• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

IE Version number missing, System Information won't display and other strangeness in XP

Hi Folks,

I had a Dell 4600 (with XP SP2) in yesterday which the customer claimed would not connect to some websites. Generally there was no particular problem when using IE Explorer, except when trying to log into a specific site that required a username and password. When the correct login details were entered, and the login button clicked, nothing happened, no error message, no screen refresh, nothing - the page just remained on the screen. We checked this on two other machines and the login worked just fine, so it was specific to the customer's machine.

Poking around some more I discovered the following:

a) In IE, selecting Help>About brought up the version screen but the details for Version, Cipher Strength and Product ID were blank. This window could not be closed by clicking on the OK button, only by clicking on the window's X button.

b) When System Information was selected from System Tools, no system information was displayed (nothing happened at all).

c) When Search was selected from the Start menu, the search window opened but the window was blank with no input boxes or text, therefore it was not possible to execute any searches.

d) When User Accounts was selected from the control panel, the windowthat opened wass blank except for Back, Forward and Home icons that were inactive.

e) When running Windows Update the Windows Update widow opened but was blank. It was not possible to see if updates were due and none could be installed.

Googling the problem uncovered this Microsoft link http://support.microsoft.com/default.aspx?scid=kb;en-us; 274696, which describes similar, but not identical, behaviour in Windows 2000, which is attributed to access permissions having been changed in the Dcomcnfg.exe tool. However, this may have nothing to do with the current problem on the customer's machine.

I should point out that his system was scanned for viruses and 3 trojan downloader variants were found, stubby, agent and clicker, in addition to some easily removed spyware. The behaviour described above persisted after cleaning the system.

As the customer wanted a quick fix to get him access to the web sites he couldn't access, I installed Firebird and he was browsing again in no time. However, I'm concerned that he has a larger problem with his installation that will come back to bite him and I have treated the symptoms, not the cause of the problem.

Can anyone explain why the behavior described in items a) to e) above is occurring?

Best regards ... Bren
0
bbrohan
Asked:
bbrohan
1 Solution
 
sajuksCommented:
0
 
JamesHarrisonCommented:
or..... try downloading Firefox and doing away with IE!  It's a great browser and once you start using tabbed browsing you'll never want to go back!

www.getfirefox.com

J
0
 
kneHCommented:
How about installing a fresh version of IE....

Does the info show when you click about?
If not the probleem has roots somewhere else.

Worth a try though... to narrow it all down
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sramesh2kCommented:
Hi bbrohan,

This should fix most of the problems:

Internet Explorer "About" box is completely blank; Unable to type in text boxes in websites:
http://www.winxptutor.com/ieabout.htm

Several dialog boxes are blank:
http://support.microsoft.com/?kbid=831430

0
 
fixnixCommented:
That behaviour only happening on pages requiring a login makes me think one of the malwares that were installed were interrupting that process to snag the info and likely sending it out elsewhere.  Perhaps this was done by replacing a .dll or otherwise leaving the system in a non-functional state once the malware was removed.  Besides advising the customer to promptly change their passwords on sites they log in to, if the above suggestions from other experts don't help, you could load up process explorer (free from www.sysinternals.com) on both that machine and one of the same os w/ the same IE version (assume your version is the one you attempted to reinstall as per kneH's suggestion), and browse to the same site with both machines, attempt to login, then compare the .dll's that IE is using on both machines.  If any are missing, copy them over and register them (regsvr32 command line explanation at http://www.ss64.com/nt/regsvr32.html), if none are missing, check filesizes and dates (even versions if you want to dig that deep...but quickly comparing details in explorer may be ehough) and replace the ones on the broken box with the ones from the good box (and regsvr32 them).  

Bear in mind that is an ugly attempt at a fix, since different dll versions can cause other problems w/ some apps expecting one version and having another on the system, but nothing else came to mind.  The way I see it, there's probably already a broken dll on the system anyway...and if reinstalling IE doesn't fix it, you'd have to determine what other apps/patches/etc would need to be reinstalled to correct the problem.  Might be easier to dig thru 20 or 30 dlls than to reinstall 20-30 patches and apps when you may not even have the install media for some.

Also as you're probably already aware, a compromised box is compromised...period.  There's no way to know with absolute certainty besides a clean wipe and install from known good media that a clean scan means there's not still an undetected backdoor or other nasties still left behind.  Typically, consumers don't reformat everytime <insert AV scanner here> finds an infection, but just don't tell your customer their box IS clean...instead tell them what you scanned with and that the results were clean.  No point in assuming needless liability if they had some l33t 0-day code get executed on their sys.
0
 
fixnixCommented:
whoops...I misread the original post.  Thought it said all sites requiring a login.  After a re-read I see it's just that one site.  Ah well....I prolly wasted a lot of typing last post ;)
0
 
bbrohanAuthor Commented:
Fixnix,

Tnx for the good advice in your last paragraph. Ultimately, when faced with this type of issue I normally tell the customer that a clean re-install is the only way to guarantee returning the system to normal, as I did on this occasion. However, because the customer had no backup strategy in place, they are happy to run with a compromised system until it completely breaks down, which I have advised them could happen anytime. Their choice.

Repairing broken systems does work, but it always leaves the possibility that something has been overlooked. And when things go pear-shaped one month later, the customer can believe that you didn't "fix" the problem in the first place, and sometimes you wonder the same thing! C'est la vie.

...Bren
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now