Vista downloads disappear in 2 out of 3 browsers

We have a client who can download files in the Chrome browser, but when trying the same files in IE or Firefox, the following error appears [see attachment below].  This includes things like test PDFs (which I created & know have no virus) as well as executable files.  I have tried the following:
scan for viruses in safe mode
scan with a bare minimum of services running
download & scan with a current MS Safety Scanner
uninstall all virus programs & then install AVG Free
scan with AVG- finds a few viruses and quarantines them
disable suspicious browser plug-ins

Client is currently working in Chrome & doing what they want, but I suspect a possible botnet, so can't let this continue.  BTW, note the following:
Chrome installed after this started happening; others were already there
Clients are enthusiastic but clueless- the wife in particular will click on just about anything
Vista is a piece of ... <inserts appropriate descriptor>

OS: Vista SP2 32bit on a Dell laptop
IE-error.jpg
Ever-GridAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TymetwisterCommented:
This leaves me with a lot of thoughts. Let me see where I can start - /start barrage of random thoughts:

You say you scanned for viruses in safe mode/bare minimum, have you tried scanning in Normal Mode? Perhaps you're preventing something from starting which is why it's not being found.

Are you sure there isn't another virus/spyware program running in the background that's picking this up?

You say AVG finds "a few viruses" and removes them... have you successfully had a clean scan with AVG yet?

Have you tried running a different malware scan program, such as Malwarebytes?

You say there is 'suspicious' addon programs, try uninstalling them altogether, and also going into Add/Remove programs and uninstall anything 'suspicious' you see there as well.

You need to be getting clean scans before you can expect it to work. You didn't mention uninstalling/reinstalling the two browsers after infections have been cleared, did you try that?

Lastly, you can try running an sfc /scannow to see if any system files were damaged and could be replaced. Finally, as a last ditch effort if none of the above solutions work (plus what other experts might say), you can always try a format/reinstall of Windows (Win7 preferably), but a format/reinstall is almost always a last option for me. Hope this helps... let us know.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chetan KhuranaTechnical ManagerCommented:
Hi Ever-Grid,

Well, I would suggest the following -

1. You run a program like 'spybot search and destroy' and let it scan you startup applications/programs. I have a feeling something is running on windows startup and is messing up with the AV which is giving false reports.

2. It could be that AVG itself is the culprit! It has been reported that if the AVG gets corrupted by a Virus at times, it does start giving False Positives!

Do the following -

A. Download the AVIRA Antivirus (http://www.avira.com/en/avira-free-antivirus)

B. Un-install the AVG software, and remove all of its directories from program files - use this link to download appropriate the uninstall tool from the AVG site - http://www.avg.com/ww-en/utilities

C. Launch the System Startup Tool (from the advanced settings of Spybot Search & Destroy)
and remove all traces of software you think does not belong at Windows startup.

D. Install Avira, reboot and rescan.

Test the issue again, and report back here!

HTH!
C
0
Jim-RCommented:
The error jpg is clearly a false positive.  Dfsetup is Defraggler which I know does not carry a virus.

As has already been suggested, a different Anti Virus program should be implemented and it is important NOT to have two different A/V programs installed at the same time, so removal of the first A/V program should be performed before another is installed.  It IS, however, OK to have a supplementary Anti Malware program such as Malwarebytes installed at the same time.  I would suggest downloading Malwarebytes while saving the download as a different name than the default since some malware will actually prevent the default name exe from running or otherwise prevent its implementation.

Anti Virus scans should always be done in normal mode when possible.  Safe Mode will prevent some programs that could be infected from starting, and thus will deter their detection by the scan.

See what results you get from Malwarebytes and a different A/V program and post back so more clues to your issue are revealed and can be analyzed.  It doesn't pay to rush dealings with this type of problem, so some patience is going to be necessary here.  An overly aggressive approach can often cause more problems than it solves.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

9660kelCommented:
A couple of supplementary points, please isolate this machine from the rest of the network if possible until you can determine the nature of the infection, to avoid further spread.

I would also recommend downloading the applications from a clean computer, and burning them to disk, and transfer them to the infected computer that way. Re-naming them first is also a good idea.

Any scan logs you can post might also be helpful, as it gives us a better idea what we are trying to accomplish.
0
Chetan KhuranaTechnical ManagerCommented:
Hi Ever-Grid,

Any luck with the solution?
please let us know!

Thanks!
C
0
Ever-GridAuthor Commented:
Thanks for all the suggestions; I have gotten some ideas from them.  Haven't spoken with the client in almost a week, apparently because he is busy with work.  It is possible he will solve the problem by just getting a new laptop, in which case this issue goes away.  I need to find out his intentions before working any more on this...

UPDATE:
Talked with the client tonight, and he doesn't want to put any more $ into solving the problem.  He can live with downloads in Chrome; hope the virus scanner I've got on there can catch other problems.  Oh well...

Thanks guys (gals?).  You all had good suggestions.
0
Ever-GridAuthor Commented:
Good suggestions; client ultimately decided not to pursue further work.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.