Solved

Internet Explorer several popup's with red X error message "Cannot find http:// gibbrish for a URl.

Posted on 2010-08-24
5
630 Views
Last Modified: 2012-06-21
If anyone knows how to fix this please let me know. I'm trying to stay away from having to re-image this machine. I've ran SuperAntiSpyware, MalwareBytes, Uninstalled/Reinstalled IE7 no luck.

Help!
0
Comment
Question by:sjmitdude
5 Comments
 
LVL 5

Expert Comment

by:kpoochi
ID: 33517048
Do not include any space between the // and the name.... Turn off popup blocker
0
 
LVL 2

Expert Comment

by:tonygze
ID: 33517773
Some spyware is nearly impossible to get rid of once its installed due to its customised nature.

Normally I would use adaware and pest patrol and scan the machine with an antiviral product eg avast (free).

Then I would turn off any IE addons that you dont recognise or dont need.

Then install a newer version of IE than IE 7

If the problem persists, rebuild the machine.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 33518532
Have you scanned with other tools? Try these tools and show us the logs.

TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


This one is a diagnostic tool which is also very handy especially to detect if IE is patched.
Download OTL to your Desktop
http://oldtimer.geekstogo.com/OTL.exe
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise ask to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
0
 

Author Closing Comment

by:sjmitdude
ID: 33522974
Hi, I tried this late yesterday after I submitted this and Kaspersky TDSS Killer was able to locate a TDSS rootkit on this machine once this was removed the popup's stoped..

Thanks for getting back to me!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 33722007
Sorry I was gone for weeks.... I was ill.
Glad to know it's now resolved.

Thanks!
 
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Malware / Adware / Virus Issue - Laptop 5 1,237
Is the message/link below a virus ? 14 448
Advice for AV/Malware for SBS 2011/Server 2012 4 48
Russian pop up ad virus 8 152
To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question