Reinstall IE7 to remove adware?

Discussion in 'Windows Vista Security' started by Paddy, Feb 16, 2008.

  1. Paddy

    Paddy Guest

    My daughter managed to download some malware onto her computer (she doesn't
    know how she did it). The various anti-virus, firewall, and anti-malware
    (including Defender, Spybot, ZoneAlarm Pro and AdAware) do not catch this
    malware.

    The malware opens Internet Explorer windows with ads.

    Investigating the computer with Sypbot and others, the malware seems to be
    "1 mags 16 more" and "BEND BOLT". I've disabled these programs with Spybot,
    but of course have no way to uninstall these programs.

    Unfortunately, a side-effect is that this has prevented IE from running at
    all. When attempting to start IE7, nothing happens (no error message; it just
    doesn't start).

    Would it help to uninstall IE7 and then reinstall it from scratch? If so,
    how do I go about it (and where do I find the IE7 download -- I don't seem to
    be able to find it on the Microsoft website)?

    I'd like to avoid a full hard drive reformat, if possible.

    More information:
    Vista Home Premium
    Internet Explorer version 7
    Fully updated with Windows Update
     
    Paddy, Feb 16, 2008
    #1
    1. Advertisements

  2. Paddy

    Bob Guest

    What happens when you try to uninstall these programs?
     
    Bob, Feb 16, 2008
    #2
    1. Advertisements

  3. Paddy

    Paddy Guest

    What happens when you try to uninstall these programs?

    They're malware, installed without permission and without warning. There is
    no uninstall procedure for them. No "Start" icons, and no uninstall in the
    "Programs and Features". They run uninvited when turning on the computer,
    serving up unwanted ads for unwanted services. It took me ages just to find
    how to disable them.

    That's why I'm totally in the dark as to how to get around them. If you have
    any ideas for me to follow up, I'll be happy to try.

    Otherwise, I'll just have to do a full reformat and restore all files.
     
    Paddy, Feb 16, 2008
    #3
  4. Paddy

    Bob Guest

    Try Right click>Delete.

     
    Bob, Feb 16, 2008
    #4
  5. Paddy

    Malke Guest

    Even if malware has an uninstall entry in "Programs and Features" it is rare
    for that to actually work. Malware lies.

    You cannot get rid of the malware by tinkering with IE7; you can simply
    break your machine further. You need to remove the malware in a systematic
    way (see link below) or look on the BleepingComputer link below, or follow
    the instructions in the "when all else fails" paragraph.

    Go through these general malware removal steps systematically -
    http://www.elephantboycomputers.com/page2.html#Removing_Malware

    Include scanning with David Lipman's Multi_AV and follow instructions to do
    all scans in Safe Mode. Please see the special Notes regarding using
    Multi_AV in Vista.

    http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
    http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
    - download site

    The site is in German but David's tool is in English so don't let that worry
    you. Scroll all the way down to almost the bottom of the page and you'll
    see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see
    "Download von www pctipp.ch" and the live link to download Multi_AV.

    You can also check to see if there are targeted removal steps for your
    malware here:
    Bleeping Computer removal how-to's -
    http://www.bleepingcomputer.com/forums/forum55.html

    When all else fails, run HijackThis and post your log in one of the
    specialty forums listed at the first link above (not here, please).

    Not all tools used will work in Vista and you will need to run them
    elevated. If you are unable to remove the infection by following the
    general steps, register at one of the HijackThis forums as suggested.

    Standard disclaimer: I can't see and test your computer myself, so these are
    just suggestions based on many years of being a professional computer tech;
    suggestions based on what you've written. You should not take my
    suggestions as a definitive diagnosis. If you can't do the work yourself
    (and there is no shame in admitting this isn't your cup of tea), take the
    machine to a professional computer repair shop (not your local equivalent
    of BigComputerStore/GeekSquad). Please be aware that not all local shops
    are skilled at removing malware and even if they are, your computer may be
    so infested that Windows will need to be clean-installed. If possible, have
    all your data backed up before you take the machine into a shop.

    Malke
     
    Malke, Feb 16, 2008
    #5
  6. Paddy

    Paddy Guest

    Malke, thank you for your comprehensive reply. Your advice would be useful
    to many people, I'm sure.

    I've had a look at the sites you've shown me.

    It's starting to look as though it'll be easier -- and faster -- to just do
    a full reformat of the machine. (Yes, I have already made a complete backup
    of all data!)

    Thanks again for your reply; I'll keep it in mind.
     
    Paddy, Feb 16, 2008
    #6
  7. Paddy

    Malke Guest

    You're welcome, Paddy. Yes, it is most definitely easier and possibly
    smarter to do a clean install. Then point your daughter at the "staying
    safe" links below.

    http://www.getsafeonline.org/
    https://www.mysecurecyberspace.com/
    http://www.getnetwise.org/
    http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
    http://www.claymania.com/safe-hex.html
    http://www.aumha.org/a/parasite.htm - The Parasite Fight
    http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
    Harry Waldron - The Family PC - How to stay safe on the Internet
    http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on Rogue
    Antispyware Programs

    Malke
     
    Malke, Feb 16, 2008
    #7
  8. If you do format & rebuild, I would suggest you also get a copy of
    either Ghost or Acronis. Once the system is working the way you want,
    generate an image of the drive(s). Then, the next time she messes the
    system up, just restore the image (after backing up new files)......

    --

    Regards,
    Hank Arnold
    Microsoft MVP
    Windows Server - Directory Services
     
    Hank Arnold (MVP), Feb 16, 2008
    #8
  9. Paddy

    Paddy Guest

    Thanks for the suggestion. I'll have a look at that.
     
    Paddy, Feb 16, 2008
    #9
  10. Paddy

    Paddy Guest

    :
    "staying
    Again, something that will help many people.

    Thanks.
     
    Paddy, Feb 16, 2008
    #10
  11. Paddy

    Mick Murphy Guest

    You say that you know what it is, but can't get rid of it.

    At startup, tap F8, and go into Safe Mode, using the UP and DOWN arrows when
    a list of options appears. hit ENTER, and do your scans from within there.

    Spybot Search & Destroy should remove it in Safe Mode, as it has already
    told you what it is when you are in dynamic mode!
     
    Mick Murphy, Feb 16, 2008
    #11
  12. Paddy

    bobg Guest

    This is, of course, very obvious...but did you try System Restore? (Of
    course, you did?!)
     
    bobg, Feb 18, 2008
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.