www.ultimatehandyman.co.uk

Have an odd problem. Internet explorer is not working. It won't connect to any web page. Broadband is worling ok as others can use it. Also my email is fine (via outlook), When I do CMD->IPCONFIG there are value to the IP address

I suspect a virus as AVG keeps says it finds problems with ntfs.sys

Anbody experience this before ?

Are you by any chance using windows xp and IE 7. I have treated a few pcs with the above situation and its been ie7 that just gives up for some reason best know to itself.

I dont know what the solution was for ie7 apart from removing it or changing to firefox.

In my veiw firefox is a better browser then ie and a lot of ppl will agree. I know when i look at the visitors stats to my website 70-75% of them are browsing with firefox.


As for AVG having problems with ntfs.sys that is a strange one, yes it can get corrupted if your hard drive is failling but virus infection doesnt seem to be know of. Thinking about it your drive going faulty could be related to ie promlems as well. Might be a good idea to run a disk check on yr hard drive to find errors.


Paul

Yeah, i have not seen this before.

Its a pain as I don't have web access so can't download another browser.

Our IT guys in work quite like Google Chrome but again its an install, you can't download a .exe file so I can burn it and install it at home

Was thinking if moving the ntfs.sys file so the OS should do a restore from an older version, buts its dangerous to fanny about with sys files

If you move your ntfs.sys file you system wont boot plain and simple and you would have to do a file rcovery/repair using your windows cd.

You could run a system restore but that might or might not solve the problem.


What exactly is avg saying ? is it anything like

c:\windows\system32\drivers\ntfs.sys infected with Trojan Horse Rootkit-Pakes.M


Paul

I thought that the boot up process will look for the last good system point and take it from there?

and if its a problem you can start in a command prompt and move the file back to its proper folder.

although, I don't think I will try it in case I totally screw up my PC

I will try get the exact error when I get home

John if you drop me a pm with your email i will email you firefox its less than 10mb so should go through

good idea, am downloading it now from my work PC and will sent it home,

thanks for the offer though

I might try avast also and remove AVG as it does seem to be able to remove the errors

If the infection has got into the ntfs.sys all antiviruses will do is try to remove ntfs.sys. The fact avg hasnt shiffted it isnt down to it being no good but more its still allowing you to run your system, if it had done its scan and just deleted ntfs.sys the next time you rebooted you would be non the wiser.


Paul

could be DNS resolution issues

in the control panel, go to network
local area connection
right click properties
Click on TCP/IP properties
manually set DNS servers to 208.67.222.222 and 208.67.200.200

see if that works for you

Hi I found the source of the problem. I have a virus on my PC called "PC Spyware 2010". It hyjacks your browser. I can browse the web now but the web pages are getting redirected all the time, so if you try down load a fix, the web page gets blocked by the virus

I will try email the fix to myself from my work pc

John,
This may help you remove it manually:

http://www.411-spyware.com/remove-pc-an ... -to-remove


You can download SuperAntiSpyware and save it to your desktop. Once the .exe file is on your desktop, right click it and select 'Rename'. Call it 'Johns Mover' or what ever and install it then open and update it and run a full scan. Remove EVERYTHING that it finds.

Then download Malwarebytes AntiMalware and save it to your desktop , as above. Rename it 'Daves Shifter' or whatever and install it. Then open it and check for updates then run a full scan. Remove EVERYTHING that it finds.

Please post back with the results.

dave

thanks Dave, I have a very similar instructions which I have printed out.

Will give it a go this evening.

These saddos who write this stuff need to get out of the mum's basement and find a life

ok eventually got that problem sorted out. Bugger of a virus

It won't let you connect to any antivirus page, it just redirects your browser. Even if you install Avast / Avg / Malwarebytes the virus prevents the programs from updating their data base with latest updates.

Only way round it was o start in Safe mode, manually go through the steps or removing most of the virus to prevent it automatically registering the dlls and self installing etc. You then have to restart in safemode, install Avast and Malwarebytes. Only then can you download the virus/malware definitions updates

Finally did a full scan and found loads of nasty little bugs on my PC.

The corrupted ntfs.sys file is a trojan, as its not in the correct windows directory but is in regestered in the windows registry

All looks ok now

Good to know you got it all sorted John,

I had to format a pc last week where someone had installed a key logger, since its hidden in god knows where all i could do was format to ensure it was gone, only reason i knew it was there was the original install file was still left in the temp directory and that was picked up by virus scan

John,
Keep both Malwarebytes and SuperAntiSpyware on your computer as they are very hand programs. Just open to check for updates every couple of days so that you are prepared in case of any other virus problem. Run each one on a weekly basis to check that nothing is getting past your real time protection.

If you open SAS and click the preferences button, in the window that opens click on 'General & Startup' tab. In the first section 'Startup Options' untick the frist three boxes as you don't want it starting at bootup because it does not provide real-time protection.

Click the 'Repairs' tab and just for reference, look at all the repairs it can perform by returning bits of programs back to default after a virus has taken over them.

dave