Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant access some sites or open IE7 after spyware infection removed


  • Please log in to reply
4 replies to this topic

#1 RTW DC2

RTW DC2

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 November 2008 - 11:34 AM

Hello,

I am having a problem with an XP Home PC. This machine was infected with numerous malware, such as AntispywareXP 2009 as well as many others. I have run several removal tools, such as Spybot, SuperAntispyware, AVG, etc. Everything that has been found has been removed. The registry has been cleaned using HiJackThis. I cannot find any further traces of anything running on the machine. However I think some settings were not fixed after those malware were removed.

The main problem right now is that I cannot access some sites or open IE7. I can use Firefox, and can get to most websites with no problem. However if I try to access a site used for malware cleaning, like www.pctools.com or www.pandasecurity.com, the pages fail to load, even with Firefox. It seems to me whatever malware infected this machine, it prevented access to certain popular malware removal sites. Because of this, I cannot run updates to SpyDoctor or Norton to get current definitions, etc. As far as IE7 is concerned, if you try to open it, it tries to open for briefly but then disappears. This happens in Safe Mode w/ Networking as well.

When trying to ping these sites,for example www.pctools.com, for some reason it tries to ping the loopback adapter 127.0.0.1 instead of the IP address for the site. Yet if I ping www.yahoo.com it pings fine. If I try to ping the actual IP for www.pctools.com, it pings fine. So it seems like some kind of DNS issue or something?? This also happens in Safe Mode w/ Networking as well.

I have checked the HOSTS file, and there are no entries in there. I have checked TCPIP and Internet settings, nothing in there. I have reset winsock, reset TCPIP and Network Connections, checked trusted/untrusted Zones, and nothing has helped. Any other suggestions?

Thank you

Ryan

Edited by RTW DC2, 03 November 2008 - 11:36 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:19 AM

Posted 03 November 2008 - 01:04 PM

Have you tried:
ipconfig /flushdns from the cmd prompt?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 RTW DC2

RTW DC2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 November 2008 - 06:39 PM

tried that and it said it flushed it successfully. but I tried to ping www.pctools.com and it still tries to ping localhost 127.0.0.1 instead. I tried to ping www.yahoo.com and it pings fine.

is it possible the spyware redirected the PC to look somewhere else instead of the HOSTS file? like maybe it created another HOSTS file or something?

Edited by RTW DC2, 03 November 2008 - 06:41 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:19 AM

Posted 03 November 2008 - 08:54 PM

First download ATF cleaner:
http://www.atribune.org/index.php?option=c...5&Itemid=25
I usually use the select all box, but read the instructions for your setup

If it still gives you problems, you can try Dial-a-fix:
http://www.bleepingcomputer.com/forums/t/160132/how-to-use-dial-a-fix-to-repair-windows-internals-problems/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 RTW DC2

RTW DC2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 13 January 2009 - 04:59 PM

back to the top. the last post did not resolve the issue, but I was able to just reimage the drive back to factory and left it like that.

But I have run into this problem again, this time on a different machine. And another co-worker of mine has also experienced this same issue. This time it also appears to be related to AntiSpyware2009. The difference this time I that I CANT RUN scans with most utilities. From what I understand, MalwareBytes is supposed to remove AntiSpyware2009 but it wont even allow me to run the program. Not only can I not access sites like symantec, pctools, spybot, avg, etc, it wont even allow me to execute the icons from the desktop for most of these tools that I have installed from a memory stick. After clicking on the icons, you get an hourglass, and then nothing happens. Task Manager shows the executable running but no GUI comes up. Results are the same in Normal mode as in Safe mode.

I was able to run Ad Aware but it did not correct this problem.

To RECAP...

I cannot access any websites that would be used for removing spyware, viruses, malware, etc. I can access other sites like yahoo and google. I have checked the HOSTS and LMHOSTS file and they are clean. I have flushed DNS, reset winsock and TCPIP. This does not appear to be a browser issue. If I ping these web sites it will only ping them by IP, not by DNS. When pinging their DNS names, it pings 127.0.0.1 instead.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users