From: PA Bear [MS MVP] on
> ...this happened to the same computer a few months back, and
> after clearing out the trojan IE was doing the same thing it is now...
> ...I ended up formatting the hard
> drive and reinstalling Windows...

What anti-virus application or security suite was installed before you did
the clean install and was your subscription current?

What anti-virus application or security suite is installed now and is your
subscription current? What anti-spyware applications (other than Defender)?
What third-party firewall (if any)?

Did a Norton or McAfee free-trial come preinstalled on the computer when you
bought it (and which would have been reinstalled, but invalid, when you
reinstalled Windows)?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


CapCity wrote:
> PC is running XP Pro, SP3. For a few reasons, it has to run XP so
> upgrading
> to Windows 7 is not an option right now.
>
> It recently got hit with that fake Windows Security Alert trojan, where
> every time you go to open IE you get all these warnings instead fo the
> requested page, and every time you go to launch a Malware or Anti-Virus
> scan
> it blocks the executable.
>
> I got that cleaned out fairly easily, but Internet Explorer (version 6,
> SP3)
> won't load any pages. It always gives a "server not found/DNS error." If I
> go to the command line and ping a site, say www.google.com, it works fine.
> Only have problems when I try to use the browser. Outlook downloads email
> with no problem.
>
> I read somewhere about an IE with no plug-ins in the start menu (system
> tools) but I do not have that. I tried disabling all the add-ins manually
> in
> IE but get the same error. The security level is medium.
>
> The thing is, this happened to the same computer a few months back, and
> after clearing out the trojan IE was doing the same thing it is now. I
> tried
> some things then, but no luck. I even tried reinstalling IE, and then
> updating IE to a newer version with no luck. I ended up formatting the
> hard
> drive and reinstalling Windows since the computer was overdue for that,
> running slow because of glut and all. I do not want to do that again, so
> I'm
> hoping to just find out what is wrong with IE.
>
> Any thoughts? Thanks in advance.

From: CapCity on

"PA Bear [MS MVP]" <PABearMVP(a)gmail.com> wrote in message
news:e2MiFz2HLHA.3560(a)TK2MSFTNGP05.phx.gbl...
>> ...this happened to the same computer a few months back, and
>> after clearing out the trojan IE was doing the same thing it is now...
>> ...I ended up formatting the hard
>> drive and reinstalling Windows...
>
> What anti-virus application or security suite was installed before you did
> the clean install and was your subscription current?

This time it was AVG and Ad-Aware. The previous time it was Trend and
Ad-Aware. All subscriptions current.

>
> What anti-virus application or security suite is installed now and is your
> subscription current? What anti-spyware applications (other than
> Defender)? What third-party firewall (if any)?

AVG and Ad-Aware. The instructions I found for removign this mess had me use
Dr. Web as it has a random name for the executable which the trojan can not
detect and block. It worked, allowing Ad-Aware to run the scan and finish
the job. All current.

Firewall is the one that came with Windows.

>
> Did a Norton or McAfee free-trial come preinstalled on the computer when
> you bought it (and which would have been reinstalled, but invalid, when
> you reinstalled Windows)?

No. And the reinstall did not put one there.

> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
>
> CapCity wrote:
>> PC is running XP Pro, SP3. For a few reasons, it has to run XP so
>> upgrading
>> to Windows 7 is not an option right now.
>>
>> It recently got hit with that fake Windows Security Alert trojan, where
>> every time you go to open IE you get all these warnings instead fo the
>> requested page, and every time you go to launch a Malware or Anti-Virus
>> scan
>> it blocks the executable.
>>
>> I got that cleaned out fairly easily, but Internet Explorer (version 6,
>> SP3)
>> won't load any pages. It always gives a "server not found/DNS error." If
>> I
>> go to the command line and ping a site, say www.google.com, it works
>> fine.
>> Only have problems when I try to use the browser. Outlook downloads email
>> with no problem.
>>
>> I read somewhere about an IE with no plug-ins in the start menu (system
>> tools) but I do not have that. I tried disabling all the add-ins manually
>> in
>> IE but get the same error. The security level is medium.
>>
>> The thing is, this happened to the same computer a few months back, and
>> after clearing out the trojan IE was doing the same thing it is now. I
>> tried
>> some things then, but no luck. I even tried reinstalling IE, and then
>> updating IE to a newer version with no luck. I ended up formatting the
>> hard
>> drive and reinstalling Windows since the computer was overdue for that,
>> running slow because of glut and all. I do not want to do that again, so
>> I'm
>> hoping to just find out what is wrong with IE.
>>
>> Any thoughts? Thanks in advance.
>


From: PA Bear [MS MVP] on
How can I configure my Internet Explorer browser settings after I have
removed malicious software from my computer?:
http://support.microsoft.com/kb/895339

If still no joy, you've got another hijackware infection on your hands.
See...

Cleaning a Compromised System
http://technet.microsoft.com/en-us/library/cc700813.aspx

Back-up any personal data (none of which should be considered 100%
trustworthy at this point) then format the HDD & do another clean install of
Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT
fix this!

HOW TO do a clean install of WinXP: See
http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
http://support.microsoft.com/kb/978307

After the clean install, you will have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a local network (i.e., other computers) and
before using a flash drive or SDCard that isn't brand-new or hasn't been
freshly formatted:

4 steps to help protect your new computer before you go online
http://www.microsoft.com/security/pypc.aspx

TIP: Next time, install the more reliable Microsoft Security Essentials
instead of AVG Free:
http://www.microsoft.com/security_essentials/default.aspx

Other helpful references include:

HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
(after a clean install)
http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c

HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
clean install)
http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b

Tip: After getting the computer fully-patched, download/install KB971029
manually: http://support.microsoft.com/kb/971029

NB: Any Norton or McAfee free-trial that came preinstalled on the computer
when you bought it will be reinstalled (but invalid) when Windows is
reinstalled. You MUST uninstall the free-trial AND download/run the
appropriate removal tool BEFORE installing any updates, Windows Service
Packs or IE upgrades AND BEFORE installing your new anti-virus application
(which will require WinXP SP3 to be installed).

Norton Removal Tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

McAfee Consumer Products Removal Tool
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Also see:

Risks & Benefits of P2P file sharing
http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx
http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx

Steps To Help Prevent Spyware
http://www.microsoft.com/security/spyware/prevent.aspx

Steps to Help Prevent Computer Worms
http://www.microsoft.com/security/worms/prevent.aspx

Avoid Rogue Security Software!
http://www.microsoft.com/security/antivirus/rogue.aspx

If you need additional assistance, please begin a new thread in this forum:
http://social.answers.microsoft.com/Forums/en-US/xprepair/threads
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


CapCity wrote:
>>> ...this happened to the same computer a few months back, and
>>> after clearing out the trojan IE was doing the same thing it is now...
>>> ...I ended up formatting the hard
>>> drive and reinstalling Windows...
>>
>> What anti-virus application or security suite was installed before you
>> did
>> the clean install and was your subscription current?
>
> This time it was AVG and Ad-Aware. The previous time it was Trend and
> Ad-Aware. All subscriptions current.
>
>> What anti-virus application or security suite is installed now and is
>> your
>> subscription current? What anti-spyware applications (other than
>> Defender)? What third-party firewall (if any)?
>
> AVG and Ad-Aware. The instructions I found for removign this mess had me
> use
> Dr. Web as it has a random name for the executable which the trojan can
> not
> detect and block. It worked, allowing Ad-Aware to run the scan and finish
> the job. All current.
>
> Firewall is the one that came with Windows.
>
>> Did a Norton or McAfee free-trial come preinstalled on the computer when
>> you bought it (and which would have been reinstalled, but invalid, when
>> you reinstalled Windows)?
>
> No. And the reinstall did not put one there.
>
>> CapCity wrote:
>>> PC is running XP Pro, SP3. For a few reasons, it has to run XP so
>>> upgrading
>>> to Windows 7 is not an option right now.
>>>
>>> It recently got hit with that fake Windows Security Alert trojan, where
>>> every time you go to open IE you get all these warnings instead fo the
>>> requested page, and every time you go to launch a Malware or Anti-Virus
>>> scan
>>> it blocks the executable.
>>>
>>> I got that cleaned out fairly easily, but Internet Explorer (version 6,
>>> SP3)
>>> won't load any pages. It always gives a "server not found/DNS error." If
>>> I
>>> go to the command line and ping a site, say www.google.com, it works
>>> fine.
>>> Only have problems when I try to use the browser. Outlook downloads
>>> email
>>> with no problem.
>>>
>>> I read somewhere about an IE with no plug-ins in the start menu (system
>>> tools) but I do not have that. I tried disabling all the add-ins
>>> manually
>>> in
>>> IE but get the same error. The security level is medium.
>>>
>>> The thing is, this happened to the same computer a few months back, and
>>> after clearing out the trojan IE was doing the same thing it is now. I
>>> tried
>>> some things then, but no luck. I even tried reinstalling IE, and then
>>> updating IE to a newer version with no luck. I ended up formatting the
>>> hard
>>> drive and reinstalling Windows since the computer was overdue for that,
>>> running slow because of glut and all. I do not want to do that again, so
>>> I'm
>>> hoping to just find out what is wrong with IE.
>>>
>>> Any thoughts? Thanks in advance.

From: pjp on
So is MS Security Essentials a replacement for AVG, Avast etc.? I stopped
using AVG because it seemed such a hog every new version. Avast seems less
so but still annoying at times, e.g. mouse is ignored when opening IE for a
moment etc.

How is it "related" to MS Defender?

"PA Bear [MS MVP]" <PABearMVP(a)gmail.com> wrote in message
news:eag3Ud3HLHA.5680(a)TK2MSFTNGP05.phx.gbl...
> How can I configure my Internet Explorer browser settings after I have
> removed malicious software from my computer?:
> http://support.microsoft.com/kb/895339
>
> If still no joy, you've got another hijackware infection on your hands.
> See...
>
> Cleaning a Compromised System
> http://technet.microsoft.com/en-us/library/cc700813.aspx
>
> Back-up any personal data (none of which should be considered 100%
> trustworthy at this point) then format the HDD & do another clean install
> of Windows. Please note that a Repair Install (AKA in-place upgrade) will
> NOT fix this!
>
> HOW TO do a clean install of WinXP: See
> http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
> http://support.microsoft.com/kb/978307
>
> After the clean install, you will have the equivalent of a "new computer"
> so take care of everything on the following page before otherwise
> connecting the machine to the internet or a local network (i.e., other
> computers) and before using a flash drive or SDCard that isn't brand-new
> or hasn't been freshly formatted:
>
> 4 steps to help protect your new computer before you go online
> http://www.microsoft.com/security/pypc.aspx
>
> TIP: Next time, install the more reliable Microsoft Security Essentials
> instead of AVG Free:
> http://www.microsoft.com/security_essentials/default.aspx
>
> Other helpful references include:
>
> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
> (after a clean install)
> http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c
>
> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
> clean install)
> http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b
>
> Tip: After getting the computer fully-patched, download/install KB971029
> manually: http://support.microsoft.com/kb/971029
>
> NB: Any Norton or McAfee free-trial that came preinstalled on the computer
> when you bought it will be reinstalled (but invalid) when Windows is
> reinstalled. You MUST uninstall the free-trial AND download/run the
> appropriate removal tool BEFORE installing any updates, Windows Service
> Packs or IE upgrades AND BEFORE installing your new anti-virus application
> (which will require WinXP SP3 to be installed).
>
> Norton Removal Tool
>
> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
>
> McAfee Consumer Products Removal Tool
>
> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
>
> Also see:
>
> Risks & Benefits of P2P file sharing
> http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx
> http://blogs.technet.com/mmpc/archive/2008/10/06/the-cost-of-free-software.aspx
>
> Steps To Help Prevent Spyware
> http://www.microsoft.com/security/spyware/prevent.aspx
>
> Steps to Help Prevent Computer Worms
> http://www.microsoft.com/security/worms/prevent.aspx
>
> Avoid Rogue Security Software!
> http://www.microsoft.com/security/antivirus/rogue.aspx
>
> If you need additional assistance, please begin a new thread in this
> forum: http://social.answers.microsoft.com/Forums/en-US/xprepair/threads
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
>
> CapCity wrote:
>>>> ...this happened to the same computer a few months back, and
>>>> after clearing out the trojan IE was doing the same thing it is now...
>>>> ...I ended up formatting the hard
>>>> drive and reinstalling Windows...
>>>
>>> What anti-virus application or security suite was installed before you
>>> did
>>> the clean install and was your subscription current?
>>
>> This time it was AVG and Ad-Aware. The previous time it was Trend and
>> Ad-Aware. All subscriptions current.
>>
>>> What anti-virus application or security suite is installed now and is
>>> your
>>> subscription current? What anti-spyware applications (other than
>>> Defender)? What third-party firewall (if any)?
>>
>> AVG and Ad-Aware. The instructions I found for removign this mess had me
>> use
>> Dr. Web as it has a random name for the executable which the trojan can
>> not
>> detect and block. It worked, allowing Ad-Aware to run the scan and finish
>> the job. All current.
>>
>> Firewall is the one that came with Windows.
>>
>>> Did a Norton or McAfee free-trial come preinstalled on the computer when
>>> you bought it (and which would have been reinstalled, but invalid, when
>>> you reinstalled Windows)?
>>
>> No. And the reinstall did not put one there.
>>
>>> CapCity wrote:
>>>> PC is running XP Pro, SP3. For a few reasons, it has to run XP so
>>>> upgrading
>>>> to Windows 7 is not an option right now.
>>>>
>>>> It recently got hit with that fake Windows Security Alert trojan, where
>>>> every time you go to open IE you get all these warnings instead fo the
>>>> requested page, and every time you go to launch a Malware or Anti-Virus
>>>> scan
>>>> it blocks the executable.
>>>>
>>>> I got that cleaned out fairly easily, but Internet Explorer (version 6,
>>>> SP3)
>>>> won't load any pages. It always gives a "server not found/DNS error."
>>>> If
>>>> I
>>>> go to the command line and ping a site, say www.google.com, it works
>>>> fine.
>>>> Only have problems when I try to use the browser. Outlook downloads
>>>> email
>>>> with no problem.
>>>>
>>>> I read somewhere about an IE with no plug-ins in the start menu (system
>>>> tools) but I do not have that. I tried disabling all the add-ins
>>>> manually
>>>> in
>>>> IE but get the same error. The security level is medium.
>>>>
>>>> The thing is, this happened to the same computer a few months back, and
>>>> after clearing out the trojan IE was doing the same thing it is now. I
>>>> tried
>>>> some things then, but no luck. I even tried reinstalling IE, and then
>>>> updating IE to a newer version with no luck. I ended up formatting the
>>>> hard
>>>> drive and reinstalling Windows since the computer was overdue for that,
>>>> running slow because of glut and all. I do not want to do that again,
>>>> so
>>>> I'm
>>>> hoping to just find out what is wrong with IE.
>>>>
>>>> Any thoughts? Thanks in advance.
>


From: PA Bear [MS MVP] on
MSE's anti-spyware component is based on Defender "technologies." See
http://social.answers.microsoft.com/Forums/en-US/msestart/thread/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

pjp wrote:
> So is MS Security Essentials a replacement for AVG, Avast etc.? I stopped
> using AVG because it seemed such a hog every new version. Avast seems less
> so but still annoying at times, e.g. mouse is ignored when opening IE for
> a
> moment etc.
>
> How is it "related" to MS Defender?
<SNIP HIJACKED THREAD>
>> TIP: Next time, install the more reliable Microsoft Security Essentials
>> instead of AVG Free:
>> http://www.microsoft.com/security_essentials/default.aspx