Malware or Mbam killed my IE

[specialk]

got a pretty piece of malware, so installed and ran the latest MBAM.

Either the malwares fracked up my internet connection on my little netbook, or MBAMs cleaning did.....I'm guessing it was the malware.

Here is a hand copied log of the removal from MBAM.

*********

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4174

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

6/6/10 10:13:21 PM

mbam-log-2010-06-06 (22-13-21).txt

Scan Type: Quick scan

Objects scanned: 126759

Time elapsed: 12 minutes, 28 seconds

Memory processes infected: 0

Memory modules infected: 0

Registry keys infected:4

Registry values infected: 2

Registry data items infected: 0

Folders infected: 0

Files infected: 3

Memory processes infected:

(no malicious items detected)

Memory modules infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry values infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run\owhsmmed (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Run\owhsmmed (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items infected:

(No malicious items detected)

Files infected:

C:\Documents and Settings\Avogel\Local Settings\Temp\1c6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1c8.tmp (Rootkit.TDSS) -> Delete on Reboot.

C:\Documents and Settings\Avogel\Local Settings\Application Data\kjfboraex\pvvclhstssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

**********

[gtyhfy]

Hello specialk,

As we don't work on Malware removal or diagnostics in this forum, please follow the directions below.

• Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  
• One of the expert helpers there will give you one-on-one assistance when one becomes available.
  
• After posting your new topic, make sure under options, you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.
  
• Please be patient when waiting for an expert help as the expert helpers can get a bit busy.
  
• Please try not to post back (bump) your topic within the first 48 hours. Expert helpers will find the topics which has a zero post count first. By doing so, expert helpers may think the topic is replied and jump to other posts.
  If there is no reply from any experts after 48 hours, you can reply the topic for asking help again or send a Private Message to a Moderator asking for assistance.
  
• Please do not alter the system (eg install or uninstall any software/ conduct some fixes) after posting unless it is told by the expert helper.Altering the system makes the expert more complicated about the picture of your system.
  

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please remember to quote your cleverbridge Reference Number from the confirmation e-mail.

Thank You

PS Please use the "ADDREPLY" button instead of other ones when you start replying.

[specialk]

Then ran Network Diagnostics for Windows XP

Heres ITS handwritten log. (yay)

HTTP,HTTPS,FTP connectivity

FTP(Passive): Successfully connected to ftp.microsoft.com.

HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established.

HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established.

HTTPS: Error 12057 connecting to www.microsoft.com

HTTPS: Error 12045 connecting to www.passport.net: The certficate authority is invalid or incorrect

Cannot make an HTTP connection

Cannot make an HTPPS connection

DNS Client Diagnostic

DNS - Not a home user scenario

Using web proxy: yes

No DNS servers

DNS failure

And the rest just looks like my personal IP addresses. Correct me if I'm wrong, but no positive point in posting the rest of this log?

So There it is. I've rerun MBAM a few times to make sure that all the detected malware was gone, and i restored IE to its original factory settings, via the internet options, but i still have no internet. Any suggestions?

[specialk]

Hello specialk,

As we don't work on Malware removal or diagnostics in this forum, please follow the directions below....

Just want to make sure: I have no issues with malware removal, i only mention them in passing, as they likely caused my PC issue of no internet connectivity....do you still want me to move this thread? Let me know, thanks!

[gtyhfy]

Hello,

You may want to try this -

(The first part can also be done in > Control Panel > Internet Options only if you can not open I.E.) -

STEP 01 - For XP

• Open Internet Explorer
  
• Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
  
• Click on Tools at the top and select Internet Options
  
• Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
  
• Click on the Connections tab
  
• Click on the LAN settings button
  
• Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  
• Click on the OK button to close the Local Area Network (LAN) Settings window
  
• Click on the OK button to close the Internet Options window
  
• Use this diagram as a guide
  
• Try updating Malwarebytes' Anti-Malware again and if it does not work then please proceed to Step 02
  

STEP 02

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop - The .bat extension is important
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt

  
  

• On Windows XP you can double-click the file to run it.
  
• On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

If no joy, it is worthwhile to have a free check by an expert to make sure it is not malware related. (See my post above for the instruction.)

Thank You -

Edit - by the way, it is advisable to upgrade your IE to version 8.

[specialk]

No luck with either attempt. I did notice a funny quirk, as i entered google.com , cnn.com, or any other website into IE, it said at the bottom:

"connecting to site 127.0.0.1" which is certainly not google! Any thoughts?

[Firefox]

Please take the steps outlined by gtyhfy in post #2 above....

[Jacktivity]

@specialk -

Have you checked your hosts file?

How do I reset the Hosts file back to the default?

[specialk]

@specialk -

Have you checked your hosts file?

How do I reset the Hosts file back to the default?

Back from summer break, finally can try what you suggested:

no luck, still having the same problem after using the FixIt program...openning a malware thread like originally suggested (HERE), will link back to this thread.