Defrag not working and other stuff

Hi kneadtoknow, and welcome to the forum;

Did you try all the fixes mentioned in this post?
http://www.theeldergeek.com/forum/index.php?showtopic=28251&view=findpost&p=178757

It sounds like you still might have malware, since your links are being re-directed. What anti-virus and anti-spyware scans did you run? Can you check their logs to see what was detected, and copy/paste the results here?

I wouldn't do a System Restore. It will just restore to a previous (and presumably more) infected state.

It is also possible that your scans detected a false positive (a non-infected file) that was necessary. Did you delete those detections, or did you quarantine?
-------------------------------

As a first step, I would download, install and run the free Malwarebyte's Anti-Malware (MBAM) scanner. Full instructions on how to do this are in Bugbatter's reply in this thread:
http://en.community.dell.com/forums/t/19275450.aspx

You might want to print out those instructions first.

Let us know what it finds.

 

Hi Joe53, and thank you for the welcome!  I'm sorry I'm just replying to your response; and thank you for it!  I have been working trying to get the computer repaired.  Some how on my searches, I came across another forum "The Elder Geek on Windows" and posted my troubles.  They sent me instructions for different scans that what I'd already done.  One was what you suggested.  I sent all the logs they requested and the diagnosis is that my computer is severely infected with backdoor trojans and rootkit mal-ware.  I'm not a technical person, but they sent links to explain these things and now I know that they're not very friendly and can hide and "lie" and be coded to not be detected by scanning.  I also found that they can break up and little pieces can hide out and I'll never know they're there until they lead the way for other infections. 

The Elder Geek folks gave me lots of info so that I could make an informed decision and my decision is to format and reinstall Windows XP Home Edition SP2.  That way, I'll have a clean slate.  From the instructions they sent, it seems like a very time-consuming and difficult thing to do and should only be done as a last resort to cleaning and repairing.  They also suggested as you did, to NOT do a system restore; and for the same reason you gave.

I just have so many questions BEFORE I start.

Thank you.

Kneadtoknow

Hello Bugbatter:

I will supply the link to the logs.  First, I have to tell you that the junk SuperAntipspyware found on the system is still there; because I was afraid to delete it before the Elder Geek folks looked at the log.  I think it's in quarantine.  But the stuff the Malwarebytes found is "gone"; I hope.

From what they said on the other forum, it seems like my best bet is to format and reinstall Windows.  Below is the link and you can see my posts as well as the information sent to me. 

http://www.theeldergeek.com/forum/index.php?showtopic=36993

Please, let me know what you think.  Thank you.

Kneadtoknow

Hi, kneadtoknow,

Can you please provide the link to your thread at Elder Geek so the researchers can review the logs? Thank you.

Hi Bugbatter:  Forgive me, my brain is a little mushy and spongy right now, because of this issue!  I've been working on this for over a week now.  Let me understand.  Are you saying that The Elder Geek is part of the Dell Forum; as you mentioned I had a different username?  When I was searching for help, I was/am desparate and I guess I was clicking and joining forums.  But this Dell and Elder Geek are the only two.  Now, are they the same?  Or part of each other?

When you say, you'll "meet" me in my thread on the Malware Removal forum . . . which one is that?  I only made two separate posts in here.  Are you speaking about the Virus and Sypware Removal?  I need to be led by the hand at this point.  I'm so overwhelmed witn information (that I don't understand, by the way) that I'm getting confused. 

I thought I joined two separate forums:  Dell and Elder Geek.  So in here I'm kneadtoknow and in the Elder Geek I'm PCGirl.  I'm going to have to sign off because I have a funeral to attend, but I'll log back in tonight to see your reply.  If you can help me without doing the formatting and reinstalling I'm willing to try. 

And yes, I will have a talk with my granddaughter about her game playing.  That's why I was a little confused.  I play online games such as solitaire and such; but I have only a few sites that I go to all the time and my computer is fine.  Neither of us are playing those multi-player games.  We play things like Family Fued, dress up dolls.  But I did notice that some of the sites she goes to the "start" and such are written in Chinese.  I read somewhere that China is No. 1 with malware and the U.S. is No. 2.  I'm getting ready to give her a laptop for her 6th grade graduation and I will certainly discuss this with her.

I'll "talk" with you later.

Thanks.

Kneadtoknow

P.S. Please tell me which forum to go to and find you.

Ah, I see that the problem was that you used a different username over there.  It's usually best to stay within the same forum. We may have been able to fix this when you first posted at Dell if you had posted your logs here as joe53 requested.

At this point you don't have much to lose. We may end up telling you to reformat anyway, but I think we can use a more powerful tool and dig a bit deeper to get that mess out of there. I suggest that you have a lecture with the youngster who has been using the computer for those online games. The best security is the person sitting in the chair behind the computer. I would not like for her to be the cause of having your identity stolen and any accounts wiped out.

Having said that, I'll meet you in your thread on the Malware Removal forum.

.

Are you saying that The Elder Geek is part of the Dell Forum; as you mentioned I had a different username?

No, but I see that joe53 referred you to that site to run some tests. He asked you to post some results here, but you must have misunderstood and stayed over there.
joe53:"Can you check their logs to see what was detected, and copy/paste the results here?"

No problem. We found the logs now that you posted the link. Thank you. :emotion-1:

Here is your thread in the Malware Removal forum: http://en.community.dell.com/forums/t/19276846.aspx

I have posted some instructions there for you. If you are tired, simply disconnect the computer from online, and come back to do the cleaning procedure when you are rested.  You will need to be able to think clearly in order to continue with those instructions. Most important is not to allow anyone to work on the computer online or off until we have finished cleaning. Not only are you running a vulnerable version of IE, but you have other vulnerabilities as well. Use that computer to come here and download our recommended tools from their sites, but please do not do any surfing until we have finished cleaning and have verified that all is well.

I have been following this thread over in Malware Removal with great interest:
http://en.community.dell.com/forums/t/19276846.aspx

I must say, kudos to both Bugbatter and to kneadtoknow on the successful resolution of this problem, without the need to reformat or re-install, as recommended by other experts. I had my doubts, but your success has re-affirmed my faith in the malware removal process, when both parties are committed to a resolution.

Brava!

 

Hi joe53:

Thanks for the kudos!  There was no way in the world I could have done this WITHOUT Bugbatter!  The directions were so very detailed.  I just did what he asked me to do and kept hope alive that it would work!  I was not looking forward to reformatting and reinstalling and Bugbatter said I may have to end up doing it anyway; so I didn't have anything to lose and everything to gain!

I'm going to move forward with Bugbatter's suggestions on how to keep as safe as possible and implement those suggestions on both desktops AND my laptop!  I've already had a little talk with my granddaughter and we've agreed which sites she can visit for games; especially since we're giving her a brand new Dell Inspiron for her 6th grade graduation present!

I give huge kudos to this forum for having experts like Bugbatter; and extra huge kudos to Bugbatter who stuck with me; sent speedy replies; and knew his "stuff"!  If you see this, Bugbatter, again, THANK YOU VERY MUCH!

Peace,

Kneadtoknow

 

Okay joe53 and Bugbatter if you see this:  You're NOT going to believe what's happening now!  I am on MY desktop . . . the one that was okay.  Right now I'm in Safe Mode because that's the ONLY way it will do anything! 

This morning, I started to put this one in a better position to NOT get "jacked".  I purchased and downloaded Malwarebytes for real-time scanning.  I installed CCleaner; but didn't do anything with it other than take out a file that I no longer have when I had AVG scanner.  I also updated to Java 6 Update 14.  And the last thing I did was to upgrade to IE 8.  Then I had to reboot, and that's when it started . . . or should I say nothing!  The PC booted up, the icons came in the task bar and everything showed up except Verizon Internet Security Suite.  So I don't know if the problem is with that or if the problem stems from IE 8.  Everything went okay until I put on IE 8.

I have to go out right now, so I'll check back here later.  I'm not posting anywhere else in the forum other than right here.  And I haven't gone over to The Elder Geek.  I hope I can open up Outlook in safe mode; because that's the only way I'll be able to get your response!

I can't believe it!  I'm writing AGAIN for help; but on the computer that I was trying to protect!  Please Help!

Thanks.  I'm sorry; I don't know if I should make a NEW post or not.  If you see this, you can let me know if I should move it or make a new topic somewhere else.

Kneadtoknow

Hi again:

Ouch! Installing IE8 can be a problem, if  you don't take certain precautions and preparations, such as disabling some running background security programs. (see link below).

Meanwhile, a few questions:
1) Did you install IE8 via Automatic Updates, or via Windows Update website?
2) What is your desktop's Windows operating system (Vista, XP), edition (Home, Pro etc) and service pack #?
3) When you access the internet in Safe Mode, which version of IE do you see?
4) When you re-boot into Windows (not safe mode) is there an IE icon on your desktop?
If so, right-click on it, and select "Start without add-ons", if present. If this opens IE, do not surf the net til we determine your Verizon Security is working properly.
5) Which version of IE, if any, is listed in your Add/Remove Programs in Control Panel?
(Start>Settings>Control Panel)
6) Are you receiving any error messages? If so, please post the full and exact text.

Post subject: IE8: Tips, Caveats and Helpful Links
http://aumha.net/viewtopic.php?p=213367#p213367

Hi joe53:

Thank goodness you saw my post!  Can you believe it?  Right now, I'm on the new and improved PC that just got cleaned and repaired!  I'm using this since you said don't get on the internet until my Verizon Internet Security Suite is back in play.  Sorry, I'm just replying.  When we got home last night, we had thunderstorms so I couldn't get back on the computer.  Then it got too late.  I appreciate your prompt reply.

To answer your questions:

1.  I installed IE 8 from the Microsoft Windows website.  I didn't want to take a chance getting it from another source (if that's possible).

2.  I'm using a Dell Dimensions 2400 with Windows XP Home Edition SP3.

3.  When I accessed the internet in Safe Mode, it's IE 8.

4.  BEFORE I wrote my first post on this issue I was in Safe Mode.  That was the only way to do anything because when I downloaded IE 8 and then rebooted, the desktop froze; I couldn't click on anything.  I clicked on IE  (in Safe Mode) and it opened; but a dialog box also opened.  I clicked on Learn More and it took me to a help page in Microsoft to tell me why I needed to click "Start without add-ons".  So I clicked it.  I don't think I did any other surfing because it was in Safe Mode and I was afraid to do anything else.

5.  When I looked in Add/Remove, I saw "Windows Internet Explorer 8"

6.  No, I'm not getting any error messages.  The Verizon Internet Security Suite logo pops up like it normally does on start up ; then it seems like it's trying to bring up the application, but the icon never comes into the task bar  (CounterSpy and Malwarbytes do).  Then I get the "system working" hourglass a few times and that's it.  Then the system is frozen.  The cursor moves; but I can't click on anything . . . not even "Start" to reboot or turn it off.  I have to manually turn it off from the CPU and then reboot into Safe Mode.

I will check out and print the info on the link you sent and do the preps BEFORE downloading IE 8 on the newly recovered PC.

Thanks for all your help.  I did a reboot into non-safe mode and the system is still locked; I can't click on anything at all.

Peace,

Kneadtoknow

Hi Kneadtoknow,

I purchased and downloaded Malwarebytes for real-time scanning.  I installed CCleaner; but didn't do anything with it other than take out a file that I no longer have when I had AVG scanner.  I also updated to Java 6 Update 14.  And the last thing I did was to upgrade to IE 8.

So this is not the computer that we did the malware removal on? I have a feeling that when you did all this on this other computer that you may have missed a reboot after you ran CCleaner and installed other programs before trying to install IE8.  You may have had files from those programs' installations running in memory while IE8 was installing.  joe53 is our Dell Community volunteer expert with IE, so I'm sure he'll soon have that desktop in good shape.  I do have one question: When you are in Safemode, can you access System Restore?  Don't do anything with it yet, but I'm just wondering in case you need it.

Hi Bugbatter! 

No, the computer with the issue now is my computer that I was trying to PROTECT with the suggestions you gave to me and I didn't know that certain steps had to be done or the system needs to be PREPARED for IE 8.  That's why I was still using IE 6 because I tried 7 and didn't like it. 

Can you believe it?  So, right now, I'm typing this on the system you saved for me just the other day!  Okay, so I turned off the computer and rebooted in Safe Mode.  On that black screen I saw several  options to choose from.  One was to go to: Last known good configuration (your most recent settings that worked).  I skipped that and chose "Safe Mode with Networking".

Once the reboot continued and finished, I clicked on "Start" and went to programs and I found "System Restore".  I DID NOT click on it; but it's there; so I can access it!

Thanks, Bugbatter!  I didn't know I'd be back so soon!

Peace,

Kneadtoknow

Hi:

Sorry for the delayed reply- long day at work.

Thanks for all the info. The fact that IE8 works in Safe Mode tells us that it installed at least enough to work when a lot of other programs are disabled. And upon checking the system requirements for supporting IE8, I should think your 2400 with XP/sp3 would pass. (I'm assuming you have at least 64 MB of RAM, which is the minimum required).

I'm also assuming you had installed XP's SP3 successfully prior to installing IE8, and not simultaneously or even the same day.

I'm thinking Bugbatter's analysis is correct, plus the fact your resident Verizon or other security defenses might be blocking the full install of IE8 at bootup into Windows when other new downloads  are trying to do the same. Too much trying to load and install at startup=>system lockup.

Here is the problem- while it is true you can uninstall IE8 in Add or Remove Programs in Windows XP, and your previous version of IE will be restored (IE6), I have doubts this can be done in Safe Mode, because of the reduced functionality of Safe Mode, and I would not advise trying this. And since you cannot boot into Windows, simply uninstalling IE8 (or any other program, in Safe Mode) is not the solution.

Which means that a System Restore to a date prior to your attempts to upgrade your security may be your best option, but I'm not an expert (thanks for the plug, Bb!) to suggest that in your  particular circumstances. We still do not know if you even have any restore points to restore to, dated prior to these problems.

What I would suggest is that you contact MS via phone for advice, as there may be a better solution:

"Consumer Support:

No-charge phone support for Internet Explorer 8 (installation, set-up and usage only) is available through 31 December 2009. Customers must be running Windows XP or Windows Vista in a non-domain environment. Advanced issues which do not qualify for no-charge support include problems that are associated with software and hardware development, network connectivity, server-based technologies, and business-critical systems.

•US & CA Residents: 1-866-234-6020"

For future reference, I note that Robear over at aumha suggests you download IE8 not from Windows Update website, but from here: http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx
Then disconnect from the internet, disable your defenses, and run the installer from your desktop, which is what I did.

Finally, continue to use your good PC for further communications here for now, as Safe Mode with Networking is not secure.

Best of luck, and let us know what MS has to say.