Recently, my elderly mom got the XP Antivirus 2011 malware. I got that solved via the web, and found she had no working anti-virus, so I got here going with Avast and cleaned up a lot of stuff.
She is running XP Home Edition - and she lives clear across the country, no one to help.
So - at startup, she is being faced with an IE page saying the suggested web page can't be found and maybe it's a network problem (that she insists on believing and wanting to read me 6 year old HP user guides on networking - bless her, in her 80s she is).
She was also getting failure to launch a corrupted Yahoo messenger.
Neither show up in any of the account startup folders - I had here clear those out and she still got those two.
I then had her install Windows Defender and disable Yahoo Messenger on startup - that worked.
But the mysterious IE window remains - no address bar of course - and no way to get her to read off the list of processes in a way that makes sense from Task Manager when it's up (TM just shows the error window in the apps tab).
I wanted to try Remote Desktop - except - XP Home Edition doesn't support RD thru DSL.
I've tried going thru the entries in msconfig files - nothing bad there.
I've tried System Configuration Info but ultimately, every process listed for startup is a known process name, checked against blacklists by me, located in the correct places, and already virus scanned. If I have her uncheck everything in System Config Info and restart in diagnostic mode, the problem disappears.
So - I'm guessing that leaves the registry?
Any good, totally free registry cleaners out there I can trust?
Any suggestions where else to try to look for startup stuff under the circumstances?
Any chance of getting Remote Desktop working on XP HE thru DSL (the rest of the web says no, but I'm asking)?
You dont need RDP, you can sign up for a free logmein.com account. You'll need to sign yourself up as a dummy run to document it (including downloading the plugin) and then you can talk your mother through doing the same. Once she has an account and downloaded the plugin, she can create a secondary account and password. You go to the site, log in and can connect to her PC via your browser.
Last time I used it, the web site wasnt amazingly intuitive which is why I suggest you go through all teh steps yourself first and document it.
May sound obvious, but its definitely worth cleaning down any temp folders as things like this can manifest there.
I dont personally think it will be in the registry. If it is, it may be in something like:
Its been a while since ive cleaned a registry, but Its always worth browsing cnet by editors ratings. Just try to look out for "Sponsored matches" which appear even if you only tick "free". You can see in the left hand pain if there is a prioce as these scan but not clean.
__________________
"I am only responsible for what I say. Not for what you understand"
Also, you can try getting her to download something like Chrome or Firefox and removing IE (and re-installing if you must, granted I like having a 2nd and sometimes 3rd browser as backups). I've actually had to remote into an accountant's computer who was using dial-up and it was painfully slow. Granted the remote desktop tool we were using was an adobe system that wasn't free, but it let me dial down the image the lowest resolution B&W that I could while still seeing everything on the desktop.
This is very similar in characteristics to the random dll hijacker also known as HomeSearch Hijacker that came out around the same time. The key to the hijack is a hidden dll file that is connected to a BHO (Browser Hijack Object). This hidden dll file shows up in the following registry key:
Unfortunately removing this About:Blank hijacker can be difficult. Its a very persistent problem that can return quickly if it is not removed carefully.
How do I Remove the About:Blank homepage hijacker?
There are three basic proven methods that help remove this pesky hijacker, a manual one, one using vbscripts and an automatic one used by a spyware removal program.
MANUAL METHOD
The manual method of removing the About:Blank hijacker is probably the most difficult, since if it is not followed absolutely correctly it can return quickly. There are two programs that are needed to help with this removal. The first is HijackThis and the next is a registry program called Reglite.exe, this particular program for whatever reason seems to be able to find the hidden dll file without the hijacker trying to undo the work and attack the system again.
Once you've downloaded HijackThis and Reglite, open Registrar Lite and navigate to the following entry:
Look for the Key named AppInit_DLLs, the value in this key is the hidden dll file that is causing your problems. Write down the name of this file and think of it as the hidden.dll file
Secondly, use the Windows Recovery Console in Windows XP to rename the file.
Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option show below
Type cd \windows\system32 and press Enter
Type the following line to remove the read-only characteristic, replacing hidden.dll with the name of the dll file found with RegLite
ATTRIB -R hidden.dll
Rename the hidden.dll file by typing the following command (replacing the word hidden.dll with the actual filename)
RENAME hidden.dll badfile.dll
Type Exit and press Enter to Reboot Windows
ALTERNATE ACCESS TO RECOVERY CONSOLE
If you have Internet access still, place your Windows XP or Windows 2000 CD in the Drive and cancel out of any autostart menus.
1) Log onto the Internet
2) Click on the Start button
3) Click on Run
4) Type the following in the RUN line and Press Enter
D:\I386\WINNT32.EXE /CMDCONS
Make sure you use your CD Drive letter in place of the letter D above
5) The computer will start to install the Recovery Console and add it as a boot option.
6) Once installed, you'll be able to restart your computer and press F8 to start the Boot Menu. Press the ESC key and you should have the following option available to choose
MICROSOFT WINDOWS RECOVERY CONSOLE
7) Choose your Windows Installation, usually by pressing 1 and pressing Enter.
You'll have to enter the Administrator password to gain access to the Windows Recovery Console. If you do not know your Administrator password, you may try the procedure to help with a bad or unknown Administrator password.
FIX FOR BAD OR UNKNOWN ADMINSTRATOR PASSWORD
1) In Windows, click on Start, Run, and Type REGEDIT
2) Click on the plus signs (+) next to the following keys
HKEY_LOCAL_MACHINE
SOFTWARE
MICROSOFT
WINDOWS NT
CURRENTVERSION
SETUP
RECOVERY CONSOLE
3) Double-click on the option SECURITYLEVEL in the right-hand column and change the Value Data number to 1 then press OK
4) Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD
Next, Remove the hidden.dll file from the registry
Open RegLite.exe and navigate to the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Double-click on the AppInit_DLLs key, delete the name of the dll file in the Value Data field, Apply the Changes and click OK then Exit Registrar Lite.
Edit registry to remove the second file
Run HiJackThis and scan the registry. Check the boxes to remove the entries similar to the following:
The dll file shown in these lines (in this case its called xaiyh.dll) is the second problematic file in the about:blank hijack.
Open My Computer and choose Tools, then click on Folder Options, click on the View tab and under Advanced Setting, choose Show Hidden Files and Folders, then click on OK and close My Computer. In Windows XP/2000, you may also want to uncheck the options for "Hide extensions for known file types" and "hide protected operating system files". This will although you to easily find the dll files to delete them.
Lastly, search for and delete the hidden.dll file found through reglite.exe and this second dll file found using HijackThis.
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type, or copy and paste, the name of the hidden.dll filename you found using Reglite.exe. This file was renamed badfile.dll in our procedure. Search for it and delete it, then repeat this step for the dll filename you found using Hijackthis.
This should completely clean your system of the About:Blank homepage hijacker.
VBSCRIPTS REMOVAL METHOD
A company called Silent Runners has come up with several Visual Basic Scripts used in conjunction with Registar Lite 2.0 to remove the About:Blank version of the CWS Cool Web Search hijacker. You can visit their website and read through the instructions by clicking on the following link:
A new adware removal program called Adware Away has proven very successful in removing the About:Blank homepage hijacker along with many other hijacker type programs. They have a trial version that is fully functional which allows most people to remove the About:Blank hijacker without having to purchase it. The trial version of Adware Away seems to last between 5 to 7 days before timing out and requiring payment. You can visit their webpage and download a trial of Adware Away by clicking on the following link. You may also purchase the program for $29.95.
I recommend this program for instances where the manual removal methods dont work. Currently there are about 5 variants of the About:Blank homepage hijacker and Adware Away handles all these variants.
Oh and the standard *****I am not liable for any issues that may arise from performing the above steps, nor can any claims be filed against me for the information provided above. By performing any steps mentioned, you are acting on your own behalf...blah blah blah....etc etc etc******
The Following User Says Thank You to TxGoat For This Useful Post:
You're making it too complicated. IE won't work because that particular virus sets up IE to be self proxied. With the virus gone, that proxy no longer exists. She needs to go into the Internet connection properties and uncheck the "use a proxy server" option.
Skip the registry cleaners. They're bogus IMO.
Last edited by A.Nonymous; January 6th, 2012 at 10:20 PM.
The Following 3 Users Say Thank You to A.Nonymous For This Useful Post:
You're making it too complicated. IE won't work because that particular virus sets up IE to be self proxied. With the virus gone, that proxy no longer exists. She needs to go into the Internet connection properties and uncheck the "use a proxy server" option.
Skip the registry cleaners. They're bogus IMO.
^ this. And I love the part in bold - I'm in the same camp - Bo-gus.
Couldn't disagree more. Although they probably wont fix this issue, I like to have a clean registry like I like to have a clean desktop. I don't like crap all over the place.
Where as they shouldn't be used willy-nilly, its good to remove those broken links to applications that no longer exist.
Maybe one day, applications will uninstall themselves fully. But until then...
The Following User Says Thank You to SUroot For This Useful Post:
Device(s): Sony Tablet S 32GB, Nook Tablet 16GB, two HTC Rezound, Pantech Breakout, Sony GT1 BD-ITV
Thanks: 101
Thanked 92 Times in 65 Posts
I use the free Wise Registry cleaner. They will scan the registry and provide a list of bad or broken items before we choose to delete it. Be sure to select the deep scan option. We can also compact or defrag the registry to make everything boot/work faster. Has been very safe to use - it hasn't messed up any of my various systems over the years. bye.
__________________
andr01d
The Following User Says Thank You to andr01d For This Useful Post:
Couldn't disagree more. Although they probably wont fix this issue, I like to have a clean registry like I like to have a clean desktop. I don't like crap all over the place.
Where as they shouldn't be used willy-nilly, its good to remove those broken links to applications that no longer exist.
Maybe one day, applications will uninstall themselves fully. But until then...
You never see that stuff though and it doesn't affect anything. It's like moving all the furniture every time you vacuum. Sure your living room is technically cleaner if you move the couch around so you can completely vacuum underneath it. If you don't though, the dust simply accumulates under the couch where no one at all can see it. It's out of sight and has no effect on anything. No guest is going to peer under your couch and then go around telling people you have a filthy house. Vacuuming under the couch accomplishes little. Going through the registry and cleaning out orphaned entries is the same way. Accomplishes nothing. So now you have a clean registry (assuming the product you used isn't crap like many of them are). So what. Doesn't make your computer run faster. Doesn't make the computer perform any better. All it does is you now know that you have a clean registry.
The Following User Says Thank You to A.Nonymous For This Useful Post:
Device(s): old R2 unit, Protocol Droid that is familiar with evaporators
Thanks: 83
Thanked 1,007 Times in 726 Posts
Quote:
Originally Posted by A.Nonymous
You never see that stuff though and it doesn't affect anything. It's like moving all the furniture every time you vacuum. Sure your living room is technically cleaner if you move the couch around so you can completely vacuum underneath it. If you don't though, the dust simply accumulates under the couch where no one at all can see it. It's out of sight and has no effect on anything. No guest is going to peer under your couch and then go around telling people you have a filthy house. Vacuuming under the couch accomplishes little. Going through the registry and cleaning out orphaned entries is the same way. Accomplishes nothing. So now you have a clean registry (assuming the product you used isn't crap like many of them are). So what. Doesn't make your computer run faster. Doesn't make the computer perform any better. All it does is you now know that you have a clean registry.
haha, I know where someone hides all their dust bunnies....
I personally would rather have a nice and neat registry as well. Windows is too damn temperamental as it is. Why risk it? Then again, if you don't know what you're doing you can really jack your system up.
Unlike what most people think, the registry is not loading into memory until needed. If there a lot of broken links in the registry (to the tune of several tens of thousands) then you might want to start looking at cleaning, but otherwise, you're vacuuming up the equivalent of three individual short hairs in a 25000 square foot room.
This link starts the myth-debunking process - What's the Registry, Should I Clean It, and What's the Point? - including the quotation from Ed Bott (with whom I have absolutely no affiliation, and also with whom I am more in disagreement than agreement most of the time). Of importance is this quotation:
Quote:
The sad answer, which we covered while debunking performance tweaking myths, is that most of these products are not worth running, and while the better ones won't necessarily kill your PC, they're rarely going to help you a lot either. If you stop and think about it, you'll realize that since the registry contains many hundreds of thousands of keys (or more), removing 50 or even 100 of them isn't going to yield any performance gains.
Then, there is this information from Wikipedia (again, no affiliation, and I had no part in writing the article): Registry cleaner - Wikipedia, the free encyclopedia Of note here are the different advantages and disadvantages.
If you also look at Windows Registry - Wikipedia, the free encyclopedia you can see that the registry mainly stores information as any database does - and the OS, various programs you have installed, etc only come looking for said information in the Registry when they need it - and they don't do a search through the entire registry for the information, they have specific key values they look for and retrieve the information directly from the associate key(s).
Now, I'm not gonna berate you if you clean your registry - more power to you. It's just that in the long run, there is too much for the average user to mess up, b/c registry cleaning programs are not 100% perfect no matter how good the developer(s) is/are, and one slip up can leave you hanging in a very bad way. I consider myself a computer expert, and I've seen what even the slightest misstep can cause a system to do - hell, I've made many of those missteps myself.
The Following User Says Thank You to johnlgalt For This Useful Post:
haha, I know where someone hides all their dust bunnies....
I personally would rather have a nice and neat registry as well. Windows is too damn temperamental as it is. Why risk it? Then again, if you don't know what you're doing you can really jack your system up.
There's zero risk if you leave it as it is. Broken registry links are not going to jack up your computer. They're not going to slow your computer down at all. Now, way, way, way back in the day (Windows 95/98 era) that might've been true. It's not at all true today. Computers are faster. Hardware is better. Windows is better optimized and the registry is completely and totally irrelevant to 99% of users. The only people who need to do anything with the registry are tech support people and power users as it allows you to tweak the OS at a much deeper level than the vast majority of people even care or notice.
The Following User Says Thank You to A.Nonymous For This Useful Post:
The problem arises from when people get malware infections that also use the Registry, and the novice end user starts associating the registry with malware and then starts finding ways to 'optimize' or 'clean' or whatever in order to prevent another malware infection.
that's actually the reason why reg cleaners became so popular back in the day - to help ward off malware as well as remove infections.
The Following User Says Thank You to johnlgalt For This Useful Post:
Allergic to dust, mold, mildew, and most pollen grains....lol.
That aside, though, a user of your expertise I have no qualms about using a reg cleaner. it's the novice users who get their info from a friend (who also happens to be another novice user) that keep me in business....
The Following 2 Users Say Thank You to johnlgalt For This Useful Post:
Device(s): old R2 unit, Protocol Droid that is familiar with evaporators
Thanks: 83
Thanked 1,007 Times in 726 Posts
For me it's like some peoples' reaction to bloatware. It's for the most part benign and harmless except for the annoying updates, but I'd just rather not have it there. Yes computers are much more evolved and can run mostly without issue, but why do you want a registry entry that originated via some malware installation? Different strokes for different folks. I'd personally rather have a clean registry for my own peace of mind. It's like changing the oil on a car at recommended intervals or a few thousand miles later. People can argue either position until they're blue in the face. it all comes down to what the driver/enduser is most comfortable with.
The Following User Says Thank You to TxGoat For This Useful Post:
FWIW - our (my company's) software _does_ clean itself up from the registry on an uninstall.
And I do find value in a tidy registry. A dirty one can be harmless, but I have experienced cases where a virus clean or a poorly maintained machine (I am facing both in this case) can lead to the registry being so tangled that services fail and apps preferences get cross-wired. Proper overall behavior assumes the registry wasn't abused by crapware and viruses. If you think this isn't possible then thank your lucky stars you've never faced it. And I'd forgotten so thanks for reminding me - a bad registry cleaner accomplishes the same thing that some malware does - tangles that can impair services or startup.
In the past when I did want the registry right, I would simply fix it by hand. I would prefer to do that here, or at least see what it really thinks is starting without me having to dance through derivative cartoon interfaces like System Configuration Info. But without proper remote access, my options are limited.
Also appreciate the tip on logmein.com - I thought they were strictly a paid VNC service for phone to PC, etc. I think I'll go ahead and sandbox that whole thing on two machines here.
Appreciate the help and feedback - it's been years since I've had to stare down an improperly maintained Windows box and now it's remote and an HE to add insult to injury.
Anyway - I'll just go on record here: real operating systems do not use Mickey Mouse registries. Ever.
Last edited by EarlyMon; January 7th, 2012 at 12:13 PM.
And sorry, my extreme bad, for incomplete info in the FP.
After clearing the erroneous blank IE page, everything else seems to run just fine, including IE (if IE can indeed be claimed to run fine).
It's as if something is trying to launch a webpage - I suspect that it's for a malware or crapware advertisement that's been taken down - and then exiting after spawning the web page launch.
It's a total nuisance and is frustrating to an 80+ yr old.
FWIW - our (my company's) software _does_ clean itself up from the registry on an uninstall.
And I do find value in a tidy registry. A dirty one can be harmless, but I have experienced cases where a virus clean or a poorly maintained machine (I am facing both in this case) can lead to the registry being so tangled that services fail and apps preferences get cross-wired. Proper overall behavior assumes the registry wasn't abused by crapware and viruses. If you think this isn't possible then thank your lucky stars you've never faced it. And I'd forgotten so thanks for reminding me - a bad registry cleaner accomplishes the same thing that some malware does - tangles that can impair services or startup.
In the past when I did want the registry right, I would simply fix it by hand. I would prefer to do that here, or at least see what it really thinks is starting without me having to dance through derivative cartoon interfaces like System Configuration Info. But without proper remote access, my options are limited.
Also appreciate the tip on logmein.com - I thought they were strictly a paid VNC service for phone to PC, etc. I think I'll go ahead and sandbox that whole thing on two machines here.
Appreciate the help and feedback - it's been years since I've had to stare down an improperly maintained Windows box and now it's remote and an HE to add insult to injury.
Anyway - I'll just go on record here: real operating systems do not use Mickey Mouse registries. Ever.
If you want a great way to manually clean your registry, I humbly suggest David Ching's RegEditX RegEditX - Tweaks for the Windows Registry Editor (REGEDIT) - with Registry Crawler incorporated. I'm waiting for the final release so I can buy it, but I've used both RegEditX and Registry Crawler in the past (RC was 4.5 when last offered as a standalone product, RegEditX 2.0 was the last I used before I found the new 3.0 βetas).
Also, here is a list of online scanners you can run through - I realize that you, EM, probably don't need this, and this list is a bit old, but I'm including it here b/c anyone else reading the thread may benefit from it. I also just now verified each link, they're all active http://www.vistax64.com/network-sharing/173824-slow-internet-vistax32-after-while.html#post805059 is a post I made almost 3.5 years ago for online scanners, plus downloadable software (I think you said she already had AVG) as well as MBAM.
I'm a registered beta tester for MBAM, have been for over 5 years now, and I use the registered version (tester key) that I can do what I want with - I swear by MBAM, M$SE and WinPatrol. my days at CastleCops taught me well - don't overload and make sure that you set exceptions in each scanning program to avoid interfering with other scanning programs. For example, I have MBAM set with exceptions to M$SE, and M$SE set with exception to MBAM....
Quote:
Originally Posted by EarlyMon
And sorry, my extreme bad, for incomplete info in the FP.
After clearing the erroneous blank IE page, everything else seems to run just fine, including IE (if IE can indeed be claimed to run fine).
It's as if something is trying to launch a webpage - I suspect that it's for a malware or crapware advertisement that's been taken down - and then exiting after spawning the web page launch.
It's a total nuisance and is frustrating to an 80+ yr old.
Have you tried performing a true IE restore defaults? Internet Options --> Advanced tab --> Reset button....
Also, check the security levels for IE on the Security tab, reset them all to default, and check for any suspicious sites in the trusted sites list.
You might try running SpywareBlaster | Prevent spyware and malware. Free download. to fix any latent problems with IE before actually performing the reset as well. Same with WinPatrol - although the popups may be a bit disconcerting at first for her, if she reads up on WinPatrol and sees Bill Pytlovany's pic, it may make her feel a lot better (probably better than Marcin's pic, the dev of MBAM - he's like 20 lol)
Have you performed a HiJack This! analysis?
Quote:
Originally Posted by SUroot
IE can be claimed to run as well as it has ever run
Pfft - I run IE 64bit b/c I can, but prefer Mozilla Firefox Nightly 64bit builds b/c of the extreme customization I can perform with it compared to IE. Still, there are sites that require me to have IE, so....
Last edited by johnlgalt; January 7th, 2012 at 12:57 PM.
The Following User Says Thank You to johnlgalt For This Useful Post:
Device(s): Sony Tablet S 32GB, Nook Tablet 16GB, two HTC Rezound, Pantech Breakout, Sony GT1 BD-ITV
Thanks: 101
Thanked 92 Times in 65 Posts
Re: Registry Wipe Out
yaay i just deleted 378 registry items using the latest Wise Registry Cleaner thing. The last time i ran it was in late November. After i hit the Scan button, it showed me a long list of 380 items and i decided to keep/remember 2 items (happens to be typed URLs to some websites). The balance 378 were mostly MRU (most recentlly used list/pointers) for various softwares, some leftover/orphaned stuff from software that i previously uninstallled, some temp/junk stuff from existing software, some URLs that i didn't care about, etc. Anyways i've done this enough times... and i just hit the Start Cleaning button and they went away. They'll be back later!!
Re: My Batch File - Quickie Temp Files Cleaner
Since SSD space is precious i also have a batch file/icon that i pasted on the desktop. A couple of times a week i'll double-click this icon to clear out the temp/junk stuff. (i'm too lazy to manually go to different places to clear stuff... so i just do this once-click roomba clean)
--------------------
filename: delete-temp-files.bat
--------------------
@C:
@Cd\
@cd C:\Users\username\AppData\Local\Temp
del C:\Users\username\AppData\Local\Temp\*.* /F /S /Q
del C:\Users\username\AppData\Local\Temp\* /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.jpg" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.htm" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.html" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.css" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.ico" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.gif" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\*.xml" /F /S /Q
del "C:\Users\username\AppData\Local\Microsoft\Windows \Temporary Internet Files\Content.Outlook\Z6NF0ZXT\*.*" /F /S /Q
--------------------
(i also have another batch file on the desktop to do some other stuff.)
bye.
The Following User Says Thank You to andr01d For This Useful Post:
If you want a great way to manually clean your registry, I humbly suggest David Ching's RegEditX RegEditX - Tweaks for the Windows Registry Editor (REGEDIT) - with Registry Crawler incorporated. I'm waiting for the final release so I can buy it, but I've used both RegEditX and Registry Crawler in the past (RC was 4.5 when last offered as a standalone product, RegEditX 2.0 was the last I used before I found the new 3.0 βetas).
Also, here is a list of online scanners you can run through - I realize that you, EM, probably don't need this, and this list is a bit old, but I'm including it here b/c anyone else reading the thread may benefit from it. I also just now verified each link, they're all active http://www.vistax64.com/network-sharing/173824-slow-internet-vistax32-after-while.html#post805059 is a post I made almost 3.5 years ago for online scanners, plus downloadable software (I think you said she already had AVG) as well as MBAM.
I'm a registered beta tester for MBAM, have been for over 5 years now, and I use the registered version (tester key) that I can do what I want with - I swear by MBAM, M$SE and WinPatrol. my days at CastleCops taught me well - don't overload and make sure that you set exceptions in each scanning program to avoid interfering with other scanning programs. For example, I have MBAM set with exceptions to M$SE, and M$SE set with exception to MBAM....
Have you tried performing a true IE restore defaults? Internet Options --> Advanced tab --> Reset button....
Also, check the security levels for IE on the Security tab, reset them all to default, and check for any suspicious sites in the trusted sites list.
You might try running SpywareBlaster | Prevent spyware and malware. Free download. to fix any latent problems with IE before actually performing the reset as well. Same with WinPatrol - although the popups may be a bit disconcerting at first for her, if she reads up on WinPatrol and sees Bill Pytlovany's pic, it may make her feel a lot better (probably better than Marcin's pic, the dev of MBAM - he's like 20 lol)
Have you performed a HiJack This! analysis?
Pfft - I run IE 64bit b/c I can, but prefer Mozilla Firefox Nightly 64bit builds b/c of the extreme customization I can perform with it compared to IE. Still, there are sites that require me to have IE, so....
I have firefox on Ubuntu but have chromium as my secondary. Its very rare that I have to use chromium so I just have that set up with a US proxy so I can download and use beta's that only US residents get.
Best thing about firefox?! "about:config", without a shadow of a doubt (for me)
The Following 2 Users Say Thank You to SUroot For This Useful Post:
Have you tried performing a true IE restore defaults? Internet Options --> Advanced tab --> Reset button....
Also, check the security levels for IE on the Security tab, reset them all to default, and check for any suspicious sites in the trusted sites list.
Yep, done that.
Quote:
You might try running SpywareBlaster | Prevent spyware and malware. Free download. to fix any latent problems with IE before actually performing the reset as well. Same with WinPatrol - although the popups may be a bit disconcerting at first for her, if she reads up on WinPatrol and sees Bill Pytlovany's pic, it may make her feel a lot better (probably better than Marcin's pic, the dev of MBAM - he's like 20 lol)
Have you performed a HiJack This! analysis?
Yeah, and I cleaned some (ok - a LOT) of stuff already. But this isn't a hijack. This is something launching IE at login and going to a bogus site.
I'd love to simply get into the Event viewer (as well as the registry) - anything a normal admin would do.
So, hopefully, log me in will get me there if the other stuff doesn't.
Very much appreciate the other tips, btw!
Quote:
Originally Posted by SUroot
Best thing about firefox?! "about:config", without a shadow of a doubt (for me)
Also good for the stock Android browser where "about:debug" doesn't work!
PS - Can't believe I didn't think to clear out temp. I still think the IE launch at login is a spawned process, but I'm sure temp on that machine is a mess. I'm going to shamelessly steal your commands and .bat that on her side independently do a temp clean. (Srsly, tho, thanks for the bat.)
This is strictly a startup issue. She's not launching IE, some process is. Nothing is proxied. After exiting the erroneous window (with the address bar conveniently hidden), everything works fine.
And my favorite, a new one for me (probably because I practice safe web browsing and don't just click on things) - the whole alt-keypress access is gone when the addr widget and the rest of the toolbars are withdrawn.
If I could figure out where it's trying to go, then I could simply scan her entire disk for that address, I thought. I doubt it's encrypted. And it doesn't seem to appear in the IE history, probably because the access wasn't successful or some other good IE idea.
And if she could remember her router password, I'd have checked the router logs. Oh well.
Last edited by EarlyMon; January 7th, 2012 at 02:17 PM.
Even better - it could be masking itself in the autoexec.bat . ,cmd (if present), win.ini (if present) and a few other places as well. Registry is first place I'd look for, but sometimes the old ways work best b/c many modern system cleaners and overhaulers forget to look in the old places anymore...
Startup folder in Programs is another good place too look.
But all of these can be checked by WinPatrol
The Following User Says Thank You to johnlgalt For This Useful Post:
Device(s): old R2 unit, Protocol Droid that is familiar with evaporators
Thanks: 83
Thanked 1,007 Times in 726 Posts
I don't care what anyone says, the best way to get rid of all Windows issues is at the command prompt type in "Format C:".
What I've always thought would be a good idea for computers is a diagnostic port like cars (OBDII) where you can plug in a tablet or a laptop and run a complete diagnostic test/repair on a system that's acting weird. And by complete I mean HD tests, malware scans, hardware configuration. I'm sure something like that would take forever to implement and would probably thin out a lot of IT positions, but I've always thought it would be nice to have a comprehensive tool that any IT professional can just perform complete system scans via a cable.
Last edited by TxGoat; January 7th, 2012 at 02:16 PM.
The Following User Says Thank You to TxGoat For This Useful Post:
Even better - it could be masking itself in the autoexec.bat . ,cmd (if present), win.ini (if present) and a few other places as well. Registry is first place I'd look for, but sometimes the old ways work best b/c many modern system cleaners and overhaulers forget to look in the old places anymore...
Startup folder in Programs is another good place too look.
But all of these can be checked by WinPatrol
Already checked all of those by hand.
Although - I did use msconfig to bring up the fab four - and did not check to see if a .cmd file existed at c:\ - hmmmmm.
And I need to double-check if I really got to starup in programs....
Last edited by EarlyMon; January 7th, 2012 at 02:26 PM.
I don't care what anyone says, the best way to get rid of all Windows issues is at the command prompt type in "Format C:".
What I've always thought would be a good idea for computers is a diagnostic port like cars (OBDII) where you can plug in a tablet or a laptop and run a complete diagnostic test/repair on a system that's acting weird. And by complete I mean HD tests, malware scans, hardware configuration. I'm sure something like that would take forever to implement and would probably thin out a lot of IT positions, but I've always thought it would be nice to have a comprehensive tool that any IT professional can just perform complete system scans via a cable.
I have a simpler solution.
I only run Windows in a virtual machine, and before doing anything new, I make a copy of the VM image.
If things go south, I blow away the working copy and go back to my checkpoint.
I know - Windows provides ways to do that.
My way is quicker and gives me no grief, just costs disk space - and that I can afford. Wasted time, I can't.
Device(s): old R2 unit, Protocol Droid that is familiar with evaporators
Thanks: 83
Thanked 1,007 Times in 726 Posts
We could always go back to punch cards.
I'm picturing a vBulletin environment created by punch cards and someone creating a new thread...."Someone sent me a message card and when I fed it into the machine it froze the system, does anyone know of any good card extractor that I can use to fix this thing?? "
The Following User Says Thank You to TxGoat For This Useful Post:
The fewer orphoned objects there are, the easier it is for me when I'm looking for other keys. Only slightly perhaps but nevertheless
I have never been bothered. I look through registries several times a week and never even look to see if the keys I'm looking at are being referenced or not. It's completely irrelevant.
Quote:
Originally Posted by johnlgalt
That aside, though, a user of your expertise I have no qualms about using a reg cleaner. it's the novice users who get their info from a friend (who also happens to be another novice user) that keep me in business....
I'm the same way. You leave the orphaned keys alone and nothing will happen. You start trying to remove stuff and you're much more likely to make things worse as there is no way in the world to make things better. Registry cleaners are snake oil. The people who use them break their computers sometimes beyond repair which does make more work for me and keeps me in business. I hate cleaning up stupidity is all.
Quote:
Originally Posted by TxGoat
For me it's like some peoples' reaction to bloatware. It's for the most part benign and harmless except for the annoying updates, but I'd just rather not have it there. Yes computers are much more evolved and can run mostly without issue, but why do you want a registry entry that originated via some malware installation? Different strokes for different folks. I'd personally rather have a clean registry for my own peace of mind. It's like changing the oil on a car at recommended intervals or a few thousand miles later. People can argue either position until they're blue in the face. it all comes down to what the driver/enduser is most comfortable with.
The registry key is benign. Removing it is the equivalent of having risky elective surgery. There's no justification for it. You could use my computer all day and have no idea if there were orphaned keys or malware related keys.
This is strictly a startup issue. She's not launching IE, some process is. Nothing is proxied. After exiting the erroneous window (with the address bar conveniently hidden), everything works fine.
IE starts up when her computer starts up? Like as soon as she logs in? The first places I would look would be running MSConfig and looking at start up items. It sounds like you've done that.
I would go old school and delete her profile. Create a brand new user account. Give it admin priviliges. Log off and have her log in with the new account. Go into the C drive and copy her documents, desktop, and Internet favorites to the new profile after confirming the problem doesn't exist with the new profile. If it does, then the problem is with the default user profile.
The Following User Says Thank You to A.Nonymous For This Useful Post:
I have never been bothered. I look through registries several times a week and never even look to see if the keys I'm looking at are being referenced or not. It's completely irrelevant.
I'm the same way. You leave the orphaned keys alone and nothing will happen. You start trying to remove stuff and you're much more likely to make things worse as there is no way in the world to make things better. Registry cleaners are snake oil. The people who use them break their computers sometimes beyond repair which does make more work for me and keeps me in business. I hate cleaning up stupidity is all.
The registry key is benign. Removing it is the equivalent of having risky elective surgery. There's no justification for it. You could use my computer all day and have no idea if there were orphaned keys or malware related keys.
Cleaning up stupidity can be fun, though. Especially when I get to say "if you had come to me before trying all of this yourself, we could have saved it - now, I gotta format...."
Quote:
Originally Posted by TxGoat
I don't care what anyone says, the best way to get rid of all Windows issues is at the command prompt type in "Format C:".
What I've always thought would be a good idea for computers is a diagnostic port like cars (OBDII) where you can plug in a tablet or a laptop and run a complete diagnostic test/repair on a system that's acting weird. And by complete I mean HD tests, malware scans, hardware configuration. I'm sure something like that would take forever to implement and would probably thin out a lot of IT positions, but I've always thought it would be nice to have a comprehensive tool that any IT professional can just perform complete system scans via a cable.
Yeah, it's called Bart's PE and / or Ultimate Boot CD....
The problem with a plug in is the same as with these - they are only effective if the plug-in receptacle is actually functioning (and with these, you need either a working CD/DVD/BD ROM, or else a working USB, depending upon implementation). The good thing is that we do have test benches and the like to be able to test hardware - I try to keep spare parts handy so I can test things, but some things I cannot - for example, I have a Core i7 965 EE CPU - and the only mobo that will run that is the mobo it is in now. Same with the DDR3 RAM I have.
The HDs, Optical drives, etc. I can test by using another system - and I always have 1 spare optical (although it is IDE, and this mobo has no IDE, but I have a second spare optical that is SATA) and multiple ways to get USB working so long as the mobo's south bridge is not hosed.
it's beside the point though - we have various tools, but novice users aren't savvy enough to use them - and yet I see all over the Internet advice on what tools to use, how to fix things yourself, etc. etc. ad nauseum.
Even better - it could be masking itself in the autoexec.bat . ,cmd (if present), win.ini (if present) and a few other places as well. Registry is first place I'd look for, but sometimes the old ways work best b/c many modern system cleaners and overhaulers forget to look in the old places anymore...
Startup folder in Programs is another good place too look.
But all of these can be checked by WinPatrol
MSCONFIG checks the startup folder.
As I think about it more, it's probably a service that's running that's starting it. I'd bet if he went into MSCONFIG and disabled all non-Microsoft services it would fix the problem. It would break a ton of stuff no doubt, but it would be simple enough to look through the list of services and re-enable the ones you wanted/needed.
it's beside the point though - we have various tools, but novice users aren't savvy enough to use them - and yet I see all over the Internet advice on what tools to use, how to fix things yourself, etc. etc. ad nauseum.
That's what really gets my goat (pun intended).
The advice on given on the Internet gets me too. A fair share of it is bad. Not just bad, but horrible. At best, it makes no difference at all. At worst, it makes things far, far worse. The average user (not just the novice) has no clue at all which advice is good and which is bad. Often times they don't even have a clue what the problem is, just the symptoms.
Side note - I was just at my mom's house. She has SEVEN toolbars in IE. SEVEN!!
As I think about it more, it's probably a service that's running that's starting it. I'd bet if he went into MSCONFIG and disabled all non-Microsoft services it would fix the problem. It would break a ton of stuff no doubt, but it would be simple enough to look through the list of services and re-enable the ones you wanted/needed.
If it's a service, then it's masquerading as a Microsoft service and not being caught on scan.
I've been though startup with System Configuration Info and diagnostics, as mentioned.
And with Windows Defender.
Only by eventually disabling everything did this stop, but I haven't found the source.
If it's a service, then it's masquerading as a Microsoft service and not being caught on scan.
I've been though startup with System Configuration Info and diagnostics, as mentioned.
And with Windows Defender.
Only by eventually disabling everything did this stop, but I haven't found the source.
If it stopped when you disabled everything, then the solution is simple. Go to the run line and start "services.msc". Sort the services so you see the ones that are disabled. Go one by one and start those services. When IE pops up, then you'll know which service is causing it and you can go from there.
Appreciate it! I know to diagnose services, that's why I was looking for a remote access approach - plus any other stones to overturn that I've been missing.
I rather not work by using exhaustive search if I can help it.
You could do screen caps and post them here of the services in question - I'll be able to rather quickly identify a not so good one - if three really is one
Also, there is the fact that it could be, as you surmised, a legit service that has been hijacked to do a not so legitimate task....for all we know it could be a task scheduler item that is running BITS....
Appreciate it! I know to diagnose services, that's why I was looking for a remote access approach - plus any other stones to overturn that I've been missing.
I rather not work by using exhaustive search if I can help it.
Wouldn't be exhaustive really. There are some that you know are good services. You can select them all at once and kick them off. If you have no issues, then you can move on to the more suspicious ones.
Use Join.me. It's the easiest remote access tool I know. Mom clicks one link on the home page, runs a small program and gives you a 9 digit number. You type it in and you can see her screen.
Cleaning up stupidity can be fun, though. Especially when I get to say "if you had come to me before trying all of this yourself, we could have saved it - now, I gotta format...."
Yeah, it's called Bart's PE and / or Ultimate Boot CD....
The problem with a plug in is the same as with these - they are only effective if the plug-in receptacle is actually functioning (and with these, you need either a working CD/DVD/BD ROM, or else a working USB, depending upon implementation). The good thing is that we do have test benches and the like to be able to test hardware - I try to keep spare parts handy so I can test things, but some things I cannot - for example, I have a Core i7 965 EE CPU - and the only mobo that will run that is the mobo it is in now. Same with the DDR3 RAM I have.
The HDs, Optical drives, etc. I can test by using another system - and I always have 1 spare optical (although it is IDE, and this mobo has no IDE, but I have a second spare optical that is SATA) and multiple ways to get USB working so long as the mobo's south bridge is not hosed.
it's beside the point though - we have various tools, but novice users aren't savvy enough to use them - and yet I see all over the Internet advice on what tools to use, how to fix things yourself, etc. etc. ad nauseum.
That's what really gets my goat (pun intended).
I made myself a wicked multiboot USB using YUMI to create the Boot record and a batch script to update the ISO's on it.
UBCD4win, Hiren's, Windows installers... Got the lot on one USB stick hanging from my door access card so I can do almost anything, anytime. Given the drive is still attached/working
Wouldn't be exhaustive really. There are some that you know are good services. You can select them all at once and kick them off. If you have no issues, then you can move on to the more suspicious ones.
Use Join.me. It's the easiest remote access tool I know. Mom clicks one link on the home page, runs a small program and gives you a 9 digit number. You type it in and you can see her screen.
That's called exhaustive search. You search until the mystery is found or the list is exhausted. Opposite of a causal search.
Appreciate the tip on Join.me - I'll check that out as well.
Did you happen to run MBAM? If not I'd recommend it - b/c looking at this post XP AntiVirus 2011 - what a PITA - Malwarebytes Forum this thing is pretty well integrated into the system. Finding the correct file sis gonna take you a while if you don't know what you're looking for, even if you have a general idea where to look - that ST5.tmp file? lol - a visual inspection would have let that fly right past my radar....
The Following User Says Thank You to johnlgalt For This Useful Post:
Did you happen to run MBAM? If not I'd recommend it - b/c looking at this post XP AntiVirus 2011 - what a PITA - Malwarebytes Forum this thing is pretty well integrated into the system. Finding the correct file sis gonna take you a while if you don't know what you're looking for, even if you have a general idea where to look - that ST5.tmp file? lol - a visual inspection would have let that fly right past my radar....
I didn't. It was quite invasive. One of the anti-virus sites had a key to enter to get it to shut up, thinking it had been purchased. Then, before taking the next step to complete the final payload launch of useless files, I scanned and cleaned as instructed. That said, it may not have caught everything, who knows.
Basically, its M.O. is to create a lot of useless files and then masquerade as an anti-virus from Microsoft - and you don't get past the main screen in normal mode unless you've made the purchase to enter the key.
How many times have you heard this story? Sister forward an email to mom, contains funny website - site pops up you could be infected. Mom clicks the link - infection begins. That's exactly how she got it.
Quote:
Originally Posted by A.Nonymous
Doesn't seem exhaustive to me. Would take less than 30 mins in my mind. I'm used to hunting down computer problems that take 4-5 times as long easily.
Well, that's fine, that's your right. But it is a standard term in computer science. It's about creating a list and exhausting it or finding the problem. If you don't find the problem, make a new list, exhaust that or find. Repeat until done. The list is made of possible guesses where to look - however reasonable, it's a guess. No one seems able to tell me how to find which site it was trying to go to. If I had that, I wouldn't need an exhaustive search - just a disk search, aka a causal approach.
Your keys are always in the last place you look. But you start with a guessed list of locations and then begin. You might do that and still not find your keys. So, you repeat the first search to assure yourself if you miss anything. You ask someone where did you see me with my keys last, or have you seen my keys? You are rebuilding the list for exhaustive search.
It seems like exhaustive search in the same way that voltage seems like voltage. It's a defined term.
Need help with XP startup
