Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus "Please update your internet explorer" even after formatting

28 May 2014   #81
cottonball

Windows 7 Home Premium
 
 

Please download RogueKiller from one of the following links
•Link 1 > RogueKiller Download
•Link 2 > RogueKiller - Geeks to Go Forum
Save to your desktop:

Close all programs and disconnect any USB or external drives before running the tool.

Right-click and select: Run As Administrator
Once the Prescan finishes, click: Scan

When the Status box shows Scan Finished, please close the program, and make sure you do not fix anything!

Please provide the report that opens in your reply.

Thanks!


My System SpecsSystem Spec
.
28 May 2014   #82
Wintermoon1919

Windows 7 Professional 64bit
 
 

ok i booted to peppermint and downloaded the files(MBAM,TDSS killer,PANDA cloud and RogueKiller) then i checked in windows with those tools

MBAM and TDSS killer detected nothing while Panda cloud and RogueKiller detected something
i'll post the logs of Panda and RogueKiller
i'll post the log of my system info

I cleaned the issues with Panda but i didn't touch nothing with RougeKiller(like cottonball told me)

(the only thing that went slightly wrong is that i forgot to disconnect the ethernet cable while i was in windows for a maximum of 15 seconds then i disconnected the cable ; anyway i didnt open any browser so i hope it won't be a problem )


Attached Files
File Type: txt log(system info).txt (253.2 KB, 7 views)
File Type: log PCloudCleaner.LOG (254 Bytes, 6 views)
File Type: txt RKreport[0]_S_05282014_185157.txt (1.6 KB, 9 views)
My System SpecsSystem Spec
28 May 2014   #83
andrew129260

Windows 10 Pro
 
 

Hmm, logs look very interesting.

By the way, great job at following the directions

I am interested to see what cottonball thinks on these logs. It looks like Panda cloud cleaner detected a reg issue with explorer. But to be honest it looks like nothing. It appears it finds it weird that show file extensions are not enabled, which does not help. Give me some time to look at the others fully, yuor specs is what I am interested in right now.

Code:
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
My System SpecsSystem Spec
.

28 May 2014   #84
cottonball

Windows 7 Home Premium
 
 

Wintermoon1919,

Please run RogueKiller once again, and this time press: Delete (Cancellare)

Also, please download aswMBR:
http://www.bleepingcomputer.com/download/aswmbr/
Save it to the pen drive, and then move it to the Desktop of the problem computer.

Make sure your AntiVirus is temporarily disabled!!
For information on how to disable protective programs, refer to this Link:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the aswMBR file and select: Run as Administrator

When prompted with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definition database, etc.

When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.

Please post the aswMBR log in your reply.

Note that a file named MBR.dat is also created on the Desktop.

Please submitMBR.dat for analysis to the following online services that analyze suspicious files:
Jotti's virusscan

Please post the links for the file analyses in your reply.
My System SpecsSystem Spec
28 May 2014   #85
cottonball

Windows 7 Home Premium
 
 

@andrew,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000
(Means : shown file extension)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000001
(Means : hide file extension)

Isn't "HideFileExt"=dword:00000001 the default? That is what my Registry setting shows.


Was a hard Reset done on the router? Where the manufacturer's instructions for a Reset followed?

The software approach has not worked in this situation. Maybe a hardware approach will get rid of the issue...
My System SpecsSystem Spec
29 May 2014   #86
Wintermoon1919

Windows 7 Professional 64bit
 
 

the log of aswMBR (i tried to attach the .dat file but it tells me "invalid file" 'cause i tried to open it with "windows block notes" and it gave strange letters and stuff.....

i deleted the issues with RogueKiller

i used Peppermint do download aswMBR and the fault page(update flash player etc etc)occured again but as a pop-up that i could easily close so again i think the problem might be on the internet/router/etc


yes i did a reset by pushing the button on my router to try to solve the problem some weeks ago but nothing changed(for some minutes/hours i didnt come across the problem but then again it occured)


Attached Files
File Type: txt aswMBR.txt (2.2 KB, 4 views)
My System SpecsSystem Spec
29 May 2014   #87
gregrocker

 

I spoke with Rayda today who is swamped after just getting back from Hawaii, but she browsed the thread and wanted to know why the router had not yet been reset since there is a known issue with infection via the router. Didn't you just report that your phone browser became similarly infected when you connected?

If your router is less than a year old it has manufacturer's tech support who can help you reset it and may know about this issue and additional steps including possibly flashing/reflashing a firmware update. I don't know where a virus would hide in a router but apparently there is a way a router becomes infected. I have seen viruses run all over my sister's network to hide until we unplugged all devices until they were each cleaned.
My System SpecsSystem Spec
29 May 2014   #88
Wintermoon1919

Windows 7 Professional 64bit
 
 

yes my phone browser becomes infected when i connect to my home internet
maybe i should call a technician
My System SpecsSystem Spec
29 May 2014   #89
andrew129260

Windows 10 Pro
 
 

I would just buy a new router. Only way to be sure it is gone. If you have a router/modem all in one unit, just get a modem yourself, or just a modem from your ISP. Then buy a new router




And yeah cottenball, hide known file extensions is the default. I am just more surprised that that is the only thing panda cloud cleaner found. And normally antivirus apps do not report on setting change like that one. Things like the firewall being disabled and other stuff yeah, but not the fact that hide known file extensions was not enabled. It was just odd thats all.
My System SpecsSystem Spec
29 May 2014   #90
gregrocker

 

What button was used to reset router? It's often recessed. Once the reset button is pushed you need to dial back in to set up your password again, enable Firewall.

If you've provided everything requested by Security experts after the last reinstall and are ready to connect to the net to see if the problem persists, I suggest you plug into only the Modem and exclude the router. Run all rounds of Important and Optional Windows Updates after enabling Automatically deliver drivers via Windows Update (Step 3), until there are no more. Install Chrome from the Google site and test it. Do normal internet browsing with no programs installed yet.
My System SpecsSystem Spec
Reply

 Virus "Please update your internet explorer" even after formatting




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"Windows Explorer has stopped working" on startup after update
After updating yesterday, explorer.exe no longer starts correctly, either on startup or manually. A windows restore to before my latest updates fixes the problem, but installing the updates causes the problem again. I do want to keep the system up to date, so I figure I shouldn't just turn...
General Discussion
Removing a "Trusted Publisher" from Internet Explorer and Office 2007
Comodo Security Solutions is listed as a "Trusted Publisher" in both Word 2007 as well as IE 10 Preview. I was unable to remove it even after reverting to IE8. Running WIN 7_64 and IE10 currently with Kaspersky Internet Security 2013. I was able to remove Comodo Security Solutions from "trusted...
System Security
"dependency chain" "windows 7" internet "windows explorer"
"dependency chain" "windows 7" internet "windows explorer" At the time of this writing, this search in Google will produce one result at best. Am I searching the wrong things? I have tried a couple handfuls of variants, and I am coming up with zilch. Though I am fairly well versed in...
System Security
Internet Explorer - "Always close all tabs" Warning - Turn On or Off
How to Turn the "Always close all tabs" Warning Message On or Off in Internet Explorer This will show you how to to turn on or off the Do you want to close all tabs or the current tab? warning message when you attempt to close Internet Explorer with more than one tab opened in it. If the...
Tutorials
Internet Explorer - "Show tabs on a separate row" - Turn On or Off
How to Turn "Show tabs on a separate row" On or Off in IE9 and IE10 This tutorial will show you how to have the tabs display on a separate row or same row as the address bar in IE9 and IE10. Here's How: 1. Open IE9 or IE10.
Tutorials
How to suppress "Set up Windows Internet Explorer 8" start popup?
After setting up Win7 my Internet Explorer start sometimes with a "Set up Windows Internet Explorer 8" (see attached snapshot). The user has only the choice between two buttons: NEXT and ASK ME LATER. But I miss a button "Don't display this dialog again" How can I permanently...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:45.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App