Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Connect To Sites & Redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 BassKozz

BassKozz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 27 August 2008 - 12:40 PM

So I am on another computer typing this because I can't connect to BleepingCompter.com from my infected computer. I also can't connect to Safer-Networking.org (SpyBot S&D) and Lavasoft.com (Ad-Aware), just to name a few. Some other sites redirect to Ads.

So I know for a fact I am infected, but I can't download Ad-Aware or SpyBot S&D to diagnose/fix.

I already checked my hosts file (C:\Windows\System32\Drivers\etc\hosts) and it seems fine, it only has 1 uncommented line
127.0.0.1	   localhost
which is how it should be (IIRC).
I also checked my registry (\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath) to make sure it was pointing to the correct hosts file, and it is.

So what else could be blocking and redirecting my traffic?
I assume a rogue process?

Luckily I was able to download HiJackThis and run it (see attached).
Please Help,
-BassKozz

Update: I was able to download Ad-Aware & SpyBot S&D from my clean computer and transfer the files to the infected computer. However when I installed them they were UN-ABLE to connect to their respective servers to get updates, so I assume the definitions aren't up-to-date. I am running Ad-Aware now, and will report back with the results when the scan is complete.
Update 2: Ad-Aware Crashed: Posted Image <---Click to see larger
:thumbsup:
I also noticed that if I ping a url (i.e. ping safer-networking.org) I can get an IP, and when I plug that IP into my browser (FF3) it will connect to the site, but when I click on a link it can't connect (I assume because it reverts back to the hostname, not the IP, and whatever is infecting my rig is causing it to not connect) :)
I will try and run SpyBot S&D now and hope that it doesn't crash :fingers-crossed:
Update 3: SpyBot S&D scan complete: Posted Image <---Click to see larger

WHAT, NO INFECTIONS, this can't be ???

None of the online anti-virus scan's mentioned in the prep guide work on my infected machine (because I can't connect to them from my browser) :), so what do I do next?

Update 4: I guess my only other option is to try McAfee AVERT Stinger, I downloaded this on my working computer and transfered it to the infected one, and I tried scanning, and it just froze after about 20minutes worth of scanning :)
I give up, any idea's anyone ?

Attached Files


Edited by BassKozz, 27 August 2008 - 02:33 PM.


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:43 AM

Posted 10 September 2008 - 07:25 PM

Hello BassKozz :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


I ask that you refrain from running tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


Please perform the following if you can then copy and paste the subsequent logs directly onto the pages by using the Add Reply button.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:43 AM

Posted 15 September 2008 - 10:25 AM

Hi BassKozz :thumbsup:

Checking to see if you still require assistance. Please let me know if you do so we don't close the topic.


Thanks!!!
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#4 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:08:43 AM

Posted 16 September 2008 - 10:02 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users