Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Antivirus Web Sites


  • Please log in to reply
7 replies to this topic

#1 jlawj

jlawj

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 07 March 2009 - 08:58 AM

Help!

I can't access McAfee.com, Microsoft, or any other antivirus web sites. I ran Malwarebytes, hijackthis, and combofix, but still not able to access. I'm in need of someone who, unlike me, knows what they're doing.

Thanks.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:07 AM

Posted 07 March 2009 - 12:25 PM

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.


from the top of this page

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Chewy

No. Try not. Do... or do not. There is no try.

#3 jlawj

jlawj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 07 March 2009 - 12:43 PM

Thanks Chewey... here's the result.

SmitFraudFix v2.400

Scan done at 12:32:42.85, Sat 03/07/2009
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Owner


C:\DOCUME~1\Owner\LOCALS~1\Temp


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 167.206.254.2
DNS Server Search Order: 167.206.254.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FAF51D4E-B25C-4955-9032-B6EB23751985}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FAF51D4E-B25C-4955-9032-B6EB23751985}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FAF51D4E-B25C-4955-9032-B6EB23751985}: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.2 167.206.254.1


Scanning for wininet.dll infection


End

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:07 AM

Posted 07 March 2009 - 06:21 PM

Post any older logs you have from MBAM since the infection, I need some clues.

Update MBAM and run a fresh scan and post that log

Please arrange the logs in order

We do not want any combofix logs posted in this forum, you're having used it inhibits some helpers
Chewy

No. Try not. Do... or do not. There is no try.

#5 jlawj

jlawj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 08 March 2009 - 08:10 AM

I can't update MAMB. In my overlyenthusiatic attempts to engage in self help, I deleted the old logs. I just ran a "quick search". Here is the log. Sometimes I think I'm my own worst enemy.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

3/8/2009 8:09:33 AM
mbam-log-2009-03-08 (08-09-33).txt

Scan type: Quick Scan
Objects scanned: 57759
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:07 AM

Posted 08 March 2009 - 08:43 AM

http://www.gt500.org/malwarebytes/database.jsp

this is new
Chewy

No. Try not. Do... or do not. There is no try.

#7 jlawj

jlawj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 08 March 2009 - 08:51 AM

Thanks.

Ran the scan.

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/8/2009 9:49:18 AM
mbam-log-2009-03-08 (09-49-18).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:07 AM

Posted 08 March 2009 - 09:19 AM

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • Do NOT click scan. GMER does an automatic quick scan when run.
  • Click the copy button on the right side of GMER and then paste into your next reply.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users