P
PA Bear [MS MVP]
Speaking of W32/Alureon & MSRT, see
http://blogs.technet.com/mmpc/archive/2010/05/21/msrt-may-threat-reports-and-alureon.aspx
PA Bear [MS MVP] wrote:
> [Who's "Pear Bear?"]
>
> You're welcome and thanks for your feedback.
>
> Before we get any deeper into the possibility of other hijackware's
> presence
> on your system, please tell me more about this "system restore" you did &
> how you did it?
>
> Also tell me if IE7 and/or IE8 were installed when you did this "system
> restore"?
>
>
> Russell Ashenberg wrote:
>> Dear Pear Bear,
>>
>> I first want to thank you for all your advice and assistance in this
>> matter.
>> I can see you are well versed in this area and are an asset to this
>> newsgroups. I thank you for the idea of rescanning the computer again
>> with
>> other choices. I have scanned my computer so many times with
>> superantispyware.com and bitdefender, and for some reason it did not pick
>> up
>> this win32/alureon.ct and win32/alureon.g issues that were in a backup
>> folder that I have. I scanned it with the Microsocft Windows Malicious
>> Software removal tool from May 2010 and it found these on my machine and
>> removed one of them off the machine. Is there anyother information where
>> to
>> find out how to remove any last remnets of these off my machine. Since
>> it
>> did remove the files, IE6 has not so far crashed. I owe you a thanks for
>> all your help and appreciate your being there. THANKS
>> RussellA
>>
>>
>> "PA Bear [MS MVP]" wrote in message
>> news:uVZV343%23KHA.3880@TK2MSFTNGP04.phx.gbl...
>>> With all due respect, hijackware's gotten very complex of late. No
>>> amount
>>> of scanning, be it by an installed application or online, will be able
>>> to
>>> detect and/or remove all of the "Bad Guys" or undo all the unwanted
>>> changes the infections have made. Hence the aviso in Step 3 of my
>>> previous reply: "DO NOT SKIP THIS STEP!!"
>>>
>>> The error you posted...
>>>
>>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting
>>>> module
>>>> unknown, version 0.0.0.0, fault address 0x6267e4a9
>>>
>>> ...is a big, red flag to hijackware/security experts and very strongly
>>> suggests that you're (still?) seeing the effects of a hijackware
>>> infection.
>>>
>>> Then there's the not trivial matter of the "system restore on [your]
>>> Windows" you mentioned in your first post: What exactly did you do and
>>> how
>>> did you do it?
>>>
>>> If perchance IE7 and/or IE8 had been installed and then you did a Repair
>>> Install without having first uninstalled IE8 and/or IE7, IE6 is totally
>>> horked now and your only recourse is to format the hard-drive & do a
>>> clean
>>> install of Windows. See...
>>>
>>> How to perform a repair installation of Windows XP if a later version
>>> of
>>> Internet Explorer is installed
>>> http://support.microsoft.com/kb/917964
>>>
>>> Furthermore, if you did a Repair Install in hopes of fixing an
>>> already-present infection, it just doesn't work that way.
>>> --
>>> ~PA Bear
>>>
>>>
>>> Russell Ashenberg wrote:
>>>> I appreciate your advice that I have been hijacked by an infection. I
>>>> have
>>>> had it thoroughly checked by Superantispyware, bitdefender, nod32,
>>>> Microsoft malicious software removal and the machine is clean from
>>>> anything.
>>>> So I appreciate your writing to me about an infection, yet this issue
>>>> has
>>>> been a long time issue on my machine and thats why I am writing to see
>>>> to
>>>> upgrade to IE7 or IE8.
>>>>
>>>>> There is a very good chance that you are seeing the effects of a
>>>>> hijackware infection!
>>>>>
>>>>> NB: If you had no anti-virus application installed or the subscription
>>>>> had
>>>>> expired *when the machine first got infected* and/or your subscription
>>>>> has
>>>>> since expired and/or the machine's not been kept fully-patched at
>>>>> Windows
>>>>> Update, don't waste your time with any of the below: Format &
>>>>> reinstall
>>>>> Windows. A Repair Install will NOT help!
>>>>>
>>>>> Microsoft PCSafety provides home users (only) with no-charge support
>>>>> in
>>>>> dealing with malware infections such as viruses, spyware (including
>>>>> unwanted software), and adware.
>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>
>>>>> Also available via the Consumer Security Support home page:
>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>
>>>>> Otherwise...
>>>>>
>>>>> 1. See if you can download/run the MSRT manually:
>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>
>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>>> the
>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>
>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>
>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>
>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>> requested
>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>
>>>>> Checking for/Help with Hijackware:
>>>>> • http://mvps.org/winhelp2002/unwanted.htm
>>>>> • http://inetexplorer.mvps.org/tshoot.html
>>>>> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>> • http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>
>>>>> **Chances are you will need to seek expert assistance in
>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>> http://www.dslreports.com/forum/cleanup,
>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>
>>>>> If these procedures look too complex - and there is no shame in
>>>>> admitting
>>>>> this isn't your cup of tea - take the machine to a local, reputable
>>>>> and
>>>>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
>>>>> shop.
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>
>>>>>
>>>>> Russell Ashenberg wrote:
>>>>>> The error message I get is this,
>>>>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting
>>>>>> module
>>>>>> unknown, version 0.0.0.0, fault address 0x6267e4a9.
>>>>>>
>>>>>> I do not know where to look to fix this.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Any advice?
>>>>>>
>>>>>> Russell Ashenberg
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Russell Ashenberg" wrote in message
>>>>>> news:uPyC53v%23KHA.5280@TK2MSFTNGP05.phx.gbl...
>>>>>>> Tanks for your adivce. I did not mean IE beta team, just IE
>>>>>>> newsgroup
>>>>>>> team. IE6 sometimes hangs on me and have to ctrl, alt, and delete to
>>>>>>> close
>>>>>>> it and restart. I was told to upgrade to the later version of IE
>>>>>>> and
>>>>>>> wanted to know if I shall go to IE7 or IE8?
>>>>>>>
>>>>>>> Russell Ashenberg
>>>>>>>
>>>>>>>> Dear IE Team
>>>>>>>>
>>>>>>>> I am using Window XPSp3 and IE6 Sp3 on my machine. I needed [to?]
>>>>>>>> do
>>>>>>>> a
>>>>>>>> system restore on my Windows recently and IE6 Sp3 has been acting
>>>>>>>> funny.
>>>>>>>> I want to know if should I upgrade to IE7 or go to the latest
>>>>>>>> version
>>>>>>>> of
>>>>>>>> IE8? Is there anything I need to know before the upgrade process
>>>>>>>> or
>>>>>>>> issues that I need to be aware of?
>>>>>>>>
>>>>>>>> Keep me posted
>>>>>>>> Russell A
http://blogs.technet.com/mmpc/archive/2010/05/21/msrt-may-threat-reports-and-alureon.aspx
PA Bear [MS MVP] wrote:
> [Who's "Pear Bear?"]
>
> You're welcome and thanks for your feedback.
>
> Before we get any deeper into the possibility of other hijackware's
> presence
> on your system, please tell me more about this "system restore" you did &
> how you did it?
>
> Also tell me if IE7 and/or IE8 were installed when you did this "system
> restore"?
>
>
> Russell Ashenberg wrote:
>> Dear Pear Bear,
>>
>> I first want to thank you for all your advice and assistance in this
>> matter.
>> I can see you are well versed in this area and are an asset to this
>> newsgroups. I thank you for the idea of rescanning the computer again
>> with
>> other choices. I have scanned my computer so many times with
>> superantispyware.com and bitdefender, and for some reason it did not pick
>> up
>> this win32/alureon.ct and win32/alureon.g issues that were in a backup
>> folder that I have. I scanned it with the Microsocft Windows Malicious
>> Software removal tool from May 2010 and it found these on my machine and
>> removed one of them off the machine. Is there anyother information where
>> to
>> find out how to remove any last remnets of these off my machine. Since
>> it
>> did remove the files, IE6 has not so far crashed. I owe you a thanks for
>> all your help and appreciate your being there. THANKS
>> RussellA
>>
>>
>> "PA Bear [MS MVP]" wrote in message
>> news:uVZV343%23KHA.3880@TK2MSFTNGP04.phx.gbl...
>>> With all due respect, hijackware's gotten very complex of late. No
>>> amount
>>> of scanning, be it by an installed application or online, will be able
>>> to
>>> detect and/or remove all of the "Bad Guys" or undo all the unwanted
>>> changes the infections have made. Hence the aviso in Step 3 of my
>>> previous reply: "DO NOT SKIP THIS STEP!!"
>>>
>>> The error you posted...
>>>
>>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting
>>>> module
>>>> unknown, version 0.0.0.0, fault address 0x6267e4a9
>>>
>>> ...is a big, red flag to hijackware/security experts and very strongly
>>> suggests that you're (still?) seeing the effects of a hijackware
>>> infection.
>>>
>>> Then there's the not trivial matter of the "system restore on [your]
>>> Windows" you mentioned in your first post: What exactly did you do and
>>> how
>>> did you do it?
>>>
>>> If perchance IE7 and/or IE8 had been installed and then you did a Repair
>>> Install without having first uninstalled IE8 and/or IE7, IE6 is totally
>>> horked now and your only recourse is to format the hard-drive & do a
>>> clean
>>> install of Windows. See...
>>>
>>> How to perform a repair installation of Windows XP if a later version
>>> of
>>> Internet Explorer is installed
>>> http://support.microsoft.com/kb/917964
>>>
>>> Furthermore, if you did a Repair Install in hopes of fixing an
>>> already-present infection, it just doesn't work that way.
>>> --
>>> ~PA Bear
>>>
>>>
>>> Russell Ashenberg wrote:
>>>> I appreciate your advice that I have been hijacked by an infection. I
>>>> have
>>>> had it thoroughly checked by Superantispyware, bitdefender, nod32,
>>>> Microsoft malicious software removal and the machine is clean from
>>>> anything.
>>>> So I appreciate your writing to me about an infection, yet this issue
>>>> has
>>>> been a long time issue on my machine and thats why I am writing to see
>>>> to
>>>> upgrade to IE7 or IE8.
>>>>
>>>>> There is a very good chance that you are seeing the effects of a
>>>>> hijackware infection!
>>>>>
>>>>> NB: If you had no anti-virus application installed or the subscription
>>>>> had
>>>>> expired *when the machine first got infected* and/or your subscription
>>>>> has
>>>>> since expired and/or the machine's not been kept fully-patched at
>>>>> Windows
>>>>> Update, don't waste your time with any of the below: Format &
>>>>> reinstall
>>>>> Windows. A Repair Install will NOT help!
>>>>>
>>>>> Microsoft PCSafety provides home users (only) with no-charge support
>>>>> in
>>>>> dealing with malware infections such as viruses, spyware (including
>>>>> unwanted software), and adware.
>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>
>>>>> Also available via the Consumer Security Support home page:
>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>
>>>>> Otherwise...
>>>>>
>>>>> 1. See if you can download/run the MSRT manually:
>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>
>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>>> the
>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>
>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>
>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>
>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>> requested
>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>
>>>>> Checking for/Help with Hijackware:
>>>>> • http://mvps.org/winhelp2002/unwanted.htm
>>>>> • http://inetexplorer.mvps.org/tshoot.html
>>>>> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>> • http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>
>>>>> **Chances are you will need to seek expert assistance in
>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>> http://www.dslreports.com/forum/cleanup,
>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>
>>>>> If these procedures look too complex - and there is no shame in
>>>>> admitting
>>>>> this isn't your cup of tea - take the machine to a local, reputable
>>>>> and
>>>>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
>>>>> shop.
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>
>>>>>
>>>>> Russell Ashenberg wrote:
>>>>>> The error message I get is this,
>>>>>> Faulting application iexplore.exe, version 6.0.2900.5512, faulting
>>>>>> module
>>>>>> unknown, version 0.0.0.0, fault address 0x6267e4a9.
>>>>>>
>>>>>> I do not know where to look to fix this.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Any advice?
>>>>>>
>>>>>> Russell Ashenberg
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Russell Ashenberg" wrote in message
>>>>>> news:uPyC53v%23KHA.5280@TK2MSFTNGP05.phx.gbl...
>>>>>>> Tanks for your adivce. I did not mean IE beta team, just IE
>>>>>>> newsgroup
>>>>>>> team. IE6 sometimes hangs on me and have to ctrl, alt, and delete to
>>>>>>> close
>>>>>>> it and restart. I was told to upgrade to the later version of IE
>>>>>>> and
>>>>>>> wanted to know if I shall go to IE7 or IE8?
>>>>>>>
>>>>>>> Russell Ashenberg
>>>>>>>
>>>>>>>> Dear IE Team
>>>>>>>>
>>>>>>>> I am using Window XPSp3 and IE6 Sp3 on my machine. I needed [to?]
>>>>>>>> do
>>>>>>>> a
>>>>>>>> system restore on my Windows recently and IE6 Sp3 has been acting
>>>>>>>> funny.
>>>>>>>> I want to know if should I upgrade to IE7 or go to the latest
>>>>>>>> version
>>>>>>>> of
>>>>>>>> IE8? Is there anything I need to know before the upgrade process
>>>>>>>> or
>>>>>>>> issues that I need to be aware of?
>>>>>>>>
>>>>>>>> Keep me posted
>>>>>>>> Russell A