Virus closing Outlook & IE

[rbg]

Hey guys,
Everytime I try to open Outlook, Internet Explorer or Norton Anti-virus, the programs open and then close immediately. I tried running system restore but it isn't loading for some reason. Does anybody have an idea about what virus this is? Thanks for your help.

 

[Schadenfroh]

post your hijackthis log, instructions and download in sig. sounds like a nasty one

try rebooting into safemode with networking and running an online scan like housecall if IE will stay open

 

[rbg]

I tried running Hijackthis and I got the following error prompt.

An unexpected error has occurred at procedure: modMain_FixUNIXHostsFile()
Error #28 - Application-defined or object-defined error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.98.2

 

[mechBgon]

If you have another system with properly-armed antivirus software, you could put the affected drive into the other computer as a second drive and scan it that way. Make sure you go through all the scan settings and set it up to play hardball. Scanning with heuristics, within compressed files, no exceptions/exemptions. While it's in there, also rescue your data files, Favorites, etc, and then you will have the option to just nuke it and reinstall Windows if it's looking like a protracted battle.

Bigger picture: how did this happen? Are there preventive measures you will want to take in the future? I could offer some suggestions...

1. Set strong passwords on all accounts
2. Make an Admin-class account that you use only for Admin stuff, and make Limited / Restricted-User-class accounts for each person (including yourself) who will be using the computer, as your daily-driver accounts
3. Patch your Windows thoroughly and enable Automatic Updates
4. Run a software firewall (WinXP SP2 firewall or ZoneAlarm free)
5. If you have broadband, also run a hardware firewall (router)
6. Obviously, run antivirus software and configure it to update its definitions automatically, daily if you have the option. Use heuristics, scanning within compressed files, no exceptions. Have it set up to nuke infected stuff on sight without asking the user first, if you have that option.
7. Avoid risk factors (yeah, you know what I mean )
8. Install and run Microsoft Baseline Security Analyzer 1.2.1 to see if you've missed some stuff after going through Windows Update.
9. Enable WinXP SP2's Data Execution Prevention, if you have WinXP. Instructions are under Ongoing Prevention here.
10. I would also leave System Restore permanently turned off since it's probably the #1 refuge for viruses to hide in.

Good luck!

 

[Schadenfroh]

try PepiMK's CWSmartkiller to see if it will fix it so you can run hijackthis

 

[fuzzynavel]

How do you know you have a virus???????

or are you just presuming??

 

[rbg]

Schad, I ran CWSmartkiller and it said I didn't have the virus and hijackthis still isn't working. Mech, some good tips in there. I'm gonna try that Microsoft Baseline Security Analyzer because all these problems occured right after a Windows Update (came into office, someone had done a Windows Update and the prompt to restart comp was up. Restarted and that's when issues occured). Fuzzy, I don't know for sure if I have a virus, I am presuming. Do you think it could be an issue with Windows Update? Thanks.

 

[Schadenfroh]

can your run hijackthis in safe mode?

 

[rbg]

I tried running Hijackthis in safemode but still got the same error. This is the last line of code that appears in the Hijackthis window after trying to scan:

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_-(no file)

Don't know if this means anything or has anything to do with why the program keeps getting unexpected errors. I also just downloaded the Win XP SP2 update and ran it again. Hasn't changed anything. I'll try the MS Baseline Security Analyzer next.

 

[Schadenfroh]

explain your problem to these people and do tell us how it was resolved

 

[rbg]

We called a tech guy and he came in and resolved the issue. Apparently my browser was being redirected to a bunch of different porn sites. He showed me the host.bak file and it showed a list of random porn sites. He tried all the steps you guys told me to follow and he finally was able to detect something with Spy Sweeper. He also said something about running a program for WinSock and cleaning it up. Thanks for all the suggestions though and now I know where to look & what to do in case I'm having virus troubles.

 

[Schadenfroh]

Originally posted by: rbg
We called a tech guy and he came in and resolved the issue. Apparently my browser was being redirected to a bunch of different porn sites. He showed me the host.bak file and it showed a list of random porn sites. He tried all the steps you guys told me to follow and he finally was able to detect something with Spy Sweeper. He also said something about running a program for WinSock and cleaning it up. Thanks for all the suggestions though and now I know where to look & what to do in case I'm having virus troubles.

winsockfix xp?