Jump to content

Can't figure this virus out

Guest JN

By Guest JN
in Techno Babble

 Share

Recommended Posts

Guest JN

Guest JN

Posted
Posted

I don't know if the computer I am trying to fix just had AntiVirusXP2008 or

something more. I have found the manual removal instructions for AVXP and

that seemed to work except the computer cannot access a whole host of sites.

 

Mcafee.com

Symantec.com

windowsupdate.microsoft.com

PandaSecurity.com

And so on.

 

I can ping the sites fine and tracert fine but when I try to go to them in

IE7 a couple of strange things happen. First, when I try Mcafee.com it

brings me to a google search result page as if I did a google search for

mcafee.com. Then if I click on Mcafee.com link in those results IE7 wiill

give me the error page as if I were not connected to the Inernet.

 

If I try Symantec, Windows Update, Panda Security, or a few other sites I

just get the standard not connected to the Internet page from IE7. Other

sites like going to IBM, Google, MSN, etc appear to be working fine.

 

I have checked the Hosts file to see if this was altered, but it is OK and I

also checked to make sure my DNS server settings were not hijacked and they

were OK showing my ISP's DNS servers. I wanted to be sure it was not the

site so instead of going to PandaSecurity.com and getting blocked I went to

the IP address and was able to browse the site fine. I also ran LSPFix.exe

and there were not any additional protocols installed and HijackThis did not

show any BHOs or anything

 

I have tried to reinstall Panda AV, however it will not restart on reboot.

It is obvious that something is blocking it. This is obviously specifically

blocking Anti-virus programs and sites.

 

Yes, I could just format this computer, but what fun is that.

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Malke

Guest Malke

Posted
Posted

JN wrote:

<span style="color:blue">

> I don't know if the computer I am trying to fix just had AntiVirusXP2008

> or

> something more. I have found the manual removal instructions for AVXP and

> that seemed to work except the computer cannot access a whole host of

> sites.

>

> Mcafee.com

> Symantec.com

> windowsupdate.microsoft.com

> PandaSecurity.com

> And so on.

>

> I can ping the sites fine and tracert fine but when I try to go to them in

> IE7 a couple of strange things happen. First, when I try Mcafee.com it

> brings me to a google search result page as if I did a google search for

> mcafee.com. Then if I click on Mcafee.com link in those results IE7 wiill

> give me the error page as if I were not connected to the Inernet.

>

> If I try Symantec, Windows Update, Panda Security, or a few other sites I

> just get the standard not connected to the Internet page from IE7. Other

> sites like going to IBM, Google, MSN, etc appear to be working fine.

>

> I have checked the Hosts file to see if this was altered, but it is OK and

> I also checked to make sure my DNS server settings were not hijacked and

> they

> were OK showing my ISP's DNS servers. I wanted to be sure it was not the

> site so instead of going to PandaSecurity.com and getting blocked I went

> to

> the IP address and was able to browse the site fine. I also ran

> LSPFix.exe and there were not any additional protocols installed and

> HijackThis did not show any BHOs or anything

>

> I have tried to reinstall Panda AV, however it will not restart on reboot.

> It is obvious that something is blocking it. This is obviously

> specifically blocking Anti-virus programs and sites.</span>

 

Sounds like your computer isn't clean. Unfortunately, some XP Antivirus

infections also include Vundo and/or SDBot trojans, all protected by a

rootkit. Since you didn't specify what manual removal steps you did, here

are my usual instructions about these sorts of infections. My guess is that

you should go for the guided help at this point.

 

Here are removal steps:

 

http://www.bleepingcomputer.com/malware-re...-antivirus-2009

http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions)

 

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

 

These may work for you and all may be well. However, in many cases the

computer will also be infected with Zlob and/or Vundo trojans and protected

by a rootkit. These machines are extremely difficult to clean.

 

If your machine is one of these cases, either get guided help at one of the

specialty forums below OR back up your data and do a clean install of

Windows. It is your choice. If you are unsure how to back up your data or

how to do a clean install, you can take your machine to a local computer

professional. I don't recommend using BigComputerStore/GeekSquad types of

places.

 

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

 

http://aumha.org/downloads/hijackthis.zip

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and

the stickies first .

http://www.atribune.org/forums/index.php?showforum=9

http://aumha.net/viewforum.php?f=30

http://www.bleepingcomputer.com/forums/forum22.html

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html

http://www.malwarebytes.org/forums/index.php?showforum=7

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://spywarewarrior.com/viewforum.php?f=5

http://forums.techguy.org/54-security/

http://forums.tomcoyote.org/

http://www.thespykiller.co.uk/index.php?board=3.0

http://forums.subratam.org/index.php?showforum=7

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "JN" <me@here.com>

 

| I don't know if the computer I am trying to fix just had AntiVirusXP2008 or

| something more. I have found the manual removal instructions for AVXP and

| that seemed to work except the computer cannot access a whole host of sites.

 

| Mcafee.com

| Symantec.com

| windowsupdate.microsoft.com

| PandaSecurity.com

| And so on.

 

| I can ping the sites fine and tracert fine but when I try to go to them in

| IE7 a couple of strange things happen. First, when I try Mcafee.com it

| brings me to a google search result page as if I did a google search for

| mcafee.com. Then if I click on Mcafee.com link in those results IE7 wiill

| give me the error page as if I were not connected to the Inernet.

 

| If I try Symantec, Windows Update, Panda Security, or a few other sites I

| just get the standard not connected to the Internet page from IE7. Other

| sites like going to IBM, Google, MSN, etc appear to be working fine.

 

| I have checked the Hosts file to see if this was altered, but it is OK and I

| also checked to make sure my DNS server settings were not hijacked and they

| were OK showing my ISP's DNS servers. I wanted to be sure it was not the

| site so instead of going to PandaSecurity.com and getting blocked I went to

| the IP address and was able to browse the site fine. I also ran LSPFix.exe

| and there were not any additional protocols installed and HijackThis did not

| show any BHOs or anything

 

| I have tried to reinstall Panda AV, however it will not restart on reboot.

| It is obvious that something is blocking it. This is obviously specifically

| blocking Anti-virus programs and sites.

 

| Yes, I could just format this computer, but what fun is that.

 

 

 

You probably are still infected with the RootKit payload that often acoompanies this.

 

 

 

Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

Then post the contents of the HJT log in your post in one of the below expert forums...

 

{ Please - Do NOT post the HJT Log here ! }

 

Forums where you can get expert advice for HiJack This! (HJT) Logs.

 

NOTE: Registration is REQUIRED in any of the below before posting a log

 

Suggested primary:

http://www.thespykiller.co.uk/index.php?board=3.0

 

Suggested secondary:

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://www.malwarebytes.org/forums/index.php?showforum=7

 

Suggested tertiary:

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.atribune.org/forums/index.php?showforum=9

http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://forum.networktechs.com/forumdisplay.php?f=130

http://forums.maddoktor2.com/index.php?showforum=17

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.spywareinfo.com/index.php?showforum=18

http://forums.techguy.org/f54-s.html

http://forums.tomcoyote.org/index.php?showforum=27

http://forums.subratam.org/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://aumha.net/viewforum.php?f=30

http://makephpbb.com/phpbb/viewforum.php?f=2

http://forums.techguy.org/54-security/

http://forums.security-central.us/forumdisplay.php?f=13

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest ~BD~

Guest ~BD~

Posted
Posted

Have you tried Malwarebytes? www.malwarebytes.com

 

If not, give it a try!

 

HTH

 

Dave

 

--

"JN" <me@here.com> wrote in message news:%237hx93aHJHA.1432@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

>I don't know if the computer I am trying to fix just had AntiVirusXP2008 or something more. I have

>found the manual removal instructions for AVXP and that seemed to work except the computer cannot

>access a whole host of sites.

>

> Mcafee.com

> Symantec.com

> windowsupdate.microsoft.com

> PandaSecurity.com

> And so on.

>

> I can ping the sites fine and tracert fine but when I try to go to them in IE7 a couple of strange

> things happen. First, when I try Mcafee.com it brings me to a google search result page as if I

> did a google search for mcafee.com. Then if I click on Mcafee.com link in those results IE7 wiill

> give me the error page as if I were not connected to the Inernet.

>

> If I try Symantec, Windows Update, Panda Security, or a few other sites I just get the standard

> not connected to the Internet page from IE7. Other sites like going to IBM, Google, MSN, etc

> appear to be working fine.

>

> I have checked the Hosts file to see if this was altered, but it is OK and I also checked to make

> sure my DNS server settings were not hijacked and they were OK showing my ISP's DNS servers. I

> wanted to be sure it was not the site so instead of going to PandaSecurity.com and getting blocked

> I went to the IP address and was able to browse the site fine. I also ran LSPFix.exe and there

> were not any additional protocols installed and HijackThis did not show any BHOs or anything

>

> I have tried to reinstall Panda AV, however it will not restart on reboot. It is obvious that

> something is blocking it. This is obviously specifically blocking Anti-virus programs and sites.

>

> Yes, I could just format this computer, but what fun is that.

>

>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...