Posted 02 April 2009 - 03:13 AM
Many thanks in advance for any help offered here. I'm running Win XP on a desktop computer (AMD) and have contracted some form of malware that blocks (or redirects?) updates to Norton Antivirus, Spybot S&D, Malwarebytes, etc. Windows updates are redirected to google (a ping of update.microsoft.com becomes 18.104.22.168, which, when entered into a browser, is a Google page (or copy?!). In addition to these frustrations, I'm getting pop-up ads from a variety of sources - zedo, webtrends live, fastclick, burst media, ad revolver, ad yield manager, directclick, etc...
I can't say if I first noticed this just before or just after a recent computer rebuild (MB, CPU, RAM, Video), but I've done several fresh re-installs of windows since, taking ever more stringent measures to prevent a re-occurence of this problem - but unsucessfully. Prior to, and between some, installs, I've run full scans with updated (manual updating via another computer & USB stick) Norton Internet Security / Antivirus 2009, Malwarebytes, Spybot Search and Destroy, Ad Aware, MS malicious software remover, Trojan Remover, and none has found anything bar the odd tracking cookie, which I've deleted. Whatever is there is well camouflaged! Interestingly however, following the Norton help dialog, after unsuccessfully running live update, running their DNS poisoning tool followed by an automated updater on the same page, allowed it to update. I still can't update via the usual 'live update' button however.
Though I've taken the computer through to XP SP3 on previous installs, I've done nothing this time bar installing chipset drivers, then Norton Antivirus, then the ethernet drivers. I connect to the internet via an ADSL router - wired to the desktop, wireless for my laptop (vista - no signs of infection). The only other connection to the router is a NAS device - two HDD's (D-link DNS-323). The wireless is running under WEP, and the router has active MAC address filtering.
Prior to this most recent re-install, to reduce the number of supects to what I though would be almost zero!, I disconnected all HDD's in this computer bar the one I've installed the OS on, disconnected the NAS device from the router, shutdown the laptop (which connects to the router wirelessly), booted with a UBCD into a DOS environment, blitzed the MBR on this disk (wrote zeros to it; and the EMBR??), re-started, flashed my BIOS (ASUS M4A78 PRO MB) from DOS with the easyflash ASUS utility (and a BIOS update on CD), then put the Windows XP install CD in, and had it do a full NTFS format (and partitioning, since I wiped the MBR) before installing the OS. Subsequently, as I said, I installed the ASUS chipset drivers, from CD, then Norton, then the ethernet drivers (from the same ASUS CD), and ran the network setup wizard to connect it to the internet via my router. Before it had even finished setting up the 'home network' - or connecting to it rather, I opened up a cmd prompt and pinged Microsoft update - same result - 22.214.171.124! Now, I've not considered that it may be possible for a virus / trojan to get into a router?! Is this possible?, or am I missing some other very cunning hiding place (assuming my official ASUS CD is virus free!!).
Thanks again - I look forward to hearing from anyone that is able to crack this nut.