Questions

Problems after infection with Spy Defender Pro

+
0 Votes
Locked

Problems after infection with Spy Defender Pro

lpetrone5
I think I got an infection when SpyDefender Pro showed up on my XP computer. I think I got rid of it, but now Internet Explorer doesn't work right, I can't open System Restore (even in safe mode from the command prompt), and Windows update doesn't work. Also, the Search program doesn't work. I assume that there are still corrupted files somewhere. Any simple fixes?
Interestingly, Firefox works.
Thanks.
  • +
    0 Votes
    ComputerCookie

    you will need to get a number of security software and run them in safe mode and edit the registry or get a tool to do it.

    My suggestion for a quick fix would be to backup, format and reinstall.
    If you won't to know how to do either post back.

    +
    0 Votes
    lpetrone5

    Thanks for the quick reply. I was afraid that it wouldn't be easy. I've tried a bunch of anti-spyware programs, but not in safe mode. I don't know how to backup, format and reinstall. I guess that should be my next step?

    +
    0 Votes
    ComputerCookie

    the infection to explain why it won't effect IE, but these attacks are usually targeted to exploit known faults.

    First of all I'd download a copy of AVG Free, Spybot S&D and Hijack This.

    AVG Free
    http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff

    Spybot S&D
    http://www.safer-networking.org/en/mirrors/index.html

    HijackThis
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Turn off "System Restore" Start > Control Panel > System, click on the "System Restore" tab, tick "Turn off System Restore on all drives"

    Run AVG and Spybot in "safe mode" (press F8, after the machaine POSTs and before XP starts to load), once they have finished, run HijackThis and post the logfile.

    If you have any further questions or want some assistance in backup, format and reinstall post!

    Jeff

    +
    0 Votes
    lpetrone5

    I realized that Windows media player didn't work either, even after I downloaded the most recent edition, so I did a Google search for "Windows media player won't work", and I found a link to a Microsoft knowledge base article. This article had me do two things at the msconfig prompt that fixed media player and also seems to have fixed the other problems.
    Thanks for your suggestions; if I have problems again, I will try with the antiviral/antispware links that you posted.

    +
    0 Votes
    lpetrone5

    Sorry, it wasn't msconfig, it was the following:


    An internal application error has occurred.

    CAUSE
    This issue may occur if one or more of the Jscript registry key settings are incorrect. This behavior may also occur if the Jscript.dll file is missing or damaged.

    RESOLUTION
    To resolve this issue, use the following methods in the order that they are presented.

    Method 1: Reregister Jscript.dll and Vbscript.dll

    1. Click Start, and then click Run.
    2. In the Open box, type regsvr32 jscript.dll, and then click OK.
    3. Click OK.
    4. Click Start, and then click Run.
    5. In the Open box, type regsvr32 vbscript.dll, and then click OK.
    6. Click OK.

    If either of the files do not register as expected, or if you receive an error message, the system file may be missing or damaged. To extract the missing file in Microsoft Windows XP, follow these steps:

    1. Click Start, and then click Run.
    2. In the Open box, type msconfig, and then click OK.
    3. Click Expand File.
    4. In the File to restore box, type the name of the file that you want to restore.
    5. In the Restore from box, type the path of the Windows XP .cab file where you want to restore the file, or click Browse From to locate the Windows XP .cab file.

    Note The Windows XP .cab files are stored in the I386 folder on the Windows XP CD.

    6. In the Save file in box, type the path where you want to extract the new file, or click Browse To to locate the folder that you want.
    7. Click Expand.
    8. In the System Configuration Utility dialog box, click OK. If you are prompted to restart the computer, click Restart.

    Open a dialog box that previously experienced the issue that is described in the "Symptoms" section of this article. If the issue recurs, go to the next method.

    Method 2: Edit the registry
    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    1. Click Start, and then click Run.
    2. In the Open box, type regedit, and then click OK.
    3. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 0-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32

    The (Default) value data should contain the following value:

    C:\WINDOWS\SYSTEM\JSCRIPT.DLL
    If it does not, double-click Default, type C:\WINDOWS\SYSTEM\JSCRIPT.DLL in the Value data box, and then click OK.
    4. The ThreadingModel value data should contain the following value:

    Both
    If it does not, double-click ThreadingModel, and then type Both in the Value data box.
    5. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 1-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
    6. Repeat steps 3 and 4 to edit this key, and then go to step 7.
    7. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 2-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
    8. Repeat steps 3 and 4 to edit this key, and then go to step 9.
    9. Exit Registry Editor.

  • +
    0 Votes
    ComputerCookie

    you will need to get a number of security software and run them in safe mode and edit the registry or get a tool to do it.

    My suggestion for a quick fix would be to backup, format and reinstall.
    If you won't to know how to do either post back.

    +
    0 Votes
    lpetrone5

    Thanks for the quick reply. I was afraid that it wouldn't be easy. I've tried a bunch of anti-spyware programs, but not in safe mode. I don't know how to backup, format and reinstall. I guess that should be my next step?

    +
    0 Votes
    ComputerCookie

    the infection to explain why it won't effect IE, but these attacks are usually targeted to exploit known faults.

    First of all I'd download a copy of AVG Free, Spybot S&D and Hijack This.

    AVG Free
    http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff

    Spybot S&D
    http://www.safer-networking.org/en/mirrors/index.html

    HijackThis
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Turn off "System Restore" Start > Control Panel > System, click on the "System Restore" tab, tick "Turn off System Restore on all drives"

    Run AVG and Spybot in "safe mode" (press F8, after the machaine POSTs and before XP starts to load), once they have finished, run HijackThis and post the logfile.

    If you have any further questions or want some assistance in backup, format and reinstall post!

    Jeff

    +
    0 Votes
    lpetrone5

    I realized that Windows media player didn't work either, even after I downloaded the most recent edition, so I did a Google search for "Windows media player won't work", and I found a link to a Microsoft knowledge base article. This article had me do two things at the msconfig prompt that fixed media player and also seems to have fixed the other problems.
    Thanks for your suggestions; if I have problems again, I will try with the antiviral/antispware links that you posted.

    +
    0 Votes
    lpetrone5

    Sorry, it wasn't msconfig, it was the following:


    An internal application error has occurred.

    CAUSE
    This issue may occur if one or more of the Jscript registry key settings are incorrect. This behavior may also occur if the Jscript.dll file is missing or damaged.

    RESOLUTION
    To resolve this issue, use the following methods in the order that they are presented.

    Method 1: Reregister Jscript.dll and Vbscript.dll

    1. Click Start, and then click Run.
    2. In the Open box, type regsvr32 jscript.dll, and then click OK.
    3. Click OK.
    4. Click Start, and then click Run.
    5. In the Open box, type regsvr32 vbscript.dll, and then click OK.
    6. Click OK.

    If either of the files do not register as expected, or if you receive an error message, the system file may be missing or damaged. To extract the missing file in Microsoft Windows XP, follow these steps:

    1. Click Start, and then click Run.
    2. In the Open box, type msconfig, and then click OK.
    3. Click Expand File.
    4. In the File to restore box, type the name of the file that you want to restore.
    5. In the Restore from box, type the path of the Windows XP .cab file where you want to restore the file, or click Browse From to locate the Windows XP .cab file.

    Note The Windows XP .cab files are stored in the I386 folder on the Windows XP CD.

    6. In the Save file in box, type the path where you want to extract the new file, or click Browse To to locate the folder that you want.
    7. Click Expand.
    8. In the System Configuration Utility dialog box, click OK. If you are prompted to restart the computer, click Restart.

    Open a dialog box that previously experienced the issue that is described in the "Symptoms" section of this article. If the issue recurs, go to the next method.

    Method 2: Edit the registry
    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    1. Click Start, and then click Run.
    2. In the Open box, type regedit, and then click OK.
    3. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 0-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32

    The (Default) value data should contain the following value:

    C:\WINDOWS\SYSTEM\JSCRIPT.DLL
    If it does not, double-click Default, type C:\WINDOWS\SYSTEM\JSCRIPT.DLL in the Value data box, and then click OK.
    4. The ThreadingModel value data should contain the following value:

    Both
    If it does not, double-click ThreadingModel, and then type Both in the Value data box.
    5. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 1-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
    6. Repeat steps 3 and 4 to edit this key, and then go to step 7.
    7. Locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 2-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
    8. Repeat steps 3 and 4 to edit this key, and then go to step 9.
    9. Exit Registry Editor.