Cannot download from IE9 or open windows defender

[razzledazzle94]

Hi,
I've recently encountered a problem with my computer, whenever I attempt to download or even save anything from internet explorer I get the message "(whatever I try to download or save) contained a virus and was deleted". so for example if I were trying to download the latest Microsoft security essentials it would read "mseinstall.exe contained a virus and was deleted". I immediately thought to switch on security essentials and windows defender to check for a virus only to have this message pop up for both instances "windows cannot access the specified device, path or file. you may not have the appropriate permissions to access the item" any help would be greatly appreciated. I am running windows 7 Home Premium 64bit. Thanks

 

[VistaKing]

razzledazzle94

Click on rb: type Internet Options inside Search programs and files search box and press <ENTER>

Click on the Advanced Tab

Scroll down to Security section

Uncheck Do not save encrypted pages to disk

Click OK

Then open up IE9 and try to download something

 

[cottonball]

razzledazzle94,

Let's hope I am wrong, but, this looks like the new variant of the ZeroAccess malware.

:info: Please go to the Farbar Recovery Scan Tool Download

Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to disclaimer.
Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt <<---


:info: Next, download Farbar Service Scanner

Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

 

[razzledazzle94]

razzledazzle94

Click on rb: type Internet Options inside Search programs and files search box and press <ENTER>

Click on the Advanced Tab

Scroll down to Security section

Uncheck Do not save encrypted pages to disk

Click OK

Then open up IE9 and try to download something

do not save encrypted pages to disk was already unchecked when I opened the window.

 

[razzledazzle94]

razzledazzle94,

Let's hope I am wrong, but, this looks like the new variant of the ZeroAccess malware.

:info: Please go to the Farbar Recovery Scan Tool Download

Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to disclaimer.
Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt <<---


:info: Next, download Farbar Service Scanner

Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

I cannot download this because as I explained in the OP, whenever I try to download or save from IE I get the error message

 

[VistaKing]

razzledazzle94

Do what cottonball said to do on post #3

Try another browser or Download on another computer and use a USB Flash Drive to transfer the file from a working PC to the non working PC ( the one with the download issue )

 

[VistaKing]

Try this

Click on Start rb: button type Programs and Features inside Search programs and files and press <Enter> . If you get a User Access Control dialog window click on the Yes button .

Uninstall any Toolbar software you see listed . After all of them have been removed restart the PC . Then try to download again from

:ADDED:

I recommend download one of the two below

:ar: Google Chrome 27.0.1453.110

:ar: Firefox 21.0

 

[razzledazzle94]

i've run both applications and it has saved the FRST.txt, FSS.txt and addition.txt but it wont let my ad an attachment to this post so I don't know how i'll show you them. there is a line in the FSS.txt that reads

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

do I need to remove this?

 

[razzledazzle94]

razzledazzle94,

Let's hope I am wrong, but, this looks like the new variant of the ZeroAccess malware.

:info: Please go to the Farbar Recovery Scan Tool Download

Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to disclaimer.
Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt <<---


:info: Next, download Farbar Service Scanner

Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

I've just read a thread you helped in earlier where the guy had pretty much the exact same problem as me so I think you may be able to help me out. thanks a lot for your time though vistaking

 

[VistaKing]

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

How did you download the programs ? That was Cottonball that helped the person out

 

[razzledazzle94]

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

How did you download the programs ? That was Cottonball that helped the person out

I downloaded the programs on another computer then transferred them onto this one. I'll upload the files now.

 

[VistaKing]

razzledazzle94

You do have Zero Access and adware . I will let cottonball help you

 

[razzledazzle94]

razzledazzle94

You do have Zero Access and adware . I will let cottonball help you

okay thanks for your help, I'll wait for him to come online

 

[cottonball]

razzledazzle94,

The reports are showing the latest version of ZeroAccess, and damage to Windows Defender and Microsoft Security Essentials.

Need to go out for a while, but will be back this evening.

In the meantime....

:info: Please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

:warn: Save ComboFix.exe to the Desktop

Disable your AntiVirus and AntiSpyware applications as they will interfere with ComboFix.
Info: http://www.techsupportforum.com/sec...1-how-disable-your-security-applications.html

Double click combofix.exe and follow the prompts.

When finished, it produces a log.
Please include the C:\ComboFix.txt in your reply.


NOTE: If you encounter a message "Illegal operation attempted on registry key that has been marked for deletion" and no programs run, please reboot to resolve the error.

After doing the above, please do not run any malware removal programs, or take any other actions.

Will catch up with you later.

Thanks for your patience.

 

[razzledazzle94]

razzledazzle94,

The reports are showing the latest version of ZeroAccess, and damage to Windows Defender and Microsoft Security Essentials.

Need to go out for a while, but will be back this evening.

In the meantime....

:info: Please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

:warn: Save ComboFix.exe to the Desktop

Disable your AntiVirus and AntiSpyware applications as they will interfere with ComboFix.
Info: How to disable your security applications - Tech Support Forum

Double click combofix.exe and follow the prompts.

When finished, it produces a log.
Please include the C:\ComboFix.txt in your reply.


NOTE: If you encounter a message "Illegal operation attempted on registry key that has been marked for deletion" and no programs run, please reboot to resolve the error.

After doing the above, please do not run any malware removal programs, or take any other actions.

Will catch up with you later.

Thanks for your patience.

well i can't turn off my antivirus software because ZeroAccess isn't letting me open it but i will run combofix anyway and post the results

 

[razzledazzle94]

okay so here's the outcome. after running Combofix my computer rebooted and everything seemed fine, when I clicked on MSE it came up with the error you expected whereby it told me "Illegal operation attempted on registry key that has been marked for deletion" so I rebooted again and now MSE opens fine (at last). it says in the history tab that there are 5 Trojans that need action but when I click remove all it comes up with the message
" security essentials couldn't remove some of the detected threats
the class is not configured to support elevated action "

any ideas? oh and here is the combofix.txt you requested

thanks again for your help

 

[VistaKing]

Can you upload the MSE logs

Should be in C:\ProgramData\Microsoft\Microsoft Antimalware\Support

:note: ProgramData folder is a hidden folder :note:

To show hidden folders

Click on the Start rb: button and select Computer
Press the Alt key on your keyboard and click on Tools or click on Organize
Select Folder Options
Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
Click Apply then click OK

 

[razzledazzle94]

I cannot upload the log because it exceeds the 2mb limit by quite a bit at 16mb

 

[razzledazzle94]

also, since rebooting after removing the ZeroAccess I keep getting pop ups telling me whether or not I am entering a secure or unsecure internet connection. any ideas?

 

[VistaKing]

I believe we still have work to do

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .