Help - Search - Members - Calendar
Full Version: Web Site Found. Waiting For Reply...
BleepingComputer.com > Security > Am I infected? What do I do?
   
vconfused
Jul 2 2008, 09:20 PM
I have a computer that was completely infested with malware. It had those fake spyware programs on it, had items that were running with winlogon so that I could not delete them without the use of Killbox, had to use VundoFix, etc. you name it, it probably had it. After running a number of antivirus programs (Avira, avast, etc.) and antispyware (AdAware, Spybot, etc.), I finally removed everything, or so it seems. HiJackThis is not showing anything out of the ordinary, but since the computer does not have access to the Internet I cannot post the log. I can ping IP addresses and domain names (i.e. google.com), but I cannot visit any web sites via Firefox, IE 7, and the antivirus/antispyware programs are unable to connect to the Internet to update.
I tried the following in a number of orders while rebooting between:
uninstalling the network card
netsh winsock reset catalog
netsh int ip reset reset.log
deleting the HKLM\System\CurrentControlSet\Services\Winsock2 key (which then stopped me from pinging even after reboot until I ran the backup.reg file)
sfc /scannow
I tried Reset in Internet Options / Advanced
I turned off all firewalls that I used to help find out what was going on (LavaSoft's and Windows Firewall)
Nothing seems to work.

I can get files to it by burning them onto a CD if I need to.

Does anyone have any ideas as to what I missed? Thanks!!
powerjuce
Jul 2 2008, 09:25 PM
try this

http://www.bleepingcomputer.com/files/hostfix.php

it may be a problem that your host file has been messed up

this will help
vconfused
Jul 2 2008, 11:00 PM
Thanks! I checked the hosts file (C:\Windows\System32\Drivers\ETC\Hosts) and it was last modified in 2004 and it looks fine -- only thing in it is the localhost pointing to 127.0.0.1. Also, unrelated, but I tried with another profile and tried in safe mode. Anything else I can try? Thanks again!
powerjuce
Jul 3 2008, 02:09 PM
Ok, now even i am not sure, there is one tool

This one is an advanced tool, so I am not sure how it will work,

http://www.bleepingcomputer.com/files/lspfix.php

before running it please read this tutorial
vconfused
Jul 3 2008, 06:38 PM
Thanks, but unfortunately that did not work. It said no problems found and had 3 listings: mswsock.dll, winrnr.dll, and rsvpsp.dll. I clicked Finish anyway, but it said no changes have been made and I can still ping, but not access the Internet in any other way that I have tried.

OK, issue resolved, thanks for all of your help! It turned out to be Lavasoft Firewall. Even though I had disabled it and disabled the driver in the network connection's properties, it was still doing something. After uninstalling and rebooting, voila! Thanks again!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.