Virus "Please update your internet explorer" even after formatting

Page 9 of 10 FirstFirst ... 78910 LastLast

  1. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #81

    Please download RogueKiller from one of the following links
    •Link 1 > RogueKiller Download
    •Link 2 > RogueKiller - Geeks to Go Forum
    Save to your desktop:

    Close all programs and disconnect any USB or external drives before running the tool.

    Right-click and select: Run As Administrator
    Once the Prescan finishes, click: Scan

    When the Status box shows Scan Finished, please close the program, and make sure you do not fix anything!

    Please provide the report that opens in your reply.

    Thanks!
      My Computer
    Quote Quote

  3. Wintermoon1919
    Posts : 36
    Windows 7 Professional 64bit
    Thread Starter
       New #82

    ok i booted to peppermint and downloaded the files(MBAM,TDSS killer,PANDA cloud and RogueKiller) then i checked in windows with those tools

    MBAM and TDSS killer detected nothing while Panda cloud and RogueKiller detected something
    i'll post the logs of Panda and RogueKiller
    i'll post the log of my system info

    I cleaned the issues with Panda but i didn't touch nothing with RougeKiller(like cottonball told me)

    (the only thing that went slightly wrong is that i forgot to disconnect the ethernet cable while i was in windows for a maximum of 15 seconds then i disconnected the cable ; anyway i didnt open any browser so i hope it won't be a problem )
    Virus "Please update your internet explorer" even after formatting Attached Files
      My Computer
    Quote Quote

  4. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #83

    Hmm, logs look very interesting.

    By the way, great job at following the directions :)

    I am interested to see what cottonball thinks on these logs. It looks like Panda cloud cleaner detected a reg issue with explorer. But to be honest it looks like nothing. It appears it finds it weird that show file extensions are not enabled, which does not help. Give me some time to look at the others fully, yuor specs is what I am interested in right now.

    Code:
    Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
      My Computer
    Quote Quote

  6. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #84

    Wintermoon1919,

    Please run RogueKiller once again, and this time press: Delete (Cancellare)

    Also, please download aswMBR:
    http://www.bleepingcomputer.com/download/aswmbr/
    Save it to the pen drive, and then move it to the Desktop of the problem computer.

    Make sure your AntiVirus is temporarily disabled!!
    For information on how to disable protective programs, refer to this Link:
    http://www.bleepingcomputer.com/forums/topic114351.html

    Right-click the aswMBR file and select: Run as Administrator

    When prompted with: This Application can use the Avast! Free AntiVirus for scanning...etc.
    Select: Yes

    The last line of the run in progress will provide the status of the Avast! scan.
    It will say: Downloading Avast! virus definition database, etc.

    When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

    At this point, click the Scan button on the lower left of the aswMBR screen.
    The last line will now say "Scanning" while in progress.

    Upon completion of the scan, click >Save log< and save it to the Desktop.
    Note: Please do NOT attempt to fix anything!!
    Exit the program.

    Please post the aswMBR log in your reply.

    Note that a file named MBR.dat is also created on the Desktop.

    Please submitMBR.dat for analysis to the following online services that analyze suspicious files:
    Jotti's virusscan

    Please post the links for the file analyses in your reply.
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #85

    @andrew,

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "HideFileExt"=dword:00000000
    (Means : shown file extension)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "HideFileExt"=dword:00000001
    (Means : hide file extension)

    Isn't "HideFileExt"=dword:00000001 the default? That is what my Registry setting shows.


    Was a hard Reset done on the router? Where the manufacturer's instructions for a Reset followed?

    The software approach has not worked in this situation. Maybe a hardware approach will get rid of the issue...
      My Computer
    Quote Quote

  8. Wintermoon1919
    Posts : 36
    Windows 7 Professional 64bit
    Thread Starter
       New #86

    the log of aswMBR (i tried to attach the .dat file but it tells me "invalid file" 'cause i tried to open it with "windows block notes" and it gave strange letters and stuff.....

    i deleted the issues with RogueKiller

    i used Peppermint do download aswMBR and the fault page(update flash player etc etc)occured again but as a pop-up that i could easily close so again i think the problem might be on the internet/router/etc


    yes i did a reset by pushing the button on my router to try to solve the problem some weeks ago but nothing changed(for some minutes/hours i didnt come across the problem but then again it occured)
    Virus &quot;Please update your internet explorer&quot; even after formatting Attached Files
      My Computer
    Quote Quote

  10. gregrocker
    Posts : 50,642
       New #87

    I spoke with Rayda today who is swamped after just getting back from Hawaii, but she browsed the thread and wanted to know why the router had not yet been reset since there is a known issue with infection via the router. Didn't you just report that your phone browser became similarly infected when you connected?

    If your router is less than a year old it has manufacturer's tech support who can help you reset it and may know about this issue and additional steps including possibly flashing/reflashing a firmware update. I don't know where a virus would hide in a router but apparently there is a way a router becomes infected. I have seen viruses run all over my sister's network to hide until we unplugged all devices until they were each cleaned.
      My Computer
    Quote Quote

  11. Wintermoon1919
    Posts : 36
    Windows 7 Professional 64bit
    Thread Starter
       New #88

    yes my phone browser becomes infected when i connect to my home internet
    maybe i should call a technician
      My Computer
    Quote Quote

  12. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #89

    I would just buy a new router. Only way to be sure it is gone. If you have a router/modem all in one unit, just get a modem yourself, or just a modem from your ISP. Then buy a new router




    And yeah cottenball, hide known file extensions is the default. I am just more surprised that that is the only thing panda cloud cleaner found. And normally antivirus apps do not report on setting change like that one. Things like the firewall being disabled and other stuff yeah, but not the fact that hide known file extensions was not enabled. It was just odd thats all.
      My Computer
    Quote Quote

  13. gregrocker
    Posts : 50,642
       New #90

    What button was used to reset router? It's often recessed. Once the reset button is pushed you need to dial back in to set up your password again, enable Firewall.

    If you've provided everything requested by Security experts after the last reinstall and are ready to connect to the net to see if the problem persists, I suggest you plug into only the Modem and exclude the router. Run all rounds of Important and Optional Windows Updates after enabling Automatically deliver drivers via Windows Update (Step 3), until there are no more. Install Chrome from the Google site and test it. Do normal internet browsing with no programs installed yet.
    Last edited by gregrocker; 29 May 2014 at 16:34.
      My Computer
    Quote Quote

 
Page 9 of 10 FirstFirst ... 78910 LastLast

  Related Discussions
IE 11 stopped working as the alert states. Supposedly it is checking on a solution, but none has come back after several days of not working. I have no idea why this has happened. I certainly don't mind deleting the program and installing a new one, but I can't see how to do this. Luckily...
Comodo Security Solutions is listed as a "Trusted Publisher" in both Word 2007 as well as IE 10 Preview. I was unable to remove it even after reverting to IE8. Running WIN 7_64 and IE10 currently with Kaspersky Internet Security 2013. I was able to remove Comodo Security Solutions from "trusted...
"dependency chain" "windows 7" internet "windows explorer" At the time of this writing, this search in Google will produce one result at best. Am I searching the wrong things? I have tried a couple handfuls of variants, and I am coming up with zilch. Though I am fairly well versed in...
I apologise for in advance for not being able to ask the question clearly, but if I could do THAT I could probably figure this out on my own. Win7 is different in that the "Favorites" drop down menu has EVERYTHING on my entire computer, and I have to manually poke arond and figure out where the...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:10.
Find Us