|
Posted by FlDave on September 8, 2008, 2:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
We had a virus/spyware attack on my Dad's computer. An image
automatically loaded to the computer about the system has a virus and
he should click here to get it removed. Thankfully, he didn't. I
think it was called something like Anti Virus XP 2008. Anyway, Spybot
and SuperAntiSpyware helped, but not perfect.
Now he can get to many sites (mlb.com, yahoo.com, etc), but not get to
any of the anti-virus (AVG), anti-spyware or securtiy sites, or even
Windows Update. He gets the Page Not Found message.
I've deleted all the entries in the hosts file, that didn't help.
After the fact, I installed Firefox and the same thing happens.
I suspect somewhere some program is intercepting requests and routing
them back to the localhost. I was able to find AVG's IP address and
can ping it and when I use that in the address line, I can get there.
But avg.com, nope.
I also went into the router and checked that but I don't see anything
that would reroute those requests.
Any help is appreciated!
Dave
|
|
Posted by ~BD~ on September 8, 2008, 4:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> We had a virus/spyware attack on my Dad's computer. An image
> automatically loaded to the computer about the system has a virus and
> he should click here to get it removed. Thankfully, he didn't. I
> think it was called something like Anti Virus XP 2008. Anyway, Spybot
> and SuperAntiSpyware helped, but not perfect.
>
> Now he can get to many sites (mlb.com, yahoo.com, etc), but not get to
> any of the anti-virus (AVG), anti-spyware or securtiy sites, or even
> Windows Update. He gets the Page Not Found message.
>
> I've deleted all the entries in the hosts file, that didn't help.
> After the fact, I installed Firefox and the same thing happens.
>
> I suspect somewhere some program is intercepting requests and routing
> them back to the localhost. I was able to find AVG's IP address and
> can ping it and when I use that in the address line, I can get there.
> But avg.com, nope.
>
> I also went into the router and checked that but I don't see anything
> that would reroute those requests.
>
> Any help is appreciated!
>
> Dave
Hi Dave :)
Maybe you should try scanning with MBAM available here:-
http://www.malwarebytes.org/
A new version launched ............. today!
Let us know if it helps.
Dave (aka ~BD~)
|
|
Posted by Malke on September 8, 2008, 4:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
FlDave wrote:
> We had a virus/spyware attack on my Dad's computer. An image
> automatically loaded to the computer about the system has a virus and
> he should click here to get it removed. Thankfully, he didn't. I
> think it was called something like Anti Virus XP 2008. Anyway, Spybot
> and SuperAntiSpyware helped, but not perfect.
>
> Now he can get to many sites (mlb.com, yahoo.com, etc), but not get to
> any of the anti-virus (AVG), anti-spyware or securtiy sites, or even
> Windows Update. He gets the Page Not Found message.
>
> I've deleted all the entries in the hosts file, that didn't help.
> After the fact, I installed Firefox and the same thing happens.
Your system is infected with a rogue antivirus program. It is called "rogue"
because it pretends to be A Good Guy but is really Evil. Do not pay them!
Here are removal steps:
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions)
These may work for you and all may be well. However, in many cases the
computer will also be infected with Zlob and/or Vundo trojans and protected
by a rootkit. These machines are extremely difficult to clean.
If your machine is one of these cases, either get guided help at one of the
specialty forums below OR back up your data and do a clean install of
Windows. It is your choice. If you are unsure how to back up your data or
how to do a clean install, you can take your machine to a local computer
professional. I don't recommend using BigComputerStore/GeekSquad types of
places.
PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.
http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ
|
|
Posted by FromTheRafters on September 8, 2008, 9:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> We had a virus/spyware attack on my Dad's computer. An image
> automatically loaded to the computer about the system has a virus and
> he should click here to get it removed. Thankfully, he didn't. I
> think it was called something like Anti Virus XP 2008. Anyway, Spybot
> and SuperAntiSpyware helped, but not perfect.
>
> Now he can get to many sites (mlb.com, yahoo.com, etc), but not get to
> any of the anti-virus (AVG), anti-spyware or securtiy sites, or even
> Windows Update. He gets the Page Not Found message.
>
> I've deleted all the entries in the hosts file, that didn't help.
> After the fact, I installed Firefox and the same thing happens.
>
> I suspect somewhere some program is intercepting requests and routing
> them back to the localhost. I was able to find AVG's IP address and
> can ping it and when I use that in the address line, I can get there.
> But avg.com, nope.
>
> I also went into the router and checked that but I don't see anything
> that would reroute those requests.
>
> Any help is appreciated!
Another place for looking up IP addresses associated with
given domain names (like the hosts file) is the Domain Name
Server (DNS). Usually you don't have to do anything with
that setting in your network connections dialog, but it may
be that malware has changed your primary and/or secondary
(alternate) DNS server settings.
Malware removal programs couldn't very well set it back to
what it is supposed to be because it has no way of knowing
what it was supposed to be.
Ask your ISP what the settings are supposed to be for your
account.
Go to your network icon. Mine is located at:
click start - hover over "connect to" - click on view all
connections - right click on the desired connection icon
- click on properties - click on "Internet Protocol (TCP/IP)"
- click on properties - at the bottom of this dialog I have
"Obtain DNS server address automatically" radio button
checked.
(XP Pro / RoadRunner)
My old dialup account had actual addresses in those lower
fields Win9x/Linux / monad.net (a local provider)
Follow Malke's advice, and if you still experience DNS problems
afterward - maybe this is why.
|
|
Posted by The Real Truth MVP on September 8, 2008, 11:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm
--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.
> We had a virus/spyware attack on my Dad's computer. An image
> automatically loaded to the computer about the system has a virus and
> he should click here to get it removed. Thankfully, he didn't. I
> think it was called something like Anti Virus XP 2008. Anyway, Spybot
> and SuperAntiSpyware helped, but not perfect.
>
> Now he can get to many sites (mlb.com, yahoo.com, etc), but not get to
> any of the anti-virus (AVG), anti-spyware or securtiy sites, or even
> Windows Update. He gets the Page Not Found message.
>
> I've deleted all the entries in the hosts file, that didn't help.
> After the fact, I installed Firefox and the same thing happens.
>
> I suspect somewhere some program is intercepting requests and routing
> them back to the localhost. I was able to find AVG's IP address and
> can ping it and when I use that in the address line, I can get there.
> But avg.com, nope.
>
> I also went into the router and checked that but I don't see anything
> that would reroute those requests.
>
> Any help is appreciated!
>
> Dave
|
| Similar Threads | Posted | | windows update blocked... | February 4, 2006, 4:01 pm |
| MS URL / restricted sites query ? | January 23, 2008, 11:39 am |
| Re: Trouble connecting to certain sites with IE7 | March 5, 2008, 3:04 pm |
| Cannot access certain sites like Google, Hotmail | August 7, 2005, 11:36 pm |
| Reporting Malware Infested Sites | September 20, 2008, 8:32 am |
| Flash Player security update is available; Security Bulletins released by Adobe | July 10, 2007, 7:29 pm |
| windows update will not run | October 10, 2008, 2:19 am |
| Windows Update not responding | May 1, 2006, 7:56 pm |
| Windows Defender update... | August 22, 2006, 7:06 pm |
| Re: windows update proublem | May 3, 2008, 2:27 am |
|
XML site map