Guest PA Bear [MS MVP] Posted May 25, 2010 Posted May 25, 2010 Speaking of W32/Alureon & MSRT, see http://blogs.technet.com/mmpc/archive/2010/05/21/msrt-may-threat-reports-and-alureon.aspx PA Bear [MS MVP] wrote: > [Who's "Pear Bear?"] > > You're welcome and thanks for your feedback. > > Before we get any deeper into the possibility of other hijackware's > presence > on your system, please tell me more about this "system restore" you did & > how you did it? > > Also tell me if IE7 and/or IE8 were installed when you did this "system > restore"? > > > Russell Ashenberg wrote: >> Dear Pear Bear, >> >> I first want to thank you for all your advice and assistance in this >> matter. >> I can see you are well versed in this area and are an asset to this >> newsgroups. I thank you for the idea of rescanning the computer again >> with >> other choices. I have scanned my computer so many times with >> superantispyware.com and bitdefender, and for some reason it did not pick >> up >> this win32/alureon.ct and win32/alureon.g issues that were in a backup >> folder that I have. I scanned it with the Microsocft Windows Malicious >> Software removal tool from May 2010 and it found these on my machine and >> removed one of them off the machine. Is there anyother information where >> to >> find out how to remove any last remnets of these off my machine. Since >> it >> did remove the files, IE6 has not so far crashed. I owe you a thanks for >> all your help and appreciate your being there. THANKS >> RussellA >> >> >> "PA Bear [MS MVP]" wrote in message >> news:uVZV343%23KHA.3880@TK2MSFTNGP04.phx.gbl... >>> With all due respect, hijackware's gotten very complex of late. No >>> amount >>> of scanning, be it by an installed application or online, will be able >>> to >>> detect and/or remove all of the "Bad Guys" or undo all the unwanted >>> changes the infections have made. Hence the aviso in Step 3 of my >>> previous reply: "DO NOT SKIP THIS STEP!!" >>> >>> The error you posted... >>> >>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting >>>> module >>>> unknown, version 0.0.0.0, fault address 0x6267e4a9 >>> >>> ...is a big, red flag to hijackware/security experts and very strongly >>> suggests that you're (still?) seeing the effects of a hijackware >>> infection. >>> >>> Then there's the not trivial matter of the "system restore on [your] >>> Windows" you mentioned in your first post: What exactly did you do and >>> how >>> did you do it? >>> >>> If perchance IE7 and/or IE8 had been installed and then you did a Repair >>> Install without having first uninstalled IE8 and/or IE7, IE6 is totally >>> horked now and your only recourse is to format the hard-drive & do a >>> clean >>> install of Windows. See... >>> >>> How to perform a repair installation of Windows XP if a later version >>> of >>> Internet Explorer is installed >>> http://support.microsoft.com/kb/917964 >>> >>> Furthermore, if you did a Repair Install in hopes of fixing an >>> already-present infection, it just doesn't work that way. >>> -- >>> ~PA Bear >>> >>> >>> Russell Ashenberg wrote: >>>> I appreciate your advice that I have been hijacked by an infection. I >>>> have >>>> had it thoroughly checked by Superantispyware, bitdefender, nod32, >>>> Microsoft malicious software removal and the machine is clean from >>>> anything. >>>> So I appreciate your writing to me about an infection, yet this issue >>>> has >>>> been a long time issue on my machine and thats why I am writing to see >>>> to >>>> upgrade to IE7 or IE8. >>>> >>>>> There is a very good chance that you are seeing the effects of a >>>>> hijackware infection! >>>>> >>>>> NB: If you had no anti-virus application installed or the subscription >>>>> had >>>>> expired *when the machine first got infected* and/or your subscription >>>>> has >>>>> since expired and/or the machine's not been kept fully-patched at >>>>> Windows >>>>> Update, don't waste your time with any of the below: Format & >>>>> reinstall >>>>> Windows. A Repair Install will NOT help! >>>>> >>>>> Microsoft PCSafety provides home users (only) with no-charge support >>>>> in >>>>> dealing with malware infections such as viruses, spyware (including >>>>> unwanted software), and adware. >>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 >>>>> >>>>> Also available via the Consumer Security Support home page: >>>>> https://consumersecuritysupport.microsoft.com/ >>>>> >>>>> Otherwise... >>>>> >>>>> 1. See if you can download/run the MSRT manually: >>>>> http://www.microsoft.com/security/malwareremove/default.mspx >>>>> >>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download >>>>> the >>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected >>>>> machine and rename it to SCAN.EXE before running it. >>>>> >>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >>>>> (only!) in Safe Mode with Networking, if need be: >>>>> http://onecare.live.com/site/en-us/center/howsafe.htm >>>>> >>>>> 2b. Vista or Win7=> Run this scan instead: >>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm >>>>> >>>>> 3. Now run a thorough check for hijackware, including posting >>>>> requested >>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!! >>>>> >>>>> Checking for/Help with Hijackware: >>>>> • http://mvps.org/winhelp2002/unwanted.htm >>>>> • http://inetexplorer.mvps.org/tshoot.html >>>>> • http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>>> • http://www.elephantboycomputers.com/page2.html#Removing_Malware >>>>> >>>>> **Chances are you will need to seek expert assistance in >>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >>>>> http://www.spywarewarrior.com/viewforum.php?f=5, >>>>> http://www.dslreports.com/forum/cleanup, >>>>> http://www.bluetack.co.uk/forums/index.php, >>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.** >>>>> >>>>> If these procedures look too complex - and there is no shame in >>>>> admitting >>>>> this isn't your cup of tea - take the machine to a local, reputable >>>>> and >>>>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair >>>>> shop. >>>>> -- >>>>> ~Robear Dyer (PA Bear) >>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002 >>>>> >>>>> >>>>> Russell Ashenberg wrote: >>>>>> The error message I get is this, >>>>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting >>>>>> module >>>>>> unknown, version 0.0.0.0, fault address 0x6267e4a9. >>>>>> >>>>>> I do not know where to look to fix this. >>>>>> >>>>>> >>>>>> >>>>>> Any advice? >>>>>> >>>>>> Russell Ashenberg >>>>>> >>>>>> >>>>>> >>>>>> "Russell Ashenberg" wrote in message >>>>>> news:uPyC53v%23KHA.5280@TK2MSFTNGP05.phx.gbl... >>>>>>> Tanks for your adivce. I did not mean IE beta team, just IE >>>>>>> newsgroup >>>>>>> team. IE6 sometimes hangs on me and have to ctrl, alt, and delete to >>>>>>> close >>>>>>> it and restart. I was told to upgrade to the later version of IE >>>>>>> and >>>>>>> wanted to know if I shall go to IE7 or IE8? >>>>>>> >>>>>>> Russell Ashenberg >>>>>>> >>>>>>>> Dear IE Team >>>>>>>> >>>>>>>> I am using Window XPSp3 and IE6 Sp3 on my machine. I needed [to?] >>>>>>>> do >>>>>>>> a >>>>>>>> system restore on my Windows recently and IE6 Sp3 has been acting >>>>>>>> funny. >>>>>>>> I want to know if should I upgrade to IE7 or go to the latest >>>>>>>> version >>>>>>>> of >>>>>>>> IE8? Is there anything I need to know before the upgrade process >>>>>>>> or >>>>>>>> issues that I need to be aware of? >>>>>>>> >>>>>>>> Keep me posted >>>>>>>> Russell A Quote
![Guest PA Bear [MS MVP]](https://freepchelp.forum/uploads/set_resources_1/84c1e40ea0e759e3f1505eb1788ddf3c_default_photo.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.