Malware? Security links missing in IE

I was working on a friend’s PC when I noticed that links were missing on some pages that I visited with Internet Explorer.  For example, the big blue button labeled “Download Now” was missing from the Microsoft Security Essentials web page.  Visiting the same page with Firefox showed the blue download  button.   I noticed similar problems at 2 more sites: was missing the download button in IE but not Firefox and was missing the word “Bing” in IE but not Firefox.  See screen captures below.  I suspect malware was selectively blocking links to download anti-malware tools in IE (Firefox seemed not affected).

MS Security Essentials web site in IE - missing the blue download button
MS Security Essentials web page in Firefox with the blue download button web page in IE missing the download buttons web page in Firefox with the download buttons in IE missing the word "Bing" in Firefox with the word "Bing"

Using Firefox I downloaded, installed and ran antivirus and anti-malware programs.  Microsoft Security Essentials reported two threats:  VirTool:Win32/Obfuscator.XY and Virus:Win32/Induc.A

Microsoft Security Essentials - Potential threat details

These antivirus and anti-malware tools found no threats:

  • Malwarebytes
  • Trend Micro House Call – online scan
  • Windows Live OneCare Safety Scanner – online scan
  • Dr. Web CureIt!
  • SUPERAntiSpyware
  • ComboFix

I tried some other fixes like resetting IE browser settings and removing IE8.

I used search engines with keywords like the 2 named threats (VirTool:Win32/Obfuscator.XY and Virus:Win32/Induc.A), obfuscate, missing download links, blocking security software and IE with little success.

I suspect the computer was infected with a malware that was trying to hide it’s tracks and make itself more difficult to remove by hiding download links for malware removal tools.  And what else was this malware doing?  Keystroke logging, identity theft, participating in bot nets?

I repaired the PC with a clean install of the Operating System.

Anybody know more about this issue?

Leave a Reply

Your email address will not be published. Required fields are marked *