Please help with Lenovo _cpnprt2 trojan

[John Suchy]

I will go to the link and uninstall IE8 and install IE7
Hope it works. This may take until tomorrow.
I will report back. Thanks for your continued effort on my behalf.

[John Suchy]

Currently operating with IE7
Still no information Bar @ windowsupdate
There is a update ready to install IE8 from Microsoft
Awaiting your reply to continue.

[John Suchy]

I went to adobe.com and installed adobe flash player, the information bar showed up and the player installed.
I returned to the windows update site the address in the browser resolved to
HTTP://update.microsoft.com/microsof...ult.aspx?ln=en
the following links were inaccessable
Microsoft update home
review your update history
restore hidden updates

am I in a cloned microsoft page?

[chemist]

Sorry John Suchy. I failed to receive notification of your last two replies. It happens sometimes if you make multiple replies too close together.

When you say inaccessible, do you mean the links are grayed out? Can you post a screenshot? Do you receive any error messages?

[John Suchy]

Good evening Chemist,

Sorry for the multiple post so close together.

I was excited about the removal of IE8 and the fallback to IE7.
I thought thatthis would surely work but alas....
I am afraid I cannot make a screenshot. The Website displays the page
with the three references grqayed out. The other links do take me to some content. I just noticed this last night. The computer Has the yellow shield
and when I click on it and go to Custom it is ready to update to IE8.
As I mentioned I does reference That it wants to install an activex control
which I have seen MANY times however the information bar does not display.
Given the anonimity of the internet I became suspicious and took notice of the greyed out links.

[chemist]

Hello again, John Suchy. Go Tools > Add-ons > Enable or Disable Add-ons...

Look through all categories for MUWebControl Class

Is it enabled? If not, enable it, reboot. Any difference?

------------------------------------------------------

If still no joy...

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups2.dll
regsvr32 /s wups.dll
regsvr32 /s wuweb.dll
net start wuauserv

Save this Notepad file as register.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on register.bat & allow it to run. You may delete the file afterwards.

Let me know if you are able to install the Windows Updates.

------------------------------------------------------

[John Suchy]

Good morning Chemist !!!

I found that the Muwebcontrol class (muweb.dll) was indeed disabled.
Created register.bat and executed.
Went to the windows update site. The computer searched for updates.
IE8 was listed as critical.

I did not see the information bar, but perhaps if the contol was already installed the program did not need to set it.
Yesterday or the day before the infomation bar did appear on the adobe website for the flash player.
the review updates link was not greyed out.
microsoft update home was greyed
restore hidden updates was greyed.
Before this fix the computer did not search for required updates and now it did
Update to IE8?
Thank You again for all your efforts on my behalf
I can understand the terse warning to not make changes on my own
and found your method of analysis excellent.

[chemist]

Hello again, John Suchy. Yes, update to IE8 if you want it back, let me know, and I will give you some final instructions.

[John Suchy]

Good afternoon Chemist,
Installation to IE8 completed
Thank you

[chemist]

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• How Did I Get Infected In The First Place? by TonyKlein
• How to Prevent Malware by miekiemoes

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an add-on available for both Firefox and IE.
  
• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  
• MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

[chemist]

As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------