Webbo's World another IT geek's corner of the internet…

Recently had a Vista machine infected with the fake Windows Security Center rubbish, this was cleared relatively easy by running SuperAntiSpyware. We tend to favour MalwareBytes however this was being blocked by the infection (even after renaming mbam.exe to something else). Once SuperAntiSpyware had finished and the system was rebooted we ran MalwareBytes along with some online scanners (TrendMicro Housecall and ESET Online Scanner) to confirm the all clear.

After running the cleanup the system appeared back to normal with no further infections found. Once we loaded IE again (after resetting to default and disabling addons etc) it re-infected the client PC. This was a little frustrating as nothing seemed to pick up any malicious files, we cleared again and re-ran ccleaner to emtpy temp files which must have done the trick as the Internet Explorer Start Menu shortcut failed to load reporting the below:

explorer.exe
The application could not be found

The infection had tagged this shortcut to run the malicious installer upon launching IE. To resolve load regedit and navigate to the below registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
\IEXPLORE.EXE\shell\open\command

You should only see the default path of IE in here (usually C:\Program Files\Internet Explorer\iexplore.exe), if not amend to resolve.

You can also download the following reg file to run that will make the above changes automatically.

iefix.reg (right click + save as) - Note: Only use this if you are sure of what you are doing, playing with the registry can screw things up! This file is mainly for my ease of use.

I recently had to work on a machine that listed 100's of Tunnel adapter's in the ipconfig output which prevented getting the IP information I was after. Having hunted around here's how to clear them.

Problem:

Fix:
A few different google searches did come up with multiple answers, however here's the fix that worked for me running Windows Vista SP1. Be aware that messing with Network Connections if you are not familiar with what you are doing can cause serious problems!

1) Go into the Control Panel via Start - Control Panel
2) Go to System (may want to switch to Classic View via the link on the left hand side of the Control Panel to view all the icons)
3) Select Device Manager
4) In Device Manager click the View menu and Tick 'Show Hidden Devices'
5) Expand Network Adapters
6) You should now see a list of adapters starting with isatap, these are the adapters I removed and it then cleared down the Tunnel list in ipconfig.
7) There were also several 6TO4 adapters that I removed to help the clean up. These are related to the Teredo Tunneling and can also be disabled / removed - Full instructions can be found here to do this (but for those wanting the immediate solution run netsh interface teredo set state disabled from a CMD)