Firefox

Here is a Windows installer to create the IP Policy shortcuts. It basically runs the REG command line tool and sets the registry values or removes them. Caveats: 1. Only installs on x86 (32 Bit) 2. Only tested on English XP/Vista Operating Systems (may work on non English but preliminary tests indicate it does not work on other languages) 3. Assumes user did not change default installation path: C:\Program Files\Malwarebytes' Anti-Malware 4. Users on Vista will need to either have UAC disabled (not recommended) or right click on the desired shortcut and chose Run As Admin 5. Reboot is required for most of these changes to function 6. User must have Admin rights to run the installer If you hover your mouse over the shortcut it also has a tooltip description of what it does. This will also create an entry in Add/Remove to uninstall the shortcuts when the GUI is updated to support this on it's own which is expected to be released in the next release version of MBAM. download - mbam_ip_policy_shortcuts.zip

IP's are added if they are known to be on servers that have malware on them. Of course there are times that some IP may be there by accident, so you have to post them in the False Positive section LOCATED HERE for analysis and if it is found to be safe, then it is removed.

For a 732 Error.... Step 1: Verify Internet Connectivity of Internet Explorer: Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download ERUNT from here ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe Once you've completed backing up your Registry, please do the following: Click on Start and select Run In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f Try updating again and if it does not work then please proceed to Step 2 Step 2: Verify Your Internet Connection Settings: Open Internet Explorer Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser [*]Click on Tools at the top and select Internet Options Note: If you do not see Tools, press the Alt key on your keyboard and it will show up [*]Click on the Connections tab [*]Click on the LAN settings button [*]Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it [*]Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it [*]Click on the OK button to close the Local Area Network (LAN) Settings window [*]Click on the OK button to close the Internet Options window [*]Try updating Malwarebytes' Anti-Malware again to see if it now works correctly Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3 Step 3: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs: For Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For Windows Vista or Windows 7: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 64 bit versions of Windows Vista or Windows 7: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\SysWoW64\drivers\mbamswissarmy.sys Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well Step 4: Ping the Content Delivery Network For Windows XP: Click on START - RUN and type in or Copy/Paste the following and verify that you get a response CMD.EXE /K PING mbam-cdn.malwarebytes.org For Windows Vista or Windows 7: Click on START and in the search line type in CMD and press the Enter key Then in the DOS console window type in the following and press the Enter key and verify that you get a response PING mbam-cdn.malwarebytes.org The FAQ contains examples of setting file exclusions for some known AV products.

Hello IanCraig, and welcome to Malwarebytes.org Indeed it seems that you still have an active infection on your computer.... Please follow the instructions below to have an expert help you with cleaning it up.... We don't work on Malware removal in the general forums. Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available. After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post. Please note that it may take 72 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 72 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

Hello and welcome to Malwarebytes.... Were you able to download and install Malwarebytes, update it and run a quick scan?

+1

if I am not mistaken, the delayed start was put in place to allow all other programs to load first, especially your anti virus software to prevent the possibility of lockups at start-up.

if you have a specific error code, or perhaps the name of the malware that is installed on your system perhaps we could point you to a self help guides LOCATED HERE Otherwise follow the instructions from Maurice Naggar above....

Please try the following to see if it helps: Windows XP: Click on Start and select Control Panel Open Add/Remove Programs Uninstall Malwarebytes' Anti-Malware Restart your computer very important Download and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it. Windows Vista and Windows 7: Click on the Start button and select Control Panel Click on Programs and Features Uninstall Malwarebytes' Anti-Malware Restart your computer very important Download and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Looks Great

takes a while to start for me but it does start downloading after a small wait....

yes that is what you do with the free version.... if you have the full version, next time it is scheduled to do an update, it will download the new version and ask you to install it....

when the new version comes out, all you will do is click on Update like normal and it will download and install over version 1.44

Check your IE proxy settings make sure that the malware did not add a proxy to redirect your searches, if that does not help then follw the instructions by Buttons

That is a good idea, keep us posted....

RubberDucky just so you know, I have performed what this user is asking, and I have been able to do a scan the whole drive, but it the profile was set to private, then you can not access the files, but if it had a password on it, you can still see the files. If they are private you would have to take control of the folder. Of course by doing that, if the user had encryption enabled on those folders, they could loose all files that had the encryption. If you are interested in the exact steps I take, then send me a PM and I will explain in further detail, as doing it here would or could cause problems if someone decided to follow those steps. (I am in the business and know what I am doing so I would know how to recover if something happened).

just to add.... You can submitt the file RIGHT HERE in our false positive section to see if the file indeed is malicious or just a false positive.

If you had not clicked on Remove Selected, then you were still infected.... If you now clicked on Remove Selected and the infections were removed, you restarted and ran another quick scan and you come out clean, then more than likely you are done with the cleaning process. If you feel you want to make sure, just wait for the replies in the HJT section and they will check for you. You might want to point the experts to this thread so they can see you cleaned out the infections.

Hello and Welcome to Malwarebytes.... You can try this below: Disable Internet Explorer Proxy Settings You can also try the following to see if it helps. Disable Internet Explorer Proxy Settings It is very important that these steps be carried out exactly as shown otherwise the fix will not work. If you have any questions please ask before moving on. Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document. Then save the file as "fixme.bat" to your Desktop In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file. @ECHO OFF reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f On Windows XP you can double-click the file to run it. On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes This will flash a black DOS box very quickly and go away, this is normal. Now relaunch Internet Explorer and see if you can connect to the Internet.

My results.... With IP Protection ON: 22.73 Mbps down 1.87 Mbps up With IP Protection OFF: 21.03 Mbps down 1.87 Mbps up No problems at my end on three different computers (all run 32 bit versions of windows) I get better speeds with it on

@ Ray C although this malware is hard to remove at times, there is no need to direct folks to unknown sites for removal instructions. We have self help guides loacted RIGHT HERE We also provide free help in our Malware Removal - HijackThis Logs section where they can have Trained Experts provide them with step by step instructions for removing any malware from their computers.

Below you will find the location of all the files that need to be exclude..... Please exclude the following files from your antivirus: Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well For Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 32 bit versions Windows Vista or Windows 7: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 64 bit versions of Windows Vista or Windows 7: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\SysWoW64\drivers\mbamswissarmy.sys Please post back and let us know how it went.

Hello , and welcome to Malwarebytes.org Here's a quick guide for you..... (remember to update Malwarebytes first before you perform a scan) How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 Try the steps located Right Here If the above instructions don't work, then please follow the instructions below... We don't work on Malware removal in the general forums. Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available. After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post. Please note that it may take 72 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 72 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

Hello and Welcome to Malwarebytes.... Look at issue # 15 Section A LOCATED HERE see if that helps you.

I believe that is a non standard partition on your hard disk, and MBAM does not support it.... If I am wrong, AdvancedSetup or Exile will correct me.