Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost website access


  • This topic is locked This topic is locked
24 replies to this topic

#1 bugg

bugg

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 January 2010 - 02:27 AM

I was using another site for help removing a virus, false security allerts and popups. Ran MBAM and posted log. Was asked to run combofix and post log as well. When I try to connect to the other site I get the Page Cannot Be Displayed page. (explorer) I get a similar page using mozzilla firefox, both look to be legit. I have no problem connecting to any other website. The problems seem to have disapeared but I never got to post the combofix log. Looking around on other sites I see some people are asked to save combofix under another name but I wasn't asked to do this and don't know if it has any bearing on my current problem. I cannot connect to the site from either computer in the house. They are both on the same wireless router but are not networked. Any help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 01 January 2010 - 08:46 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Please describe the issues you are experiencing with your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 January 2010 - 11:17 AM

Okay, when the original malware hit I would get small popups saying different files were infected and then adds for antivirus software. I would also get them on the lower icon bar. Then it got to where IE wouldn't load, I'd just get a fullscreen popup saying I needed to download an antivirus software with a link. Obviosly fake. I could run firefox for awhile but the popups eventually covered the screen. In safemode with networking IE wouldn't load at all but firefox worked okay. Another site asked me to use MBAM and then post a log. After that log, I was asked to use combofix and post a log. At that point I could no longer access that site to post the log using either web browser. I have no problem accessing any other websites. At this stage my computer seems to be okay but I don't know what else might be left over or missing. As I said, I downloaded combofix to my desktop with it's original name. I've noticed on a couple other sites it says to rename it. I was never asked to do this though and don't know if this caused the problem. What I'd like to know now, is my computer okay?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 01 January 2010 - 11:45 AM

Can you please post me a link to the site/topic where you received help so far?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 January 2010 - 02:46 PM

Can't supply an actuall link as my history and cookies were cleared and I can't even connect to their home page. At the bottom of the forum page I printed out it has , http://www.mytechsupport.ca/forums/index.php?topic=13292.0

The site is Mytechsupport.ca , internet and network services , security and viruses , Topic: Another Virus

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 01 January 2010 - 02:57 PM

At this point I really think the best thing is to figure out why you can't connect to that site so you can continue that topic there since it is still active.

Please download HostsXpert 4.2
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File". Note - if you get an error message, click first "Make Writeable".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 January 2010 - 04:05 PM

okay done. Still can't connect to that site.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 01 January 2010 - 04:23 PM

Please click start > run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab.
Click the LAN Settings button. Make sure Use a proxy server... is UNchecked and click OK twice to exit.

Now please click start > run, type cmd.exe in the runbox and press enter. A command window will open.
At the prompt type ipconfig /flushdns and press enter. You should see a message "succesfully flushed DNS resolver cache..."
Exit the command window when done.

If this still does not do the trick, please let me know how you are connected to the internet (wired/wireless). Please try to be as detailed as possible.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 January 2010 - 05:58 PM

Still nothing. I tried both IE and Firefox.

We are in a rural area and I believe our high speed is supplied via radio signal. We have a dish but I know it's not sattelite. The dish connects directly to a wireless router and that goes to the computers. All computers are connected by wireless , they are not networked to each other. The connection to site problem occurs on both computers allthough the one was never infected. By the way there is also an Xbox live using the same router, wireless as well.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 02 January 2010 - 02:53 AM

Did you try to reset the router? It should have a reset button on the back.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 January 2010 - 11:37 AM

Tried that, still no connecting to that site.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 02 January 2010 - 01:35 PM

It appears your Router/connection is the culprit somehow here.

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.
==========

Please run the following command on both the computers and post the logs.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 January 2010 - 07:57 PM

Well this just gets better and better. I reset the router but I can't connect to the router server. I get the same page as when I try the other site. So, I didn't continue with the next steps.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:38 PM

Posted 03 January 2010 - 03:05 AM

Thats strange...

You may have to contact your Internet Service Provider for that. Please let me know if you are able to do so.

Also, please try the following:

Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.

Edited by elise025, 04 January 2010 - 11:05 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 bugg

bugg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 January 2010 - 04:22 PM

Okay, made a little progress. It turns out the server address was wrong. Should be http://192.168.0.1 So I got to that site and gave it a good password. I went back to post #12 but I don't have network and sharing, just network connections. (windows xp) I don't have Intenet Protocol ver 6 & 4, only Internet Protocol (TCP/IP). I did make sure those settings were set to "obtain automatically". I will run that command line and post the logs in my next post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users