed: 3 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32, Quarantined, [f80393c20378e4529d07e1b22bd87a86],

Registry Values: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath, "C:\Windows\Installer\{00D50165-1656-0EEE-8910-812968BC3F0D}\syshost.exe" /service, Quarantined, [f80393c20378e4529d07e1b22bd87a86]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Rootkit.Necurs.GO, c:\Windows\System32\drivers\9f699c6cf9ca7339.sys, Quarantined, [b8439fb6304b65d1430fb4c458a9be42],

Physical Sectors: 0
(No malicious items detected)


(end)

It is clean now.

My suggestion at this point unless specialists feel it is worth trying to clean up, is to reinstall after wiping with Clean command, don't import anything before checking IE for infection, then if not infected install Chrome to check it. Check these before and after installing all rounds of Windows Updates, then check both again. Likewises check browsers immediately after installing each program and after activity on any other home PC.
My System SpecsSystem Spec
26 May 2014   #53
andrew129260

Windows 10 Pro
 
 

Unfortunately greg with rootkits it is very hard to get enough info to know. That log unfortunately does not share much. I believe malwarebytes though if detected it as a rootikit.

Here is some info on the variant from 2012:

Necurs Rootkit Spreading Quickly, Microsoft Warns

http://artemonsecurity.blogspot.com/...icroscope.html

This seems to be an old strain of it. I wonder how long it was on the system...
My System SpecsSystem Spec
.

26 May 2014   #54
gregrocker

 

He had just reinstalled. We went over everything he did after reinstall and nothing was imported except from the Chrome site and the virus solutions download sites from earlier in this thread.

This leaves the network, so we dialed into his router and the firewall was off. Now enabled, he's running MBAM scans on his other home PC's.

I still think he should reinstall after wiping with Clean command, don't import anything before checking IE for infection, then if not infected install Chrome to check it. Check these before and after installing all rounds of Important and Optional Windows Updates (after enabling Automatically deliver drivers via Windows Update (Step 3)), then check both again. Likewise check browsers immediately after installing each program and after activity on any other home PC.

I'm not sure the hardware firewall will block viruses from hiding on other home PC's, though, as my sister's Linksys didn't and we had viruses running from one PC to another to hide while scans were run until disconnecting each from web before scanning.

Any other ideas?
My System SpecsSystem Spec
26 May 2014   #55
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

In the Trial version of Malwarebytes do you have a option to select rootkit.
I noticed in post #52 this


Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled


Virus "Please update your internet explorer" even after formatting-malwarebytes-custom-scan.png


My System SpecsSystem Spec
26 May 2014   #56
andrew129260

Windows 10 Pro
 
 

@Greg, I would have him reset his router with the reset button, or better yet see if an updated firmware update is available. Wipe to factory defaults again, and then Install it and make sure firewall is on. Then yes I would do a clean install, especially when rootkits are involved.

@ layback bear

Good suggestion, though I am confident greg chose this as it detected a rootkit, which it would not do if that was unchecked.
My System SpecsSystem Spec
26 May 2014   #57
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Post #52 shows it wasn't selected. How Malwarebytes found the rootkit I don't know but their might be more.
My System SpecsSystem Spec
26 May 2014   #58
andrew129260

Windows 10 Pro
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Post #52 shows it wasn't selected. How Malwarebytes found the rootkit I don't know but their might be more.
My System SpecsSystem Spec
26 May 2014   #59
gregrocker

 

Rescanning now with that box checked. It was checked before which makes me wonder how it got unchecked.

Thanks, guys.

Results:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/05/2014
Scan Time: 22:03:25
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.26.03
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Wintermoon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248404
Time Elapsed: 5 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
My System SpecsSystem Spec
26 May 2014   #60
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Post #52 shows it wasn't selected. How Malwarebytes found the rootkit I don't know but their might be more.
With the root kit option turned OFF...
...MBAM will still detect files that can be installed as a root kit.

With the root kit option turned ON...
...MBAM will scan for active root kit infections.
My System SpecsSystem Spec
Reply

 Virus "Please update your internet explorer" even after formatting




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"Windows Explorer has stopped working" on startup after update
After updating yesterday, explorer.exe no longer starts correctly, either on startup or manually. A windows restore to before my latest updates fixes the problem, but installing the updates causes the problem again. I do want to keep the system up to date, so I figure I shouldn't just turn...
General Discussion
Removing a "Trusted Publisher" from Internet Explorer and Office 2007
Comodo Security Solutions is listed as a "Trusted Publisher" in both Word 2007 as well as IE 10 Preview. I was unable to remove it even after reverting to IE8. Running WIN 7_64 and IE10 currently with Kaspersky Internet Security 2013. I was able to remove Comodo Security Solutions from "trusted...
System Security
"dependency chain" "windows 7" internet "windows explorer"
"dependency chain" "windows 7" internet "windows explorer" At the time of this writing, this search in Google will produce one result at best. Am I searching the wrong things? I have tried a couple handfuls of variants, and I am coming up with zilch. Though I am fairly well versed in...
System Security
Internet Explorer - "Always close all tabs" Warning - Turn On or Off
How to Turn the "Always close all tabs" Warning Message On or Off in Internet Explorer This will show you how to to turn on or off the Do you want to close all tabs or the current tab? warning message when you attempt to close Internet Explorer with more than one tab opened in it. If the...
Tutorials
Internet Explorer - "Show tabs on a separate row" - Turn On or Off
How to Turn "Show tabs on a separate row" On or Off in IE9 and IE10 This tutorial will show you how to have the tabs display on a separate row or same row as the address bar in IE9 and IE10. Here's How: 1. Open IE9 or IE10.
Tutorials
How to suppress "Set up Windows Internet Explorer 8" start popup?
After setting up Win7 my Internet Explorer start sometimes with a "Set up Windows Internet Explorer 8" (see attached snapshot). The user has only the choice between two buttons: NEXT and ASK ME LATER. But I miss a button "Don't display this dialog again" How can I permanently...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App