all about computer information and technology
RSS icon Email icon Home icon
  • It’s not always malware: How to fix the top 10 Internet Explorer issues

    Posted on May 5th, 2009 admin 2 comments

    alware, the perennial enemy of the Web surfer, has received a lot of publicity and analysis over the past 12 months and rightly so, but this attention has, in some ways, proven to be a two-edged sword.

    It is easy to forget that issues with Internet Explorer are not always caused by malware, especially when the support groups are full of cries for help from owners of infected machines. Sometimes, when malware fixes don’t work, people are at a loss as to what to do next. I have even seen examples where people have been advised to reformat their machines unnecessarily, but I have reached the thread too late to say “No, don’t do that yet.”

     

     

    Now for the good news…

    The Internet Explorer of today is far more stable than it was back in 1999 when I first started supporting users. Back then kernel32.dll and wininet.dll crashes were regularly reported in the newsgroups – now such errors are only occasionally reported. Not only that, when non-malware issues do occur they are often easy to fix and often are solved by the same few tried and true procedures.

    It’s beyond the scope of this article to cover all of the potential fixes for my “Top 10″ Internet Explorer issues, what you’ll find here is what experience has taught me is most likely to succeed. Note: Some of these procedures are for more advanced users.

    Issues viewing Web pages

     

    1

    “Page cannot be displayed” errors

     

     

    2

    Red x instead of pictures

     

     

    3

    View, Source doesn’t work

     

     

    To address the issues above, you may need to try one, some, or all of the following three procedures.

    Empty the cache

    The first thing to do when Internet Explorer is misbehaving is empty your Internet Explorer cache. Often the cache is not corrupt or damaged – it is simply too large.

    1. Click Tools, then Internet Options, and then click the Delete Files button.
    2. A Delete Files window will appear. Select the option to Delete all offline content, and then click OK.
    3. Click Settings and reduce the size of your cache to, say, 50 to 100 MB (more if you routinely download very large files).

    This will invariably fix the dreaded red x, View, Source, and sometimes “Page cannot be displayed” errors.

    Troubleshooting fix number 1—empty your IE cache.

    Emptying the cache will not be sufficient to fix things if a hidden file in the cache folders, called index.dat, is corrupt. Our best alternative in such a situation is to delete the cache folders in their entirety, but this cannot be done from within Windows under normal circumstances.

    Index.dat is a system file, and any attempt to delete it while Windows is running or while the user is logged on will be blocked. Therefore, we need to reboot into DOS mode or, when running later versions of Windows that support user accounts, we need to log in to Windows using a different Administrator account to that which is affected.

    Note: The following procedure is for advanced users.

    If you are running Windows 95, Windows 98, or Windows Millennium Edition (Me)

    1. Click on Start, then Shut Down, and select the Restart the Computer in MS-DOS mode option. (If you are running Windows Me use a Windows 98 startup disc to access DOS mode.)

    The steps required to create a startup disk are the same for Windows 95, Windows 98, and Windows Me.

    1. Click on Start, point to Settings, and then click on Control Panel.
    2. Open Add/Remove Programs, click on the Startup Disk tab, and then click Create Disk and follow the prompts. Make sure you have an empty floppy disk ready.

    If you have difficulties when using Add/Remove Programs to create a startup disk (for example, if the Wizard prompts for your operating system installation disk and you cannot find it, or you only have a manufacturer provided restore disk or partition) go to www.bootdisk.com/bootdisk.htm. Download a Windows98 boot disk executable file from that site, put an empty floppy disk in the correct disk drive, and then double click on the downloaded file to make the disk. I recommend Windows 98 SE Custom, which includes smartdrv.

    Turn your PC off, and place the startup disk in the computer’s floppy drive. Turn on your PC, which should read the startup disk and load the DOS operating system instead of Windows.

    Once the system has finished booting into DOS mode, run the following commands from the Windows directory, typically displayed in DOS as c:\windows\>.

    smartdrv
    	deltree tempor~1

    Just to be sure, let’s also run:

    deltree history
    	deltree cookies

    I should explain what tempor~1 means. The version of DOS that is included on the Windows 98 startup disk does not support long file or folder names like “temporary internet files.” We are restricted to 8 letters only. Therefore, any file or folder which has more than eight letters to its name must shortened, and appended with ~1 when use the Windows 98 version of DOS.

    Tip

    Tip: The smartdrv command is used to speed up disk operations in MS-DOS mode. Believe me, you don’t want to run the deltree commands without loading smartdrv first. I have forgotten a few times, and can tell you that computers can hobble along for hours instead of minutes during the deltree process if smartdrv is not loaded first.

    Reboot using CTRL+ ALT+ DELETE. If you are running Windows Me, remember to remove the startup disk from the floppy drive first.

    If you are running Windows 2000 or Windows XP

    We do things differently when working with operating systems that support User Accounts, such as Windows 2000 and Windows XP. Firstly, Windows 98 boot disks do not work if a hard drive is formatted as NTFS instead of FAT . Secondly, Windows 2000 and Windows XP use a more complicated directory structure than Windows 95 and Windows 98, making DOS more difficult to use successfully.

    The path to the Internet Explorer cache directory will typically be something similar to:

    C:\Documents and Settings\username\Local Settings\Temporary Internet Files\…

    Thankfully, Windows 2000 and Windows XP users can log in using an Administrator account to delete the folders in question directly from within Windows Explorer. Note that an Administrator cannot delete his own Internet Explorer cache folders. He must log on using a different Administrator account.

    Edit the HOST file

    Note: The following procedure is for advanced users.

    The HOSTS file is a hidden file used by some Internet related programs to control Web browsing by directly linking particular Web sites to pre-set IP addresses. The only problem is, if a Web page’s IP address changes, the HOSTS file will not update itself to suit, causing “Page cannot be displayed” errors.

    The HOSTS file can be viewed and edited using Notepad, but first we must temporarily show hidden files.

    For Windows XP

    1. Click Start, and then click Control Panel.
    2. Click Appearance and Themes, and then click Folder Options.

    For older systems

    1. Double-click My Computer, click View, and then click Folder Options.
    2. On the View tab, under Hidden files and folders, click Show hidden files and folders, and then clear the Hide protected operating system files check box.

    Important

    Important: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully complete the following steps we must turn this protection off temporarily. Please turn the protection back on when you have finished.

    Find and edit your HOSTS file

    The correct directory for a HOSTS file depends on what version of Windows you are running:

    Windows XP = C:\Windows\System32\Drivers\Etc
    Windows 2K = C:\Winnt\System32\Drivers\Etc
    Win 98\ME = C:\Windows

    Once you have found your HOSTS file, right-click on the HOSTS file, and then select Open. You will be asked to choose a program to use. Select Notepad, but make sure you that you do NOT turn on any option to always use the same program.

    Examine the content of your HOSTS file, and compare it to the screenshot below. We do not need to worry about any line that begins with an # because is ignored by Windows. Also, the line “127.0.0.1 localhost” can be safely ignored, because it is a standard entry.

    A HOSTS file can be used to control Web page to IP address associations

    Anything else that appears in your HOSTS file without an # at the beginning, apart from the “127.0.0.1 localhost” line, should be viewed with suspicion when we are trying to diagnose the cause of “Page cannot be displayed” errors. The quickest way to test for HOSTS file involvement is to right click the HOSTS file, then select Rename. Add the letter X to the beginning or end of the file name and then ok your changes. By changing the name of the HOSTS file, we stop Internet Explorer from using it, and therefore resolve any issues caused by the file.

    Repair Layered Service Provider problems

    Sometimes Internet Explorer is unable to access the Internet if software known as Layered Service Provider (LSP) has been removed incorrectly from a computer. You might not know you have this software; it is sometimes installed by unrelated software such as file-sharing programs, without your knowledge. In such cases, you will need to run LSPfix or Winsockxpfix. As its name suggests, Winsockxpfix should only be used on machines running Windows XP. LSPfix can be used on all other consumer versions of Windows, but make sure that Winsock 2 has been installed on Windows 95 machines.

    Tip

    Tip: If you are using Windows XP Service Pack 2 (SP2) there is a command that can be used instead of Winsockxpfix. It works by resetting the winsock catalogue. Click Start, then Run and type CMD in the dialogue box that appears, and then click OK. Type netsh winsock reset into the DOS window that appears.

    Other issues when viewing Web pages

    Creating a new cache and checking for HOSTS file involvement are, in my experience, the most likely way to successfully resolve page view issues in Internet Explorer. But it is not exhaustive. If you are still having issues, it would be worth reviewing the advice on my Web site. Some of the information is repetitious, but worth wading through—it addresses connection settings, third-party applications that may cause problems, issues related to Internet connection sharing, and a few other bits and pieces.

    Issues related to default browser settings

     

    4

    Error messages when attempting to send a page or link by e-mail

     

     

    First, reset your default e-mail client from within Internet Explorer. To do this go to Tools, then Internet Options, then Programs, then select your e-mail program of choice.

    The easiest way to set your default e-mail client is from within Internet Explorer

    Sometimes your e-mail program will not appear in the drop down list shown above. When this happens, we need to re-register the program in question.

    To re-register your e-mail program:

    1. Click Start, then click Run, and then type the appropriate command based on the following e-mail programs:

    Outlook Express:
    “C:\Program Files\Outlook Express\Msimn.Exe” /reg

    Outlook:
    “c:\program files\microsoft office\office\outlook.exe” /checkclient

    Make sure the path to msimn.exe or outlook.exe is correct for your machine. Type the command line exactly as it appears, including quote marks and spaces.

    If using a non-Microsoft e-mail program:

    A program must be Internet Explorer aware to automatically list itself as a default program option. If the program does not appear, there are a couple of things you can do. First, you can right-click the executable file for the program, and see if Register appears as an option, (which should cause the program to be listed on the drop box on the Program Tab)

    Otherwise, there’s a manual method, but it involves editing the registry and adding the program under:

    HKEY LOCAL MACHINE\Software\Clients\mail
    -or-
    HKEY LOCAL MACHINE\Software\Clients\news

    You will need to contact your program’s vendor for the appropriate syntax.

    5

    Hyperlinks not working

     

     

    Hyperlinks will not work if a computer system does not know which Web browser is set as the default, which happens if the settings that control this choice are damaged or incorrect. The easiest way to fix the problem is to allow your preferred Web browser to rewrite the appropriate settings by resetting your default browser. Rather than walk through the steps required to achieve this in this column, I refer you to my previous column about how to set up your browser as the default.

    6

    “Open in new Window” doesn’t work

     

     

    Sometimes resetting our default browser is not enough to get hyperlinks to work again, especially if they trigger a new window. Open in new window is dependent upon several system files, therefore you should ensure they are correctly registered.

    Click on Start, then Run, then run the following commands. After you run each command, a small window should appear stating that the command was successful.

    regsvr32 Shdocvw.dll (if that doesn’t work, try shdoc401.dll)
    regsvr32 Oleaut32.dll
    regsvr32 Actxprxy.dll
    regsvr32 Mshtml.dll
    regsvr32 Urlmon.dll

    Some programs that control pop-up windows and advertisements can stop hyperlinks from working. Also, some third-party add-ins are known to cause a problem and must be uninstalled when misbehaving in this way. Disable all third-party Internet related programs (not your firewall) and test.

    Miscellaneous issues

     

    7

    Internet Explorer freezes, shuts down without warning, or the computer reboots.

     

     

    This problem is often caused by out-of-date video drivers. Go to the Web site run by the manufacturer of your video card and download, then install, the latest (non-beta) drivers for your video card.

    Alternatively, you can try the following:

    1. Click Start, and then click Control Panel.
    2. Click Display (in classic view of Windows XP), click the Settings tab, and then click Advanced.
    3. Click the Performance or Troubleshooting tab (depending on your operating system), and then reduce hardware acceleration a notch at a time until your system stabilizes.

    8

    Internet Explorer opens off screen, or tiny, or minimized, or the window will not move

     

     

    If your taskbar is set to Autohide, turn the setting off and then maximize the problem window. While the window is maximized, increase the height of your taskbar from one row to two. The maximized window will automatically resize itself to fit into the smaller area available with a taller taskbar. Then, return the taskbar to its normal single row and allow the maximized window to resize once more. This will make Windows re-calculate window size and boundaries, overwriting registry keys that may be damaged.

    If the affected window is partially off screen, so that the Minimize, Maximize, Restore, and Close buttons are hidden, you can access the same options by clicking on the Internet Explorer icon on the far left edge of the Internet Explorer title bar, or by right-clicking on the Internet Explorer button on the taskbar.

    Internet Explorer’s window sizing options can be accessed in several ways

    If resizing your Taskbar does not work, run Regedit and remove the following registry key values which are most likely corrupt. Do not delete the entire key, just the last word which will appear in the right hand pane.

    HKCU\Software\Microsoft\Internet Explorer\Main\window_placement

    HKCU\Software\Microsoft\Internet Explorer\Desktop\OldWorkAreas\OldWorkAreaRects

    Then reboot.

    9

    The computer keeps disconnecting from the Internet

     

     

    This one can raise suspicions of malware. But, before you reformat your computer, do the following.

    1. In Internet Explorer, on the Tools menu, click Internet Options, and then click the Connections tab.
    2. Under Dial-up or Virtual Private Network settings, click the Settings button.
    3. Under Dial-up settings, click the Advanced button and make sure that Disconnect when connection may no longer be required check box is cleared, and that the Disconnect if idle check box is cleared as well.
    1. In Outlook Express, on the Tools menu, click Options, and then click the Connection tab.
    2. Turn off the option to Hang up after sending and receiving, and then close the Options window
    3. On the Tools menu, click Accounts, and then click the Mail tab.
    4. Make sure that each connection is set to use Any Available. If not, highlight the account then click on Properties.
    5. Click the Connection tab and ensure that the option “Always connect to this account using” is turned off.

     

     

    10

    “A runtime error has occurred. Do you wish to debug?”

     

     

    This is another symptom that tends to raise suspicions of malware.

    1. In Internet Explorer, on the Tools menu, click Internet Options, and then click the Advanced tab.
    2. Make sure that Disable Script Debugging (Internet Explorer) and Disable Script Debugging (Other) are both enabled.
    3. Make sure that Disable a Notification about ever script error is disabled.

  • Fix Windows XP Log On/Log Off Loop page 1

    Posted on May 5th, 2009 admin No comments

    Did you recently install some software, update a virus scanner, do a Windows Update or run a Spybot: Search & Destroy scan with an older version of Spybot and now when you try and log on to Windows XP or Vista it automatically logs you off? Help is right here!

    You haven’t tried the real solution yet until you’ve tried this one! This fix incorporates many other fixes found around the Internet, plus steps to remove spyware easily! It’s worth the wait to ensure a working system!

    Completely automated! * Live Spybot: Search & Destroy Scan! * Support for XP installations without ANY sort of Service Pack! * No more messy Offline Registry Editors! * No more Bart PE CD building! * No more Ubuntu CD burning!

    Save Me v1.25.2 is out! (see changelog.txt for details if interested)


    Introduction/Somethings you should know(VERY IMPORTANT,PLEASE READ)

    • First off, your data is safe so DO NOT PANIC. All of it can be recovered. Think of the data that you made on your computer as a separate thing from Windows itself. (because it is!) Windows is just an Operating System, a special kind of computer program made to run other computer programs or read certain files. Windows is made up of MANY parts, and sometimes those parts need to be replaced, just like any other machine. We’re going to check certain parts of the system to make sure everything is running the way it should.
    • Another way to think of it is that your front door is locked, so we’re getting into the machine through a back door to unlock the front door.
    • Another reason why your data is safe is because most pieces of spyware cause Windows to stop working, but they don’t destroy your data. Think of the spyware as a stupid burglar: he’ll take all the pipes and wood out of your house, but he/she won’t steal your car or jewels.
    • If my solution (scroll down) does not work for you and you need the data off the hard drive, search local websites for any sort of USB-to-IDE or USB-to-SATA device. These devices will allow you to hook up your hard drive to a working computer via USB and get the data off of it.

     

  • Fix Windows XP Log On/Log Off Loop Page 2

    Posted on May 5th, 2009 admin No comments

    Part 1 - Let’s start off easy.

    First, let’s try booting into Safe Mode.

    You can get to Safe Mode by booting up the computer and hitting the F8 key on your keyboard after your computer manufacturer’s logo disappears. (e.g., Dell, HP, etc.) Normally, the tip I give to most people is just to start tapping the F8 key over and over after the logo goes away until a menu pops up.

    Select Safe Mode from the menu that comes up using the arrow keys, and then press Enter.

    A bunch of stuff will come up. Don’t worry about that. It’s just Windows listing files it’s loading. After a bit, you should be able to get to a place where you can log in. At this point, one of two things will happen:

    • If it logs you back out, we know that the system is a bit more corrupted than usual.
    • If you’re lucky enough to get logged in, we know that something is preventing Windows from starting up with everything loaded. (Normal mode)

    In both of these cases, one or more of the following things happened:

    • Your computer was most likely infected by spyware or a virus/trojan/worm.
    • A spyware scanner such as Spybot: Search & Destroy wasn’t updated correctly and was detecting false positives because of this.
      • A false positive is when a virus or spyware scanner finds something that it thought was a problem, but it really wasn’t. When it tried to fix it, your system got screwed up.
    • A virus scanner such as Norton, AVast! or AVG found a false positive and tried to remove it.
    • A virus or a piece of spyware detected that it was being removed and tried to save itself by infecting your system in another way.

    Hey, everybody makes mistakes, right?

    Now, were you able to log in or not?
    Yes
    : Go to the page that says “Cleanup time!”
    No
    : Turn off the computer. Continue on to the next page.

  • Fix Windows XP Log On/Log Off Loop Page 3

    Posted on May 5th, 2009 admin 1 comment

    Part 2 - Finding your Service Pack

    Now, I’m going to have you boot into Safe Mode again, (yes, again) but this time you’re going to try and pay attention to something.

    After all those files load up, (all that text appears on the screen) a black screen should load with white lettering in the four corners and a mouse cursor. One of the corners will say Service Pack X where X is either 1, 2 or 3. You’ll need that number later. If you miss the text, that’s OK! You can try and login (yeah, I know it won’t work) to make the blue Welcome screen go away for just a bit so you can get another glimpse at the writing. Also, you can always restart the computer and try again.

    If you’re using Windows XP Media Center, let’s assume you have SP3.

    IMPORTANT NOTE: If you have recently used a Restore or Recovery Disc that came with your computer to try and get it functioning again, please ignore the Service Pack number you were just looking for and use the Service Pack number that is noted on the Restore/Recovery Disc. If your disc says SP1a, then you have SP1.

    If you look ALL OVER and you cannot find a Service Pack (SP) number, then you may have an RTM version of XP. (aka, no Service Pack at all) Note it down as Service Pack 0! (that’s the number zero)

    If you are having issues with this step, or see something completely different and you don’t know how to proceed, please contact me (see the first page) so I can edit this part accordingly. Thanks!

    After you find out your Service Pack, write down the number and continue onto the next page.

     

  • BlazeFind Removal Guide

    Posted on May 5th, 2009 admin No comments

    BlazeFind Description

    BlazeFind is a web browser toolbar that may redirect your browser search requests through Blazefind.com, and may also launch pop-up advertisements. BlazeFind is related to CDT, Inc.

    How can I Detect BlazeFind?

    The most common spyware removal tactic is to uninstall BlazeFind by using the “Add/Remove Programs” utility. However, as there may still be hidden BlazeFind files, it’s possible that BlazeFind will reappear after reboot. Follow the BlazeFind detection and removal methods below.

    BlazeFind Automatic Detection (Recommended)

    Is your PC infected with BlazeFind? To safely & quickly detect BlazeFind, we highly recommend you…

    Download SpyHunter's Malware Scanner Download SpyHunter’s Malware Scanner.

    SpyHunter’s free version is only for malware detection. If SpyHunter’s malware scanner detects BlazeFind on your PC, you will need to purchase SpyHunter’s malware removal tool to remove BlazeFind and other malware threats.

    BlazeFind Manual Removal Instructions

    Below is a list of BlazeFind manual removal instructions and BlazeFind components listed to help you remove BlazeFind from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

    Note: This manual removal process may be difficult and you run the risk of destroying your computer. We recommend that you use SpyHunter’s malware detection tool to check for BlazeFind.

    Step 1 : Use Windows File Search Tool to Find BlazeFind Path

    1. Go to Start > Search > All Files or Folders.
    2. In the “All or part of the the file name” section, type in “BlazeFind” file name(s).
    3. To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
    4. When Windows finishes your search, hover over the “In Folder” of “BlazeFind”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete BlazeFind in the following manual removal steps.

     

    Step 2 : Use Registry Editor to Remove BlazeFind Registry Values

    1. To open the Registry Editor, go to Start > Run > type regedit and then press the “OK” button.
    2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
    3. To delete “BlazeFind” value, right-click on it and select the “Delete” option.
    4. Locate and delete “BlazeFind” registry entries:

    ==================

    83DE62E0-5805-11D8-9B25-00E04C60FAF2
    C5941EE5-6DFA-11D8-86B0-0002441A9695

    ==================

    Step 3 : Use Windows Command Prompt to Unregister BlazeFind DLL Files

    1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the “OK” button.
    2. Type “cd” in order to change the current directory, press the “space” button, enter the full path to where you believe the BlazeFind DLL file is located and press the “Enter” button on your keyboard. If you don’t know where BlazeFind DLL file is located, use the “dir” command to display the directory’s contents.
    3. To unregister “BlazeFind” DLL file, type in the exact directory path + “regsvr32 /u” + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u BlazeFind.dll) and press the “Enter” button. A message will pop up that says you successfully unregistered the file.
    4. Search and unregister “BlazeFind” DLL files:
    ===============
    3_0_1browserhelper3.dll
    ================

    Step 4 : Detect and Delete Other BlazeFind Files

    1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the “OK” button.
    2. Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
    3. To change directory, type in “cd name_of_the_folder”.
    4. Once you have the file you’re looking for type in “del name_of_the_file”.
    5. To delete a file in folder, type in “del name_of_the_file”.
    6. To delete the entire folder, type in “rmdir /S name_of_the_folder”.
    7. Select the “BlazeFind” process and click on the “End Process” button to kill it.
    8. Remove the “BlazeFind” processes files:

    ===============

    3_0_1browserhelper3.dll

    ===============

  • Fix Windows XP Log On/Log Off Loop Page 4

    Posted on May 5th, 2009 admin No comments

    Part 3 - Setting your computer to boot to CDs/DVDs

    You’re going to need to set the computer that is not working to check for CDs/DVDs first. [If you know for a fact that your computer boots to CDs/DVDs first already, then you can skip this page completely] You’ll need to enter your computer’s BIOS (Basic Input Output System) in order to set this up. Don’t worry about changing it back after you’ve fixed up your machine. It’s not going to affect anything.

    As your computer boots up, you’ll see your computer manufacturer’s logo. (e.g., Dell, HP, eMachines, ASUS, Sony Vaio, Compaq, etc.) Look in all four corners of the screen and near the bottom for an option called Setup, Enter Setup, or Enter BIOS Setup. Near these words will be a key to press, such as Delete (Del), F2, F3, Escape (ESC) or F10. If you do not see these words, try a different key every time you boot up until you get the right one. I would recommend starting with Delete first. One pushed, it will bring you to a DOS-like screen where you can change some important system information.

    Some BIOS’ will have their main categories organized in tabs (across the top in blue) which you’ll need to use left and right to navigate through. Others use a vertical menu on the left. Still others use a page-like interface. Look around on the screen for help if you need it.

    You’re interested in options that look like Boot, Boot Options, Boot Priority, or Boot Order. Use the arrow keys to move around and Enter to confirm things or bring up more menus.

    Is your CD/DVD Drive or Optical Drive (may be the make/model of the drive) at the top of the list?
    Yes
    : Turn off your computer and go to the next page.
    No: Continue on this page for just a bit longer.

    Once you get to it, make sure that your CD/DVD Drive or Optical Drive (may be the make/model of the drive) is listed at the top. Some BIOS’ require that you press a certain key to move the CD/DVD drive to the top, such as u. Read the onscreen directions carefully.

    Once done, most BIOS’ will allow you to save your changes by pressing F10. If yours is different and you don’t know where to go, press the Escape (ESC) key to back out one screen. Some BIOS’ at this point may ask you to save changes for that part of the BIOS. Save it and use the arrow keys to find your way to Exit. When it asks, Save Changes.

    If all went well, the computer should reboot. Boot into Safe Mode. When you get to the login screen, pop open your computer’s CD/DVD tray and shut down your computer via the normal menus.

    We’re going to leave your computer alone for a while. Go to the next page

     

  • Fix Windows XP Log On/Log Off Loop Page 5

    Posted on May 5th, 2009 admin No comments

    Part 4 - Burning some CDs/DVDs

    THIS PAGE REQUIRES YOU TO DOWNLOAD A DECENT AMOUNT OF DATA. (205MB) IF YOU DO NOT HAVE A HIGH SPEED INTERNET CONNECTION, THEN YOU MAY WANT TO GO TO A PLACE WHERE THERE IS ONE AVAILABLE, LIKE A FRIEND’S HOUSE OR A STARBUCKS.

    So now it’s time to start fixing your system. We’re going to need some tools though. We’ll need to burn 2 CDs. (or DVDs if you don’t have any blank CDs. DO NOT USE CD-RWs OR DVD-RWs.) You should get a marker to label the CDs/DVDs so you don’t get them confused.

    A file that ends with the extension .iso is a special kind of file. .iso files are like .zip files, but with special information that helps a CD/DVD burning program make CDs/DVDs you may burn bootable, etc. If you unzip an .iso file you download, you’ll ruin it. You can use CDBurnerXP, Free ISO Burner, ImgBurn, or Active ISO Burner to burn the .iso file (also known as a CD/DVD image) you downloaded. When downloading Active ISO Burner, you can just get the middle one on the left side of the page. If you’re not going to use Active ISO Burner, make sure to use something along the lines of CD/DVD image burning in your CD/DVD burning program and NOT data burning! Please make sure to burn it at a slow speed (4x) to get the best results with even the most picky drives. Again, please leave the file in .iso form. Do NOT unzip it or anything like that.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    Now, onto the CD burning!

    1. Download this file. (Save it, do not open it.) (If you’re running XP, don’t worry about it being a Vista Recovery Disc.)
    2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    3. Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
    4. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    5. The CD/DVD should spin up and boot.

    Were you brought to a screen that gives you a prompt to press any key?
    Yes
    : Good! This should mean that this CD/DVD is burnt correctly! Pop out the CD/DVD, leave the CD/DVD tray open, and hold down the power button on your computer for 5 seconds to shut it down. Get a marker and label this CD/DVD “Vista Recovery Disc“. If you’re running XP, don’t worry about it being a Vista Recovery Disc.
    No
    : You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    1. Download this file. (Save it, do not open it.)
    2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    3. Put the CD/DVD into the CD/DVD tray of the computer that you just used to burn the CD/DVD.

    Do you see some files and folders in the CD/DVD?
    Yes
    : Good! This means that this CD/DVD is burnt correctly! Pop out the CD/DVD, get a marker and label this CD/DVD “Save Me v1.25.2“.
    No
    : You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    Congrats! All your tools are ready! Please continue onto the next page.

  • Fix Windows XP Log On/Log Off Loop Page 6

    Posted on May 5th, 2009 admin No comments

    Part 5 - Run the Discs!

    1. Put the Vista Recovery Disc CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. Press any key at the prompt as it says.
    5. Some files will load. (some machines may take up to 25 minutes to load!)
    6. You’ll be brought to a colorful screen with a cursor.
      [If you get any strange errors at this point, please shut down your machine by holding down the power button for at least 5 seconds and try booting it up with the disc again.]
    7. Wait (at most 5-10 minutes on very old systems) until a window appears.
    8. After the window appears, click Next.
    9. Click Repair your computer on the bottom left.
    10. Click Next on the small window that appears. (Don’t worry about it not detecting XP.)
    11. Click Command Prompt on the window that appears.
    12. Take the Vista Recovery Disc CD/DVD out and put the Save Me v1.25.2 CD/DVD in your CD/DVD drive.
      [If you are having issues with this, try downloading and unzipping this .zip file, taking the files that were in it and putting them onto a USB flash drive. (making sure that you can see a file called "saveme" or "saveme.bat" in the root of the drive) Then, put the USB flash drive into the computer.]
    13. Try typing D:\saveme, E:\saveme or F:\saveme to start up the recovery process.
    14. Follow the directions in the Command Prompt window.

    So, NOW are you able to log in?
    Yes!: Please go on to the next page!
    Still No!
    :
    Please contact me. (see the first page)

  • Fix Windows XP Log On/Log Off Loop Page 7

    Posted on May 5th, 2009 admin No comments

    Part 6 - Cleanup time!

    You’re in! Congrats! I would STRONGLY recommend you scan for spyware and viruses. (keep reading)

    DO NOT BOOT INTO NORMAL MODE YET OR ELSE THE SPYWARE/VIRUSES (if present) COULD CAUSE MORE PROBLEMS!

    You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way, however, I would recommend downloading the utilities listed below from another computer and putting them on a CD. Do not use a USB flash drive as that may become infected. Try and keep the infected computer off the Internet or your home network as long as possible. Not rebooting will also keep the virus/spyware at bay because it may want to undo some things each time you reboot.

     

    PLEASE, IF YOU VALUE

    YOUR COMPUTER AND

    EVERYTHING ON IT,

    BACKUP YOUR DATA

    AND

    HAVE A BACKUP PLAN

    SO YOU DO NOT HAVE

    TO SCRAMBLE

    LIKE THIS AGAIN!

    First, do the following:

     

     

    1. Click Start
    2. Click My Computer
    3. Select the Tools menu
    4. Click Folder Options at the top
    5. Select the View tab
    6. Under the Hidden files and folders heading, select Show hidden files and folders
    7. Uncheck the Hide protected operating system files (recommended) option
    8. Click Yes on the warning dialog that pops up
    9. Uncheck the Hide file extensions for known file types option
    10. Click Apply
    11. Click OK

    Go download and install these utilities. All of them are free to use and provide free updates. When running these installers, RENAME THEM as some viruses and spyware block them based on the file name. Make sure to keep the same file extension though. (.exe, .msi, etc.) These are in no way configured once installed. If you need help configuring them, please give me a call.

    PLEASE REMEMBER TO UPDATE

    THESE SCANNERS BEFORE

    SCANNING!

    YOU NEED TO USE ALL THE

    PROGRAMS ON THIS PAGE!

    • AVast! Antivirus
      • Can be installed/run under Safe Mode
      • Choose to run a Boot time scan
      • Choose to Restart later
      • Update AVast!’s defintions
      • Reboot into Safe Mode to run the boot time scan
      • If you have an antivirus scanner already, don’t use it anymore. Use AVast!. You can uninstall your old antivirus program when you get back into Normal mode.
      • Once you run AVast! Antivirus’ boot time scan, if it says you’ve been infected by Win32:Vitro, THERE IS NOTHING YOU CAN DO TO RESTORE YOUR SYSTEM TO A USABLE STATE WITHOUT REFORMATTING AND REINSTALLING. Backup your data and reformat the drive pronto. PLEASE MAKE SURE TO SCAN YOUR BACKUP AS WELL ON A CLEAN SYSTEM TO PREVENT REINFECTION.
    • Mozilla Firefox
      • Can be installed/run under Safe Mode
      • Please use this to browse the Internet from now on!
    • Spybot - Search & Destroy
      • Can be installed/run under Safe Mode
      • Do not select TeaTimer during installation
      • Do not select “Download updates” during installation
      • Close Spybot - Search & Destroy
      • Update the detection rules
      • Before installing: (if you have a version on your machine already)
        • Open Spybot - Search & Destroy
        • Undo all Immunization
        • Close Spybot - Search & Destroy
        • Remove it via Add/Remove Programs in the Control Panel
        • Restart the computer as it says, but go back into Safe Mode
        • Delete the following folders: (it is OK if some do not exist)
          • C:\Program Files\Spybot - Search & Destroy
          • C:\Program Files\TeaTimer
          • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          • C:\Documents and Settings\All Users\Application Data\TeaTimer
      • Once your machine is clean enough to get back into Normal mode, you’ll need to take note of this special procedure again for updating Spybot. You’ll need to uninstall it and reinstall it, as installing it under Normal mode will provide extra protection.
        • After you’re back in Normal mode and have uninstalled, cleaned up (see above) and then reinstalled Spybot, remember to update it and do another scan with it to take out anything else.
    • Malwarebytes’ Anti-Malware
      • Can be installed/run under Safe Mode
      • Update the program
      • Do a Full Scan
    • Windows Malicious Software Removal Tool
      • Can be installed/run under Safe Mode
      • Do a Full Scan
    • SpywareBlaster
      • Can be installed/run under Safe Mode
      • Before installing: (if you have a version on your machine already)
        • Open SpywareBlaster
        • Disable all Protection
        • Close SpywareBlaster
        • Remove it via Add/Remove Programs in the Control Panel
    • Bazooka Adware and Spyware Scanner
      • Can be installed/run under Safe Mode
      • If you’re running Windows Vista, you’ll see two false positives. Ignore them.
      • Update the program
      • Do a scan
    • Windows Defender
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan
    • COMODO Firewall
      • Can be installed/run under Safe Mode
      • Do not install the COMODO Antivirus, as the software program below will take care of viruses
      • You do not need COMODO SafeSurf
      • Do the Spyware Scan
    • SUPERAntiSpyware
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan
    • Ad-Aware
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan

    AFTER YOUR MACHINE IS

    CLEAN, REMEMBER TO

    UPDATE TO XP SP3 IF

    YOU DID NOT HAVE IT!

    Some of the main things I’ve found that causes this loop:

    • People don’t uninstall old version(s) of Spybot: Search & Destroy when installing a new version
    • People uninstall the old version, but they don’t get rid of the Spybot/TeaTimer folders in C:\Program Files
    • People uninstall the old version, but they don’t get rid of the Spybot folders in C:\Documents and Settings\All Users\Application Data (I don’t think you really need to get rid of this, but I do just to have a full uninstall)
    • People don’t know when a new version of Spybot: Search & Destroy is available (no notification in updater, no auto-updater, etc.) Always check before doing a scan!
    • People are still using Internet Explorer (IE) to browse the Internet without adequate protection.
    • People are heavily infected with spyware and viruses without knowing it.

     

  • How to use ComboFix

    Posted on May 5th, 2009 admin No comments

    If you have used removable usb storages with this system after the infection those have probably got infected as well. In order to clean them you have to have those plugged in during the whole cleaning process.

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb…o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.