Sound familiar? Well, the laptop isn't mine, but I'm trying to clean it up for a friend. I've gotten about 15 viruses and crap off of it so far, using Hitman Pro, Clamwin, and a lot of other malware/virus cleaning utilities. The computer is faster, there aren't as many annoying popups, but it will not let IE access the internet. I can ping a website, the built in wifi shows a connection to the net, but I simply cannot get on the internet.

If you have any idea what may be causing this, please let me know. All brainstorming/help/suggestions are welcome.

When cleaning malware, I typically follow this guide (that is, unless it's just easier to reinstall XP). There's a lot of tools like HiJackThis, CCleaner, etc that can help make sure you're clean and that the registry has been repaired/cleaned.

Did you try installing and using firefox? I'm curious if it's an IE specific problem. Also, is there a firewall installed that might be preventing IE from having an external connection?

Also, on XP, I typically install Startup CPL. It shows what things are starting at boot and you can just uncheck the box next to things to get them to stop loading. Sometimes that's a good way to stop malware from loading on boot.

And then opening task manager (CTRL+ALT+Delete) and then google each of the processes you don't recognize.

I would recommend starting with HiJack This. This will let you identify everything that is running in the system or is in the registry that could be a problem. Then, you work through the list to find the bad things, and google for solutions to removing them.

Blindly applying tools without consideration for exactly how a particular piece of malware assaults the system can quickly lead to an unbootable system.

The first thing I do is scanning the lap from a clean rescuecd boot (linux, of course) where I start a nfs or samba server to make the ntfs-3g r/w mounted system partition available for external scanners - clamav and avg for linux. That way rootkits can't hide malware, and I can clean system restore folders as well.
Of course, I may as well have a peek at the windows hosts file for cleaning that one as well.

Later on, after restarting windows, most probably there are remainders in the registry producing non-critical errors giving the hint which entry to remove or which directory to wipe completely. Often enough a sfc /scannow and doing a browser reset will fix the remaining problems.
I always try to convince users to use a non-admin account for mailing and surfing, install firefox and spybot s&d with teatimer active, if they don't have a proper anti-malware tool yet.
Sometimes they even agree to sacrifice part of the windows partition for at least a "emergency" linux install.
After all, moving personal files to a separate partition for easy reinstalls if necessary, is a good idea as well.

The first problem I see with HiJack This is that the "analyze this" button trys to take me on the net. Which is my problem in the first place...

I take it that your friend runs it as an Administrator?

Uh huh. Don't spend too much time on it now because in a couple of days you'll be doing it all again.

I send the few relatives that don't listen to me to "Geek Squad," again and again and again until they finally get tired of paying all that money. Then they log-on as limited users, on a freshly installed and up-to-date XP, and their problems go away.

Oh, every now and then you'll see where a nefarious program splinters itself against the tough steel walls, but most virus-writers today have figured out how to make their programs "just go away" when they realize that the user isn't stupid after all.

Thats what I like to do, but people don't seem to want to loose their data, or, in that case, make backups. It's Dell so the Operating System cd is there along with drivers and utilities but they just won't let me clear it off and start again. Thats what I did for my parent's notebook a while ago. Password on Admin account, run in limited account. But no...

I found that one of the files mentioned by HiJack This tends to be related to the zlob trojan. So, I downloaded SpyHunter 3 Security Suite and had it scan. It found 21 of the Zlob trojan and 9 of the "Rogue.Virus Response Lab 2009". Problem is, you have to pay to have them removed. Know another utility that I can get rid of these with?

What about trendmicro's free online scanner? Of course that means you have to have some browser that works.

You should google for tools and instructions to remove the particular pieces of malware you find. Some of them will hook dlls and if removed incorrectly will leave you with a damaged registry and an unbootable system. In fact, if you can't bring your network up, that may mean that some piece of malware has hooked the tcpip stack and was then improperly removed. You might have a wonderful time fixing it.

Properly cleaning up a badly infested windows machine can take awhile, and requires you to be careful.

Google is your friend.

http://www.removal-instructions.com/...ojan.zlob.html

Trojan.Zlob Manual Removal Instructions

So you've discovered that you've been infected with Trojan.Zlob or other types of spyware. Now you want to manually remove it and prevent further damage to your computer. To remove Trojan.Zlob or other malware components, please follow the instructions below.

Note: This Trojan.Zlob manual removal process is difficult and you run the risk of destroying your computer. We highly recommend you use SpyHunter's malware scan.
Find and Stop Trojan.Zlob Processes:
nvctrl.exe
msmsgs.exe


Find and Unregister Trojan.Zlob DLL Files:
dtjby.dll
antzozc.dll
uimcu.dll

Find and Remove Trojan.Zlob registry values:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe



Find and Delete Trojan.Zlob Files:
nvctrl.exe
msmsgs.exe
hp[X].tmp
msvol.tlb
ncompat.tlb
RSA
Protect
vnp7s.net
zxserv0.com
dumpserv.com
dtjby.dll
antzozc.dll
uimcu.dll

Hey Jim. What about a repair install in such a situation? I don't use Windows so much as I used to, but doesn't a repair install pretty much do a reset no matter how badly things are borked?

NEVER EVER try a repair install of Windows UNTIL AND UNLESS the system is COMPLETELY CLEANED UP, AND the filesystem is in good shape.

That registry is a real furball. Things are tied together all over the place in there and it is a real serious single point of failure. If the system is not clean (meaning "uninfected") to begin with, you have no idea at all what you'll have after doing the repair install. But more than likely it won't be what you expected or wanted.

This looks like a very helpful and accurate post. I just have one problem. I've learned all of my computer knowledge in Linux, not Windows. When I used windows, i was just a user, a plain old gamer. I have no idea how to mess around with the inner workings of the XP operating system. Deleting files and all is easy enough, but where to find .dll files, and how to "unregister" them, I have no idea. Could you possibly provide more specifics as to how I should go about doing this?

Use the find utility to locate the files to delete. Use regedit to edit the registry. Be very careful when you do that.