IifgHaxw. Thus far, problems with IE. Anyone know anything about this?

BullGuard Antivirus Forum > Virus > Virus Questions > IifgHaxw. Thus far, problems with IE. Anyone know anything about this?

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

tarmael
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 6-11-2008 11:51 (GMT +1)

Hi, I personally am a Linux user, but my Fiances mother came up to me just 10 minutes ago "What's this mean?" her antivirus software had detected iifgHaxw.dll.

I've tried googling it, nothing. So this means the virus makes a randomly generated name each time (I assume).
I've come to that conclusion because it is obviously a virus known by anti-virus programs.

What it is currently doing (as to my knowledge) is it is preventing IE from connecting to any page.

Comes up with an error box saying "Internet Explorer could not open the search page."

I've tested and done the following just in case it is in fact user error.

Deleted cookies.
Deleted temp internet files (A virus may very well be hiding there... Mind there have been viruses in the past that duplicate themselves if such an action is performed.)
Checked internet connections (Also checked for DNS JUST in case it is that. Only to realise that I had manually configured all that myself ages ago. I know the internet is working because I'm using it now.)
Checked regedit for any entries of the iifgHaxw name.

I'm now downloading Spybot S&D

Things I will do: install FireFox see if that does anything.
Search through Spybot. See if that does anything. Continue searching with anti-virus software.

How I think this virus came about:
The laptops owner's Son (17) uses this laptop a lot for 'personal' reasons. I've searched the computer myself before (Using an Ubuntu Linux Live CD) for any porn, found a lot of it coming from Limewire and also found cookies from porn sites. Her son isn't very computer literate, and so wouldn't know much about computer vulnerabilities.

I'll keep this updated as I work more on this problem, but for now

Thank you for your support.

tarmael
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 6-11-2008 12:22 (GMT +1)

I installed Spybot and TeaTimer.

It's paying off already.

As I said in my previous post I would install FireFox and see if I can access the internet from there.
TeaTimer popped up and asked if I wanted something changed.

What it did was try and change my home page to www.dbsarticles.com.

I hope this helps.

Thanks for your support.

tarmael
New Member

Date Joined Jun 2008
Total Posts : 3

Posted 6-11-2008 12:41 (GMT +1)

I've worked out this virus does prevent connection to a DNS server as I typed in the IP address for google.com.au.

I also have updates on files that it does access.

Anything on this?

res://C:\WINDOWS\system32\shdoclc.dll/dnserror.html

I got that from a screen shot of IE while it was loading something.

that is the correct spelling (Don't say something like, you got the slashes around the wrong way for some of them as I'll then have to post the screen shot I took of IE to type that.)

Again I will reinforce that it is not my network setup, as I am connected to the same DNS server as the laptop (i.e. the modem.)

Thanks for your support.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 6-12-2008 5:28 (GMT +1)

Hello

Let´s see what´s running on the laptop -

Click here - ->> http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

--------------------------------------------------------------------------------------------------------

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Wednesday, December 03, 2008 12:43 AM (GMT +1)
There are a total of 64.507 posts in 15.908 threads.
In the last 3 days there were 17 new threads and 84 reply posts. View Active Threads