Internet Explorer Corruption

Discussion in 'Windows Desktop Systems' started by NerdUprising, Jun 7, 2004.

  1. NerdUprising

    NerdUprising [ Method ]

    Messages:
    736
    Location:
    Kamarupta
    My computer has been relatively clean for a while, I keep my ports closed all the time, and just last night I ran AVG 6 full scan AND Spybot Search & Destroy, because internet explorer was acting...strange. (and to no avail, both came up clean)

    I don't use it at all anymore, save for changing ports on router (it's an HTML interface), and since IE is acting strange, that doesn't make me feel too safe...

    when I close a window, one out of every four or five times, I'll get a popup. But perhaps the most disturbing aspect is page modifying... for example, in this screenshot, "wine" is highlighted, and clicking on it leads to a page with price comparisons and crap like that. The properties of the link are in the screencap, so I hope that someone out there can offer me some assistance

    thanks, Nerd
     
  2. Hipster Doofus

    Hipster Doofus Good grief Charlie Brown

    Messages:
    5,920
    Location:
    Melbourne Australia
    Have you turned 'messenger' off in the services? It has nothing to do with windows messenger.
     
  3. NerdUprising

    NerdUprising [ Method ]

    Messages:
    736
    Location:
    Kamarupta
    it doesn't have anything to do with windows messenger at all... just IE.


    here are those screencaps that I, like the intelligent person I am, forgot to attatch before:
    one is of the most common popup, the other is of the type of links that appear, and the properties for that link
     

    Attached Files:

  4. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    your browsers been hijacked, I would post a hijack this log
     
  5. NerdUprising

    NerdUprising [ Method ]

    Messages:
    736
    Location:
    Kamarupta
    hmm, right after I posted that ^^ I checked IE again (because that search bar at the bottom hadnt been there any previous time, as you can tell by the two screenshots: one has the bar, the other doesn't)... the "zSearch Bar" showed up in the uninstall list in control panel, so I nuked it. That seemed to take care of the popups and the links, but it still makes me uncertain, knowing that that crap showed up without the bar before... worried it might come back. oh well, thanks NerdUprising for the advice on that one :p


    AND on a serious note, to Hipster Doofus, I wasn't even reading what you wrote correctly. AND now to j79zlr... because I still get weird popups, and the formatting for alot of pages shows up screwy... I'll drop a hijack this log here in a bit - thanks
     
  6. NerdUprising

    NerdUprising [ Method ]

    Messages:
    736
    Location:
    Kamarupta
    there were two entries related to that zSearch bullsh*t, which I took care of on sight... anything else look suspicious? (thanks, by the way)

    [edit] those stupid links showed up again...[/edit]
     
  7. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Remove these, if they come back, run CWShredder, http://www.spywareinfo.com/~merijn/files/CWShredder.exe

    Make sure you have all windows closed except HJT, and fix the following, then reboot

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...er=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
    O2 - BHO: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll (file missing)
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
     
  8. NerdUprising

    NerdUprising [ Method ]

    Messages:
    736
    Location:
    Kamarupta
    many thanks, j79zlr - I'll take care of that crap right after posting this...

    on a side note, I'd drop a reputation point on you, but it won't let me...apparently the last person I gave reputation to was also you...lol :)

    thanks again