We help IT Professionals succeed at work.

Help with IE 8 errors, possible malware.

I'm trying to help a remote user (I can connect via LogMeIn) with a PC that has multiple errors; I'm suspecting malware, but need help to sort out the issues.

It's a Window XP Pro PC with SP3.

1) When you start IE 8, it opens a window with "about:SecurityRisk" in the address bar. There's an option to click on "Your current security settings put your computer at risk. Click here to change your security settings..." Doing this doesn't solve the issue.

I also notice multiple iexplore.exe processes get launched even though there's only 1 window with 1 tab open.

It seems like I cannot get any changes to stick either. The Welcome to IE 8 wizard appears every time no matter what settings are chosen. Once you bypass this a window pops up with an error: "A program on your computer has corrupted your default search provider setting for Internet Explorer"

Clicking "OK" brings you to the Manage Add-ons screen, but again - no matter what you change here, the settings don't stick; you have to do this every time.

2) Once you bypass everything, and get browsing, it's very slow:

- You cannot connect to https sites. (IE cannot display the webpage)
- You cannot download files (IE cannot download <filename> from <website>. IE was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later)

I have tried uninstalling IE8, then reinstalling through Microsoft Update.

3) You cannot install malwarebytes.It gets partway through the installation and then gives an error: "Error creating registry key: HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-malware. RegCreateKeyEx failed; code 5. Access is denied."

The user is a member of the local Administrators group.

I was able to install superantispyware from a USB drive and run a scan which found only cookies, and one thing it classified as an unknown trojan "toolbar.dll".

Lastly, I can't seem to make changes to some general Windows settings either. For example, I can't seem to add the My Computer icon to the Desktop, or get my settings for Task Manager to stick.

Something is seriously wrong here.

What can I do?

thanks!
Comment
Watch Question

Author

Commented:
May have just found an answer.

There's one other user on this PC. When I log in as him, it seems like none of these symptoms show up. Everything appears normal.

Is this just likely a corrupt Windows profile issue?

Or should I still suspect malware?

I will do some more testing under this other account.
You may very well end up wiping and reloading...which is probably the more prudent thing to do.  But I'd first download and install malwarebytes from malwarebytes.org... run in safe more with networking so that you can hopefully update MWB once you have it installed. This should clean it enough for you to at least remove data.
I would call it infected, definitely.

You can start with malwarebytes, which will run fine in safe mode. Just boot to safe mode w/networking enabled, and go from there.

Author

Commented:
I ran malwarebytes in normal mode under the user profile with no issues. It detected 285 entries of the same thing which it removed.

I deleted the user account that was having all the trouble, and recreated.

Everything seems ok now.

I will give it a day or two and then check in again.

Thanks.

Author

Commented:
After running malwarebytes, I still needed to delete and recreate the corrupted windows profile.