IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Web browser hijack problems 'imesh'
newbie101
post 30.04.2011 10:52
Post #1


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




Hi guys,

As of yesterday, I am having issues with IE8. My girlfriend listens to a lot of music online and has downloaded something called 'imesh' by accident which has a very similar name to a music site she listens to online. Horrible piece of software which now prevents ie8 going to many websites from addresses typed in the address bar. The web browser comes up with the white screen you get when you have no connection and the option to 'diagnose connection problems' etc. It also installed something called 'media bar' which I noticed in add-ons and Windows7 says is disabled but no remove option is allowed.

I have deleted/removed what I can via uninstall programmes in windows and also scanned normally and in safemode with KIS 2011 but it detects nothing. I have also tried Combofix but it has also not rectified the problems with the browser.


Link is:

http://www.getsysteminfo.com/read.php?file...b5abb463fa7602a

Many thanks


Attached File(s)
Attached File  sysinfo.zip ( 16,08K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
richbuff
post 30.04.2011 11:10
Post #2


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




QUOTE
I have also tried Combofix but it has also not rectified the problems...
Please do not run Combofix unless/until you are individually instructed by a malware removal person.

Since you already did, did it complete the scan? If yes, please attach the combofix log.

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.





--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 30.04.2011 17:42
Post #3


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 30.04.2011 10:10) *
Please do not run Combofix unless/until you are individually instructed by a malware removal person.

Since you already did, did it complete the scan? If yes, please attach the combofix log.

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.



Please find enclosed both logs as requested. The Combofix scan did complete!


Many thanks
Attached File(s)
Attached File  ComboFix.txt ( 15,77K ) Number of downloads: 3
Attached File  mbam_log_2011_04_30__20_40_48_.txt ( 920bytes ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
richbuff
post 1.05.2011 04:38
Post #4


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




Combofix and Malwarebytes did not detect anything.

Uninstall Combofix by: pause Kaspersky > Start > run > type combofix /uninstall > ok. Restart Kaspersky.

Please post a screenshot of the issue that you are seeing.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.


This post has been edited by richbuff: 1.05.2011 04:39


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 1.05.2011 09:11
Post #5


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




1st screenshot is what appears after typing in the website required in address bar and pressing enter. It doesn't go to the website but lists in Google as suggestions.

I then click on the top search suggestion as it is the same as required and Screenshot2 shows the result.

SS3 and SS4show the media bar that I cannot remove and didn't have previously.

Due to upload size restrictions I have posted multiple related posts with the screenshots.

Many thanks
Attached File(s)
Attached File  SS1.jpg ( 267,77K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
newbie101
post 1.05.2011 09:14
Post #6


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008






I then click on the top search suggestion as it is the same as required and Screenshot2 shows the result.



Attached File(s)
Attached File  SS2.jpg ( 113,94K ) Number of downloads: 4
 
Go to the top of the page
 
+Quote Post
newbie101
post 1.05.2011 09:16
Post #7


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




Mediabar IE8 add on
Attached File(s)
Attached File  SS3.jpg ( 219,48K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
newbie101
post 1.05.2011 09:17
Post #8


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




Mediabar further info
Attached File(s)
Attached File  SS4.jpg ( 207,84K ) Number of downloads: 8
 
Go to the top of the page
 
+Quote Post
richbuff
post 1.05.2011 09:31
Post #9


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




Reset IE: http://support.microsoft.com/kb/923737


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 1.05.2011 19:32
Post #10


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 1.05.2011 08:31) *


RB,

I have tried this and it doesn't work. In Windows 7 you cannot uninstall IE8 and reinstall it. A reset for Win7 has also changed, it is now not possible to delete add-ons from a reset as it used to be in XP and Vista, but merely disable which doesn't help I have tried this today. I am still having the same interference in searches from what I believe is this mediabar.

Having searched the internet extensively today it appears that many people have had this malware problem for a number of years. I am surprised it is not being detected by KIS or the other heavyweights such a Combofix or Malwarebytes by now.

Would you please advise on a next course of action to try and remove it as I am not prepared to do a system restore for a stupid add-on! dash1.gif

Many thanks.

This post has been edited by newbie101: 1.05.2011 19:33
Go to the top of the page
 
+Quote Post
richbuff
post 2.05.2011 02:17
Post #11


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




Please create and attach a new avz.zip, but open your browsers before you create it, so all of your browsers are open and running when the new sysinfo.zip is created.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 2.05.2011 06:41
Post #12


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 2.05.2011 01:17) *
Please create and attach a new avz.zip, but open your browsers before you create it, so all of your browsers are open and running when the new sysinfo.zip is created.



http://www.getsysteminfo.com/read.php?file...15c24d0e0a8e052



Many thanks
Attached File(s)
Attached File  GetSystemInfo_CMC_NB_UserA_2011_05_02_09_24_27.zip ( 71,11K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 2.05.2011 06:58
Post #13


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




You're welcome. Please clear the contents of the Temp folder located at C:\Users\UserA\AppData\Local\temp
Show hidden folders in Windows folder options to view.

Also, please create a new avz .zip, created when all of your browsers are open and running. Attach the new avz .zip.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 2.05.2011 08:58
Post #14


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 2.05.2011 05:58) *
You're welcome. Please clear the contents of the Temp folder located at C:\Users\UserA\AppData\Local\temp
Show hidden folders in Windows folder options to view.

Also, please create a new avz .zip, created when all of your browsers are open and running. Attach the new avz .zip.


Rich,

A couple of things:

Could you please tell me how I go about clearing the temp files you mention?

Also open all browsers- please specify what you mean. IE8 when I go through search problems as in the above screenshots or just when IE is open alone?

What also is the avz.zip? Is this the file created via the 'get system info' software?

Thanks again

This post has been edited by newbie101: 2.05.2011 09:00
Go to the top of the page
 
+Quote Post
richbuff
post 2.05.2011 10:46
Post #15


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




1) Please see: http://support.kaspersky.com/kis2011/error...p;qid=208279128

2) Run AVZ to create a new avz sysinfo.zip, but please have IE running when you run AVZ to create it. Double click the IE desktop shortcut > minimize the IE window > run AVZ to create a new avz sysinfo.zip > attach the new avz .zip/


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 2.05.2011 14:09
Post #16


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 2.05.2011 09:46) *
1) Please see: http://support.kaspersky.com/kis2011/error...p;qid=208279128

2) Run AVZ to create a new avz sysinfo.zip, but please have IE running when you run AVZ to create it. Double click the IE desktop shortcut > minimize the IE window > run AVZ to create a new avz sysinfo.zip > attach the new avz .zip/



Rich,

Emptied temp files although a few wouldn't delete. Then checked database for AVZ and ended up downloading the software AVZ4 and running that following the KAS database instructions which I thought was what you meant, waiting for a log! First time it froze but I could see the whitened out log with a few red files mixed in with the black. Secondtime it completed before I had another look at the help database and found the create AVZ log via KIS2011 support help files and the inbuilt video type stuff on how to do it!. So the log I have uploaded is that one which is probably what you requested to start with! Oh and IE was open during this.

Apologies if it was wrong, but I'm not used to having to do this often!

This post has been edited by newbie101: 2.05.2011 14:11
Attached File(s)
Attached File  AVZ_file.zip ( 13,97K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 2.05.2011 14:26
Post #17


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




Nothing untoward appears in your log. Microsoft Internet Explorer extension modules (BHOs, Toolbars ...) Elements detected - 5, recognized as trusted - 5

Combofix and Malwarebytes did not detect anything.

Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok and scan again.

After that, delete the imesh folder from C:\Program Files.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
newbie101
post 2.05.2011 15:27
Post #18


Member
**

Group: Members
Posts: 24
Joined: 18.09.2008




QUOTE(richbuff @ 2.05.2011 13:26) *
Nothing untoward appears in your log. Microsoft Internet Explorer extension modules (BHOs, Toolbars ...) Elements detected - 5, recognized as trusted - 5

Combofix and Malwarebytes did not detect anything.

Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok and scan again.

After that, delete the imesh folder from C:\Program Files.



Rich,

I have done what you said. I have also checked the add-ons in IE and the 'mediabar' has gone!!! I can only conclude that the accidental use of AVZ4 has got shot of it even though it froze! IE appears at the moment to be searching correctly too on a few quick searches! If not I'll let you know.

.jpg shows the IE add-on screen shot of all add-ons!

Would you please recommend/advise either with Win7 or KIS2011 settings what I should do to make it more difficult to have such software download itself with 1 accidental click of the mouse? Is it also possible to block certain websites e.g. imesh.com smile.gif with KIS?

Your suggestions and help would be appreciated and thank you very much for your help throughout.
Attached File(s)
Attached File  addons_IE8.jpg ( 190,59K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 3.05.2011 04:10
Post #19


Helper
*****************

Group: Global moderators

Posts: 1009567
Joined: 14.06.2007




You're welcome. Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok. This could help prevent.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 25.05.2017 20:17