Virus "Please update your internet explorer" even after formatting

Wintermoon1919 · 20 May 2014

the logs

cottonball · 20 May 2014

Wintermoon,

After looking at the results of the programs run, nothing pops out at me that could cause the warning.

Presuming IE 11 and Chrome are your browsers. Have you previously taken action to Reset both browsers?

Use the PC for a day or two, and post back if, or, whether the warning comes back.

It could be that turning the computer off, and then starting it again may have cleared the issue, since it appears you ran ADWCleaner and the Junkware Removal Tool.

gregrocker · 20 May 2014

Web pages often try popups or anything else to get your attention to click on something, but if you don't you are usually safe. If ever in doubt and you can't close the browser, just end the task in Task Manager or shut down the PC. As I said earlier I think that was what you saw, nothing more.

UsernameIssues · 20 May 2014

The FRST.txt file reports the DNS servers to be:
23.253.94.129 (Rackspace Hosting) Which seems a bit odd.
8.8.8.8 (Google's)

Wintermoon1919 stated that "...all the other computers in the house don't have the virus"...
...and they probably have the same DNS settings
...so this might not help, but I would consider using OpenDNS on the router
...and maybe on each computer too (in case the router gets reset someday).

Wintermoon1919 · 20 May 2014

it's not a normal pop-up i cant close it and continue to surf the web normally

tomorrow i'll try other solutions and i'll keep you updated

andrew129260 · 20 May 2014

UsernameIssues said:

The FRST.txt file reports the DNS servers to be:
23.253.94.129 (Rackspace Hosting) Which seems a bit odd.
8.8.8.8 (Google's)

Wintermoon1919 stated that "...all the other computers in the house don't have the virus"...
...and they probably have the same DNS settings
...so this might not help, but I would consider using OpenDNS on the router
...and maybe on each computer too (in case the router gets reset someday).

I agree with username issues. Open dns would be a smart idea. It will also help you avoid problems like this in the future since it uses malware blacklisting.

Is the problem still going on?

Wintermoon1919 · 22 May 2014

yes i still have the problem

now i think that gregrocker will try to help me through TeamViewer

Wintermoon1919 · 24 May 2014

a part form solving the problem what do you think about the issue? what could it be?
(still have the problem btw)
thanks

edit:

this is my "host" file and my "router home page"...is everything all right?

gregrocker · 26 May 2014

Connected for Wintermoon and found rootkit.necurs.GO and two Trojans with MBAM. Rootkit was in drivers folder, apparently imported into the clean install with a driver.

After MBAM reboots PC and shows clean, the problem with all browsers persists with no ability to connect to the internet, blocked by apparent continued infection.

TDSS Killer finds nothing. SFC shows clean.

Since OP claims nothing imported except from the actual Chrome and other sites, no drivers imported since all were provided during install or Windows Updates, we looked at his router to find Firewall is diconnected.

After reconnecting router firewall I suggested he scan all other home PC's with MBAM, scan Win7 DVD with MBAM, then wipe the HD with Diskpart Clean Command to reinstall, again only getting drivers from installer and Updates.

Import nothing until browsers are tested.

Security specialists may have other solutions for rootkit.necurs.GO

andrew129260 · 26 May 2014

andrew129260 said:

Where are you downloading the driver from? What site?

I had a feeling it was that driver. Thanks for the update gregrocker.