Solved

Vista downloads disappear in 2 out of 3 browsers

Posted on 2012-03-22
7
812 Views
Last Modified: 2016-11-23
We have a client who can download files in the Chrome browser, but when trying the same files in IE or Firefox, the following error appears [see attachment below].  This includes things like test PDFs (which I created & know have no virus) as well as executable files.  I have tried the following:
scan for viruses in safe mode
scan with a bare minimum of services running
download & scan with a current MS Safety Scanner
uninstall all virus programs & then install AVG Free
scan with AVG- finds a few viruses and quarantines them
disable suspicious browser plug-ins

Client is currently working in Chrome & doing what they want, but I suspect a possible botnet, so can't let this continue.  BTW, note the following:
Chrome installed after this started happening; others were already there
Clients are enthusiastic but clueless- the wife in particular will click on just about anything
Vista is a piece of ... <inserts appropriate descriptor>

OS: Vista SP2 32bit on a Dell laptop
IE-error.jpg
0
Comment
Question by:Ever-Grid
7 Comments
 
LVL 8

Accepted Solution

by:
Tymetwister earned 160 total points
ID: 37755842
This leaves me with a lot of thoughts. Let me see where I can start - /start barrage of random thoughts:

You say you scanned for viruses in safe mode/bare minimum, have you tried scanning in Normal Mode? Perhaps you're preventing something from starting which is why it's not being found.

Are you sure there isn't another virus/spyware program running in the background that's picking this up?

You say AVG finds "a few viruses" and removes them... have you successfully had a clean scan with AVG yet?

Have you tried running a different malware scan program, such as Malwarebytes?

You say there is 'suspicious' addon programs, try uninstalling them altogether, and also going into Add/Remove programs and uninstall anything 'suspicious' you see there as well.

You need to be getting clean scans before you can expect it to work. You didn't mention uninstalling/reinstalling the two browsers after infections have been cleared, did you try that?

Lastly, you can try running an sfc /scannow to see if any system files were damaged and could be replaced. Finally, as a last ditch effort if none of the above solutions work (plus what other experts might say), you can always try a format/reinstall of Windows (Win7 preferably), but a format/reinstall is almost always a last option for me. Hope this helps... let us know.
0
 
LVL 8

Assisted Solution

by:Chetan Khurana
Chetan Khurana earned 120 total points
ID: 37756438
Hi Ever-Grid,

Well, I would suggest the following -

1. You run a program like 'spybot search and destroy' and let it scan you startup applications/programs. I have a feeling something is running on windows startup and is messing up with the AV which is giving false reports.

2. It could be that AVG itself is the culprit! It has been reported that if the AVG gets corrupted by a Virus at times, it does start giving False Positives!

Do the following -

A. Download the AVIRA Antivirus (http://www.avira.com/en/avira-free-antivirus)

B. Un-install the AVG software, and remove all of its directories from program files - use this link to download appropriate the uninstall tool from the AVG site - http://www.avg.com/ww-en/utilities

C. Launch the System Startup Tool (from the advanced settings of Spybot Search & Destroy)
and remove all traces of software you think does not belong at Windows startup.

D. Install Avira, reboot and rescan.

Test the issue again, and report back here!

HTH!
C
0
 
LVL 10

Assisted Solution

by:Jim-R
Jim-R earned 120 total points
ID: 37757163
The error jpg is clearly a false positive.  Dfsetup is Defraggler which I know does not carry a virus.

As has already been suggested, a different Anti Virus program should be implemented and it is important NOT to have two different A/V programs installed at the same time, so removal of the first A/V program should be performed before another is installed.  It IS, however, OK to have a supplementary Anti Malware program such as Malwarebytes installed at the same time.  I would suggest downloading Malwarebytes while saving the download as a different name than the default since some malware will actually prevent the default name exe from running or otherwise prevent its implementation.

Anti Virus scans should always be done in normal mode when possible.  Safe Mode will prevent some programs that could be infected from starting, and thus will deter their detection by the scan.

See what results you get from Malwarebytes and a different A/V program and post back so more clues to your issue are revealed and can be analyzed.  It doesn't pay to rush dealings with this type of problem, so some patience is going to be necessary here.  An overly aggressive approach can often cause more problems than it solves.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 5

Assisted Solution

by:9660kel
9660kel earned 100 total points
ID: 37759492
A couple of supplementary points, please isolate this machine from the rest of the network if possible until you can determine the nature of the infection, to avoid further spread.

I would also recommend downloading the applications from a clean computer, and burning them to disk, and transfer them to the infected computer that way. Re-naming them first is also a good idea.

Any scan logs you can post might also be helpful, as it gives us a better idea what we are trying to accomplish.
0
 
LVL 8

Expert Comment

by:Chetan Khurana
ID: 37765491
Hi Ever-Grid,

Any luck with the solution?
please let us know!

Thanks!
C
0
 

Author Comment

by:Ever-Grid
ID: 37768242
Thanks for all the suggestions; I have gotten some ideas from them.  Haven't spoken with the client in almost a week, apparently because he is busy with work.  It is possible he will solve the problem by just getting a new laptop, in which case this issue goes away.  I need to find out his intentions before working any more on this...

UPDATE:
Talked with the client tonight, and he doesn't want to put any more $ into solving the problem.  He can live with downloads in Chrome; hope the virus scanner I've got on there can catch other problems.  Oh well...

Thanks guys (gals?).  You all had good suggestions.
0
 

Author Closing Comment

by:Ever-Grid
ID: 37769581
Good suggestions; client ultimately decided not to pursue further work.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question