Trojan Gone, Now Internet Explorer Won't Open.
My Windows XP Pro (SP2) desktop was recently infected with an av.exe trojan variant. There was a lot of information available in various forums, and I was able to remove the files, and updatae the registry. It appears that everything is working correctly except for the browsers. Besides IE, I have Firefox installed. When attempting to open either browser, the program is loaded into ram, then hangs before it can be displayed. Task Manager lists the program under processes, but not under Applications. If I attempt to open the program without terminating the process, another instance of the program is loaded. It also hangs. I use Thunderbird for my email. Thunderbird works fine. I restarted the computer in Safe Mode, and I am able to open both IE and Firefox. I tried re-installing Firefox. That made no difference. I've also tried opening the program by right clicking on the exe file, selecting Run As, and selecting the Administrator (a few posts said that worked for them). However, Windows does not recognize my password (as an aside, is there anyway I can reset my Administrator password?) To be thorough, I even created a new account, and verified the same thing occurs for both programs in normal and safe mode. While I suspect the problem is in the registry, I just don't know what else to do. I have not been able to fond any forum posts via search that describe this problem. What is obvious, though, is it's something the two programs have in common, and it's something that doesn't get loaded in safe mode. Again, I want to stress other programs that access the internet, Skype for example, are working just fine. Has anyone experienced this problem? And does anyone know how to resolve it? Thanks in advance, -Anita1 person needs an answerI do too
March 2nd, 2010 11:55am

I've continued to search for answers. I found an interesting thread where many people having problems using their browsers after removing a virus were posting questions and answers. http://en.kioskea.net/forum/affich-68136-firefox-and-ie-destroyed-after-virus-help One solution was to locate and deselect the use proxy server setting. They gave various ways of doing it, but the easiest is probably by using the Control Panel->Internet Options. In Windows XP, go to the Connections tab and click on the Lan Settings button. In the resulting window make sure the only box checked is Automatically detect settings. For many of these folks, the Use Proxy Server option was selected. Deselecting it solved their problems. That is not my problem, though. I checked my settings, and the Proxy Server option was not selected. I'm adding this information for two reasons. It is not the solution to my problem. No one need post it as a possible solution. It might be the solution for someone else reading this thread I'll continue to post information as I find it so this thread will hopefully be more useful for anyone who reads it. -Anita
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2010 2:43am

I'm making some progress, at least in understanding what is wrong if not what to do to fix it. I've run a number of anti-spyware and anti-adware utilities. One of these, Super Anti-Spyware I believe, provides a button to get more information about items found. I clicked on the button, then realized my browser wouldn't open so went ahead and told it to fix the problem. Almost immediately, Firefox opened. The browser still wouldn't open otherwise, but I found this very intriguing. By the way, many of the forums I've visited suggest you open Firefox in safemode--there's a link for it in the Start menu, in the Firefox folder--and disable all of the addons. If you are unfamiliar with this, a grey alert box opens before Firefox with a list of radio buttons. This is where they ask you to select the option to disable the addons, and then save your changes. However, I wasn't able to open Firefox in safe mode, wither. I decided to open the task manager and close down processes until I found which one was causing the problem. I discovered that when I ended FLVSrvc.exe, I was able to open either browser. FLVSrvc is part of a viewer that allows you to watch videos, much like Windows Media Player, or Quicktime, but in the .flv format. As this service has run on my computer for a long time without problems, I am assuming that it conflicts with the malware. Now that I can access the browser, I find that when I try to open certain pages from a Google search, the page gets hijacked. Instead of going to another page with software or information about anti-virus, anti-apware, I'm redirected to what looks like an ad page or search results. totally unrelated, of course. I've been running scans on my computer, trying to find the little bugger that is conflicting with my video utility, but so far no dice. I've run: Spy-Bot, Super Anti-Spyware, Bit-Defender, ParetoLogic Anti-Virus Plus, and Ad-Aware but cannot find anything else on the computer. I'm running Microsoft's own malware removal tool right now. I started with a quick scan, which showed no results, and am now running a thorough scan. That could take a long while with a couple of very large removal drives connected to the computer... :) I realized that while I can get the browsers to open by ending the FLVSrvc process, I really should see if I can get the browser working with FLVSrvc running, ending other process instead. Maybe I can find the conflicting process that way... Wish I were more efficient at my rouble shooting. Frustration and exhaustion are definitely taking a toll. I'll be back. -Anita
March 4th, 2010 4:18am

I've made much progress since my last post. I found a thread on another forum that addressed my problem exactly. Here's the url: http://myantispyware.com/forum/xp-antivirus-pro-spyware-plus-many-issues-t2933.html The forum requires you use Hijack This and post the results, so those helping can see exactly what is going on. But the folks there know what they are doing! If my problem sounds like yours, check out the url above. If not, you may still be able to get the help you need at their forum, http://myantispyware.com/forum/. Anyway... Turns out this trojan installed something called a rootkit. By following the instructions in the thread I mention above, I was able to remove the rootkit and clean up the hard drive. The last program to be run is called GREM Antirootkit, and it takes a very long time to run. The first time I ran it, I selected all my drives, including the external drives. It found a problem on the c-drive and terminated itself after finishing the d-drive. C and d are actually two partitions of the same drive. It told me I needed to reboot and run chkdsk, so I did. I then ran GREM again, but only on the c-drive. That finished without any problems. It is now running on the d-drive. I'll wait until tomorrow to run it on the two external drives. I expect the scans to take a day or two with one 1TB and one 250GB drives. I'm seriously considering hooking them up to the laptop to run the scans so I can have my main computer back. I haven't gotten any real work done all week! If I don't post here again, it means that I finally got everything working correctly again. And I must highly recommend MyAntiSpyWare.com for real information and real help. With fingers crossed, -Anita
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2010 10:24am

Had exactly the same problem. Cured it (I hope) by unchecking FLVSrvc.exe in msconfig's Startup tab. Yeah, I ran TDSSKiller but not sure whether its message about ATAPI.SYS being modified is a false positive or not. Anyway it didn't cure this last problem. Also ran GMER AntiRootKit (not GREM as you've written), available here: http://www.gmer.net/ Thanks for your help with this stubborn problem. Seems I picked up FLVSrvc.exe as part of Applian's Replay Media Catcher installation.
May 10th, 2010 7:35am

Had exactly the same problem. Cured it (I hope) by unchecking FLVSrvc.exe in msconfig's Startup tab. Yeah, I ran TDSSKiller but not sure whether its message about ATAPI.SYS being modified is a false positive or not. Anyway it didn't cure this last problem. Also ran GMER AntiRootKit (not GREM as you've written), available here: http://www.gmer.net/Thanks for your help with this stubborn problem.Seems I picked up FLVSrvc.exe as part of Applian's Replay Media Catcher installation. Not sure what was "cured" by you. But FLVSrvc.exe from Replay Media Catcher, Freecorder 4 and Ask&Recorder toolbar from www.applian.com doesn't contain any spyware or malware. VirusTotal can easily prove that. If you download these programs not from the official web-site, but from any untrusted sources, or if you use ____, you do it on your own risk.
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2010 7:13am

thanks anita thanks for ur solution :) u saved me hours of heart ache and stress! thank u and god bless
September 7th, 2010 12:50pm

Run a full scan of SAS Portable in safemode with the internet unplugged from the PC. SAS also has built in repairs for windows. Load it, click preferences. There is a repair tab. There is an option to repair desktop components and another to repair desktop policies. select 1 at a time and click preform repair. After everything is done reboot your PC. Everything should be back to normal."There are only 10 types of people in the world. Those that understand binary, and those that don't." [_1337_Pete_]
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2010 8:31pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics