Re: IE6 SP1 on WinXP fails to work, SP2 doesn't help

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/22/05 

Date: Tue, 22 Feb 2005 17:04:53 -0500

I was just made aware of a new utility by Sysinternals

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

RootkitRevealer is a an advanced root kit detection utility. It runs on Windows NT4 and
higher and its output lists Registry and file system API discrepancies that may indicate the
presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender. 

-- 
Dave
"PA Bear" <PABearMVP@gmail.com> wrote in message
news:OPKelzHGFHA.2156@TK2MSFTNGP09.phx.gbl...
| ISRVS is a signature of Bube.d (AKA W32.Beavis) Trojan, David.
|
| cf. http://computercops.biz/postt106277.html
|
| http://www.dslreports.com/forum/remark,12688162~mode=flat
| http://forum.gladiator-antivirus.com/index.php?showtopic=23364
|
| http://www.google.com/ie?q=isrvs&hl=en&lr
|
| It's a real nasty 'rootkit' Trojan which compromises and overwrites
| explorer.exe, and corrupts Security Center and related settings (even after
| its removal).
|
| I strongly urge you to post to one of the HijackThis Logs forums.
| -- 
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security
|
| David H. Lipman wrote:
| > Don and Bruce:
| >
| > BHODemon did the trick.
| >
| > There was an unknown file Browser Helper;  sysupd.dll  in:  %windir%\isrvs
| >
| > I booted in Safe Mode, deleted %windir%\isrvs and the re-booted IE worked
| > !
| >
| > I'm not sure if I need to clean the Registry for pointers pointing to the
| > inexistent files/folders but all looks good thanks to the ideas you two
| > have provided me.
| >
| >
| > "Don Varnau" <don_04[at]varnau[dot]org> wrote in message
| > news:eSLJMK8FFHA.936@TK2MSFTNGP12.phx.gbl...
| >> Hi,
| >> Some possibilities:
| >> 1. Try this command from Start> Run
| >> iexplore.exe /rereg
| >>  [enter]
| >> This reregisters all DLLs used by IE.
| >> 2. From Control Panel> Internet Options> Advanced> uncheck "Enable third
| >> party browser extensions." If that helps, another program is interfering
| >> with IE.
| >> 3. More malware removal tools:
| >> BHODemon 2.0: http://www.definitivesolutions.com/bhodemon.htm
| >> CWShredder. Get the stand-alone version at
| >> http://www.intermute.com/spysubtract/cwshredder_download.html
| >> 4. Quick and easy- sometimes works wonders. Delete the Temporary Internet
| >> Files folder for that user and set the size of the new TIF folder to
| >> about
| >> 50-60 MB.  http://mvps.org/winhelp2002/delcache.htm
| >> 5. A legitimate program (ad-blocker, privacy, security, toolbar, etc) may
| >> be causing the problem. You might try this (lengthy) troubleshooting
| >> process: 276393 - Understanding and Troubleshooting Unrecoverable Errors
| >> (Faults) in Internet Explorer: http://support.microsoft.com/?kbid=276393
| >> 6. Malware that the removal programs don't pickup or can't remove. You
| >> may
| >> have to post a HijackThis log
| >> to one of the forums listed below. You will receive good help at any of
| >> these forums. You might look for a forum that doesn't have too many
| >> unanswered posts. You should also look for the proper forum for
| >> HijackThis
| >> logs and a message along the lines of "Important- Read This First."
| >>
| >> HijackThis instructions and download:
| >> http://www.tomcoyote.org/hjt/
| >> http://www.aumha.org/downloads/hijackthis.exe
| >> (Additional information and warnings)
| >> http://www.aumha.org/a/parasite.php#hjt
| >>
| >> Forums:
| >> http://forum.mvps.org/  Excellent help- low traffic. Visit
| >> http://forum.aumha.org/viewtopic.php?t=4075 before posting the log.
| >>
| >> http://castlecops.com/forums.html
| >> http://www.spywarewarrior.com/index.php
| >> http://tomcoyote.com/forums/
| >> http://www.spywareinfo.com/forums/
| >> 7. To repair IE http://support.microsoft.com/default.aspx?scid=318378
| >> after
| >> removing SP2.
| >>
| >> Hope this helps,
| >> Don
| >> [MS MVP- IE/OE]
| >>
| >>
| >> "David H. Lipman" <DLipman~nospam~[at]Verizon.Net> wrote in message
| >> news:eg4ZRx7FFHA.1084@tk2msftngp13.phx.gbl...
| >>> I was handed a Dell notebook with WinXP SP1 and was told that IE wasn't
| >> working and would
| >>> "lock up".  I ran Adware SE, SpyBot S&D and the McAfee Command Line
| >> Scanner (log attached)
| >>> and all malware was erradicated.  There was no change in the status of
| >>> IE
| >> but all other
| >>> Internet related software such as FireFox works as expected.
| >>>
| >>> I figured that since is was at SP1 level, I installed SP2 from the 266MB
| >> admin EXE.  All
| >>> went fine and the notebook works at SP2 level in all aspects except IE
| >> still not does not
| >>> work.  It trys to connect to the homepage but never gets there and does
| >> much hard disk
| >>> swapping and slows the platform greatly.  If I walk away from the
| >>> platform
| >> for severeal
| >>> minutes there is no change in its status and I can cancel the attemp to
| >> access thw web site
| >>> close IE.
| >>>
| >>> I created a new account and tested IE in that account but IE still does
| >> not work.  I also
| >>> tried re-registering the following DLLs to no avail [ SOFTPUB, INITPKI
| >>> and MSSIP32 ]
| >>>
| >>> The user wants IE (no laughing please) and I am stumped of what to do
| >>> next
| >>>
| >>> Does anybody have any ideas to repair IE ?
| >>>
| >>> Are there other DLLs that I can try to re-register ?
| >>>
| >>> Are there any other steps I can try to repair IE6 SP2 ?
| >>>
| >>> Dave
|

Relevant Pages