IE has been corrupted System/admin rights not avail

[Guest]

[.com.net]

 

Thanks for looking in, Long time Zonelabs user, recently switched to Comodo for a year now.
I picked up a virus or malware. Comodo caught 2 of them and quarantined them. However the damage is done.
I have my Driver disc and Win install disc setting atop my desk. Although I did not want to have to (0 zero) out my computer to scratch.
My IE Browser when clicked Gives me a blink and does nothing. As though it opened and closed instantaneously. I went over to System restore to take my computer back 90 days. After going through its  Himme Himme shake, I get a pop up says no Admin rights.

Been over to the start, run and made sure my admin rights are on, it is.

I have Comodo firewall and virus latest updates
Also running Comodo system Cleaner
Currently with scans says clean, but my computer is not fine
The virus it caught was:

malware[at]221aozo31opiw

trojware.win32.trojandropper.bat.fp[at]17266960

I also installed SpyHunter 4 trying to track these things down. That found doubleclick.net cookie in my settings and documents. Could not find the proper way to remove manually. From what I gather it is a tracking cookie and even after removing it, chances are I will just get it again.
(I did 'just" instruct Firefox to NOT go to that site)

My Firefox works fine, but now when I open my hotmail I can see there is a browser virus that is "hanging out in there somewhere"  My Browser is loading slower and I am waiting for that virus to implode or explode where I will get more and more Blue screens. (Currently enjoyed 2 blue screens)
I am running:
Dell Inspiron 530 which came with vista and I removed and replaced with XP home a couple years back
Service pack 3
My computer has been swift and virus free until about 90 days ago when I got a friend request from a forum through yahoo or it was in a zip file that Comodo said it caught from an E Commerce wholesale place. I did send the report to Comodo yet I cannot find any info on those two viruses above. As well as my pdf printer keeps getting removed and my printer installer is not working when i ask it to find my printer that I know the program is installed.
 I hope this was descriptive enough for some help. I was thinking it was left overs from the damage the malware created. I wanted to uninstall IE 8 from my computer but that is not as easy as removing an installed program.
Regards and thanks for your help in advance
.net.com


 

[Chiron]

First, please read this section of one of my articles to ensure that you don't still have an active infection. Once you're sure that you don't still have an active infection, then we'll start worrying about how to fix any damage.

Also, I've got to ask, how did you get infected? What was your configuration and how did you answer any alerts?

Thanks.

[.com.net]

Thank you for replying- I either got the virus from a friend request through Yahoo which was a reply from a comment I made on a forum.
Or it was from a Zip file from a wholesale rep from Wholesale top 10.
The Yahoo thingy was weird because once I OK'd communication from that person, I started to get chat windows to open in my system tray. That is when I figured I got Virused.
The other was the Zip file I downloaded and then scanned with Comodo and was instructed there was a Malicious adware or virus, so not recall exactly. I Quarantined it and then cleared it in Comodo's report area.

Ever since, I have been having ghosts in the machine!
Currently downloading Kill switch and read your link-Thank you.
I will install and see what goes from there.

As of now; Comodo and spy hunter say I am all clear, but as mentioned prior, my PDF Printer I have re-installed 3 times is not available. (even if I open the program before commanding a print)  My IE is hosed and who knows what is next?
Thanks again for the help and links, I will sleuth through the Windows link for getting rid of almost any problem, as that would be better then Re installing my O.S and Ddrivers and then... everything else I use.
Best
.com.net

[.com.net]

Update

I unzipped Killswitch and parked it in a folder named Killswitch opened the exe file and it seemed to open fine. I clicked or ticked the "Hide safe applications" I attached a BMP view of it. You will only see that my screen capture device was running and it states "analyzing" I hope this means I DO NOT have a virus anymore?

[BoredNow]

In Killswitch, have you clicked 'tools' and then 'quick repair' to see if some of your basic settings have been altered?

[.com.net]

No I have not Bored now...I will though. I am not sure how it would know if anything was altered. As I just installed this and my problems started a month ago

[.com.net]

To Borednow
Here are some screen capture of these things I found after your suggestion. I have no idea what they mean or if repairing them is necessary or advised?

under Processes (35) (see first pic)
Name                     
hpzipm12.exe 508 [ nt authority\system pml driver

usbtip.exe for Pinnacle my editing studio software


Under Tools and Repair (see second pic)
Global profile:
I have a change next to Hosts..I do not know what that means.

Under my Users  (see 3rd Pic)
I have a disabled under EXE file

Thanks for your help
.com.net

[wasgij6]

To Borednow
Here are some screen capture of these things I found after your suggestion. I have no idea what they mean or if repairing them is necessary or advised?

under Processes (35) (see first pic)
Name                      
hpzipm12.exe 508 [ nt authority\system pml driver

usbtip.exe for Pinnacle my editing studio software


Under Tools and Repair (see second pic)
Global profile:
I have a change next to Hosts..I do not know what that means.

Under my Users  (see 3rd Pic)
I have a disabled under EXE file

Thanks for your help
.com.net

the host file seems to have been changed. this can cause random redirects and slow internet. have killswitch repair it. exe disabled means something (usually malware) has disabled running exe files. also have killswitch repair it

i know your response was to borednow but i thought i would help

[BoredNow]

usbtip.exe
http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=8149

hpzipm12.exe
http://www.backgroundtask.eu/Systeemtaken/taakinfo/3974/hpzipm12.exe/

As you can see, these are considered safe...unless you don't have a HP printer or
Pinnacle USB Tip (whatever that is).

You might want to consider using SandboxIE to run your browser in.
It has saved me from numerous problems in the past.

[.com.net]

Wasgij6 no problem and thank you for your help.

Borednow thank you as well.

I guess this means I do not have a virus anymore?
I will let Killswitch repair and hope for the best
Again thanks and regards
.com.net

[wasgij6]

no problem glad to help.
you might just be seeing the left over destruction from the malware

[.com.net]

wasgij6

I did as instructed--let KS repair, no luck with IE.
I also tried using CCE and it asks to shut down my puter and I do, it reboots; but I did not see any scan commence?

[clockwork]

Its easier and faster and most secure to reinstall, than to describe and write until others may find the "solution", which is, in your case for multiple problems or damages


Somehow you should also check in the future, that you dont do wrong decisions. Like a decision that let comodo be not effective in that situation:

-You got a "friend invite"/initiated communication= infection (this should not be possible if you have defense+ enabled, and if you didnt gave a bad answer for something). Keep all programs up to date.

-Loading a zip and scan it, lead to quarantine= infection (this shouldnt be possible at all, and same as above)

------------------------
A very good and fast second opinion is malwarebytes antimalware free version (especially for cases when others find nothing).
An accurate full scanner for second opinion is emsisoft antimalware free (a-squared free).

[.com.net]

Its easier and faster and most secure to reinstall, than to describe and write until others may find the "solution", which is, in your case for multiple problems or damages


Somehow you should also check in the future, that you dont do wrong decisions. Like a decision that let comodo be not effective in that situation:

-You got a "friend invite"/initiated communication= infection (this should not be possible if you have defense+ enabled, and if you didnt gave a bad answer for something). Keep all programs up to date.

-Loading a zip and scan it, lead to quarantine= infection (this shouldnt be possible at all, and same as above)

------------------------
A very good and fast second opinion is malwarebytes antimalware free version (especially for cases when others find nothing).
An accurate full scanner for second opinion is emsisoft antimalware free (a-squared free).

I agree clockwork, but I could not uninstall IE---It it still there? (DO you have step by step on how to?)
Win Xp Seerv pack 3 ie 8

I also am losing installed PDF printer too. That I unistalled and re installled. My system restore although on, does not have admin rights to execute.
Although my user does have admin rights.
My Comodo is running in Paranoid mode and I read each and every executable. I attached a pic of configurations of Comodo. When ever I go to activate the other tabs the one that is currently active No longer shows active next to it. I uninstalled Comodo and re installed and left it as suggested on install. Got updated everyday if there is an update.
I never had a prob with Zlabs but my genius bro told me that comodo was better because it is a smaller program. But here I sit with a half way hosed computer. About ready to pope in my OS disc and start over. Not that it was Comodo or zlabs it just so happens Firewall let it through. Trust me when I tell you that I can everything before opening. EVERYTHING! (Right click and scan)

[BoredNow]

I helped my parents with their system restore by using the directions on this page...

http://pcsupport.about.com/od/fixtheproblem/ht/systemrestorecp.htm

As for your IE...have you tried going here to automatically fix it....

http://support.microsoft.com/kb/318378

[Tags:]