Solved

Vista downloads disappear in 2 out of 3 browsers

Posted on 2012-03-22
7
810 Views
Last Modified: 2016-11-23
We have a client who can download files in the Chrome browser, but when trying the same files in IE or Firefox, the following error appears [see attachment below].  This includes things like test PDFs (which I created & know have no virus) as well as executable files.  I have tried the following:
scan for viruses in safe mode
scan with a bare minimum of services running
download & scan with a current MS Safety Scanner
uninstall all virus programs & then install AVG Free
scan with AVG- finds a few viruses and quarantines them
disable suspicious browser plug-ins

Client is currently working in Chrome & doing what they want, but I suspect a possible botnet, so can't let this continue.  BTW, note the following:
Chrome installed after this started happening; others were already there
Clients are enthusiastic but clueless- the wife in particular will click on just about anything
Vista is a piece of ... <inserts appropriate descriptor>

OS: Vista SP2 32bit on a Dell laptop
IE-error.jpg
0
Comment
Question by:Ever-Grid
7 Comments
 
LVL 8

Accepted Solution

by:
Tymetwister earned 160 total points
ID: 37755842
This leaves me with a lot of thoughts. Let me see where I can start - /start barrage of random thoughts:

You say you scanned for viruses in safe mode/bare minimum, have you tried scanning in Normal Mode? Perhaps you're preventing something from starting which is why it's not being found.

Are you sure there isn't another virus/spyware program running in the background that's picking this up?

You say AVG finds "a few viruses" and removes them... have you successfully had a clean scan with AVG yet?

Have you tried running a different malware scan program, such as Malwarebytes?

You say there is 'suspicious' addon programs, try uninstalling them altogether, and also going into Add/Remove programs and uninstall anything 'suspicious' you see there as well.

You need to be getting clean scans before you can expect it to work. You didn't mention uninstalling/reinstalling the two browsers after infections have been cleared, did you try that?

Lastly, you can try running an sfc /scannow to see if any system files were damaged and could be replaced. Finally, as a last ditch effort if none of the above solutions work (plus what other experts might say), you can always try a format/reinstall of Windows (Win7 preferably), but a format/reinstall is almost always a last option for me. Hope this helps... let us know.
0
 
LVL 8

Assisted Solution

by:Chetan Khurana
Chetan Khurana earned 120 total points
ID: 37756438
Hi Ever-Grid,

Well, I would suggest the following -

1. You run a program like 'spybot search and destroy' and let it scan you startup applications/programs. I have a feeling something is running on windows startup and is messing up with the AV which is giving false reports.

2. It could be that AVG itself is the culprit! It has been reported that if the AVG gets corrupted by a Virus at times, it does start giving False Positives!

Do the following -

A. Download the AVIRA Antivirus (http://www.avira.com/en/avira-free-antivirus)

B. Un-install the AVG software, and remove all of its directories from program files - use this link to download appropriate the uninstall tool from the AVG site - http://www.avg.com/ww-en/utilities

C. Launch the System Startup Tool (from the advanced settings of Spybot Search & Destroy)
and remove all traces of software you think does not belong at Windows startup.

D. Install Avira, reboot and rescan.

Test the issue again, and report back here!

HTH!
C
0
 
LVL 10

Assisted Solution

by:Jim-R
Jim-R earned 120 total points
ID: 37757163
The error jpg is clearly a false positive.  Dfsetup is Defraggler which I know does not carry a virus.

As has already been suggested, a different Anti Virus program should be implemented and it is important NOT to have two different A/V programs installed at the same time, so removal of the first A/V program should be performed before another is installed.  It IS, however, OK to have a supplementary Anti Malware program such as Malwarebytes installed at the same time.  I would suggest downloading Malwarebytes while saving the download as a different name than the default since some malware will actually prevent the default name exe from running or otherwise prevent its implementation.

Anti Virus scans should always be done in normal mode when possible.  Safe Mode will prevent some programs that could be infected from starting, and thus will deter their detection by the scan.

See what results you get from Malwarebytes and a different A/V program and post back so more clues to your issue are revealed and can be analyzed.  It doesn't pay to rush dealings with this type of problem, so some patience is going to be necessary here.  An overly aggressive approach can often cause more problems than it solves.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 5

Assisted Solution

by:9660kel
9660kel earned 100 total points
ID: 37759492
A couple of supplementary points, please isolate this machine from the rest of the network if possible until you can determine the nature of the infection, to avoid further spread.

I would also recommend downloading the applications from a clean computer, and burning them to disk, and transfer them to the infected computer that way. Re-naming them first is also a good idea.

Any scan logs you can post might also be helpful, as it gives us a better idea what we are trying to accomplish.
0
 
LVL 8

Expert Comment

by:Chetan Khurana
ID: 37765491
Hi Ever-Grid,

Any luck with the solution?
please let us know!

Thanks!
C
0
 

Author Comment

by:Ever-Grid
ID: 37768242
Thanks for all the suggestions; I have gotten some ideas from them.  Haven't spoken with the client in almost a week, apparently because he is busy with work.  It is possible he will solve the problem by just getting a new laptop, in which case this issue goes away.  I need to find out his intentions before working any more on this...

UPDATE:
Talked with the client tonight, and he doesn't want to put any more $ into solving the problem.  He can live with downloads in Chrome; hope the virus scanner I've got on there can catch other problems.  Oh well...

Thanks guys (gals?).  You all had good suggestions.
0
 

Author Closing Comment

by:Ever-Grid
ID: 37769581
Good suggestions; client ultimately decided not to pursue further work.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
webroot plus microsoft security essentials 2 109
Powershell: Obtain serial number from device, output filtering. 3 41
WordPress Header Issue 9 39
Raid 5 11 67
Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now