Question

  • Creator
    Topic
  • #2232411

    Problems after infection with Spy Defender Pro

    Locked

    by lpetrone5 ·

    I think I got an infection when SpyDefender Pro showed up on my XP computer. I think I got rid of it, but now Internet Explorer doesn’t work right, I can’t open System Restore (even in safe mode from the command prompt), and Windows update doesn’t work. Also, the Search program doesn’t work. I assume that there are still corrupted files somewhere. Any simple fixes?
    Interestingly, Firefox works.
    Thanks.

All Answers

  • Author
    Replies
    • #3320547

      Clarifications

      by lpetrone5 ·

      In reply to Problems after infection with Spy Defender Pro

      Clarifications

    • #3320540

      No simple fixes

      by computercookie ·

      In reply to Problems after infection with Spy Defender Pro

      you will need to get a number of security software and run them in safe mode and edit the registry or get a tool to do it.

      My suggestion for a quick fix would be to backup, format and reinstall.
      If you won’t to know how to do either post back.

      • #3320329

        Thank you

        by lpetrone5 ·

        In reply to No simple fixes

        Thanks for the quick reply. I was afraid that it wouldn’t be easy. I’ve tried a bunch of anti-spyware programs, but not in safe mode. I don’t know how to backup, format and reinstall. I guess that should be my next step?

    • #3321889

      Don’t know enough about

      by computercookie ·

      In reply to Problems after infection with Spy Defender Pro

      the infection to explain why it won’t effect IE, but these attacks are usually targeted to exploit known faults.

      First of all I’d download a copy of AVG Free, Spybot S&D and Hijack This.

      AVG Free
      http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff

      Spybot S&D
      http://www.safer-networking.org/en/mirrors/index.html

      HijackThis
      http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

      Turn off “System Restore” Start > Control Panel > System, click on the “System Restore” tab, tick “Turn off System Restore on all drives”

      Run AVG and Spybot in “safe mode” (press F8, after the machaine POSTs and before XP starts to load), once they have finished, run HijackThis and post the logfile.

      If you have any further questions or want some assistance in backup, format and reinstall post!

      Jeff

      • #2646469

        might have fixed it!

        by lpetrone5 ·

        In reply to Don’t know enough about

        I realized that Windows media player didn’t work either, even after I downloaded the most recent edition, so I did a Google search for “Windows media player won’t work”, and I found a link to a Microsoft knowledge base article. This article had me do two things at the msconfig prompt that fixed media player and also seems to have fixed the other problems.
        Thanks for your suggestions; if I have problems again, I will try with the antiviral/antispware links that you posted.

        • #2646316

          sorry, not msconfig

          by lpetrone5 ·

          In reply to might have fixed it!

          Sorry, it wasn’t msconfig, it was the following:

          An internal application error has occurred.

          CAUSE
          This issue may occur if one or more of the Jscript registry key settings are incorrect. This behavior may also occur if the Jscript.dll file is missing or damaged.

          RESOLUTION
          To resolve this issue, use the following methods in the order that they are presented.

          Method 1: Reregister Jscript.dll and Vbscript.dll

          1. Click Start, and then click Run.
          2. In the Open box, type regsvr32 jscript.dll, and then click OK.
          3. Click OK.
          4. Click Start, and then click Run.
          5. In the Open box, type regsvr32 vbscript.dll, and then click OK.
          6. Click OK.

          If either of the files do not register as expected, or if you receive an error message, the system file may be missing or damaged. To extract the missing file in Microsoft Windows XP, follow these steps:

          1. Click Start, and then click Run.
          2. In the Open box, type msconfig, and then click OK.
          3. Click Expand File.
          4. In the File to restore box, type the name of the file that you want to restore.
          5. In the Restore from box, type the path of the Windows XP .cab file where you want to restore the file, or click Browse From to locate the Windows XP .cab file.

          Note The Windows XP .cab files are stored in the I386 folder on the Windows XP CD.

          6. In the Save file in box, type the path where you want to extract the new file, or click Browse To to locate the folder that you want.
          7. Click Expand.
          8. In the System Configuration Utility dialog box, click OK. If you are prompted to restart the computer, click Restart.

          Open a dialog box that previously experienced the issue that is described in the “Symptoms” section of this article. If the issue recurs, go to the next method.

          Method 2: Edit the registry
          Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

          1. Click Start, and then click Run.
          2. In the Open box, type regedit, and then click OK.
          3. Locate the following registry key:

          HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 0-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32

          The (Default) value data should contain the following value:

          C:\WINDOWS\SYSTEM\JSCRIPT.DLL
          If it does not, double-click Default, type C:\WINDOWS\SYSTEM\JSCRIPT.DLL in the Value data box, and then click OK.
          4. The ThreadingModel value data should contain the following value:

          Both
          If it does not, double-click ThreadingModel, and then type Both in the Value data box.
          5. Locate the following registry key:

          HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 1-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
          6. Repeat steps 3 and 4 to edit this key, and then go to step 7.
          7. Locate the following registry key:

          HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c26 2-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32
          8. Repeat steps 3 and 4 to edit this key, and then go to step 9.
          9. Exit Registry Editor.

Viewing 2 reply threads