Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Fails to load Security Related Sites


  • Please log in to reply
3 replies to this topic

#1 Zell Faze

Zell Faze

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 27 February 2010 - 07:57 PM

I have been working with a computer infected with several viruses for the better part of the day now. I believe I have almost everything cleaned off.

Table of Contents
I. Notable Events
II. Current Problem
III. Attempted solutions
IV. Specs

Notable Events:

Events:
  • Computer was sent to me.
  • Booted and found it was infected with Malware.
  • Ran ClamWin Portable
  • Removed 2 files from memory
  • Attempted and Failed to insall AVG Free.
  • Ran Spybot S&D off Hiren Boot CD
  • Installed Spybot S&D
  • Ran Spybot S&D in Time Critical Mode.
  • Removed reported problems (could not remove changes to Hosts file)
  • Installed Malware Bytes
  • Ran Malware Bytes Quick Scan
  • Removed reported problems.
  • Ran Malware Bytes Full Scan
  • Removed Reported Problems
  • Ran Spybot S&D
  • Failed to fix Hosts File.
  • Booted into safe mode
  • Ran Spybot S&D
  • Failed to fix Hosts file
  • Booted into BackTrack Linux
  • Modified Hosts file to match original Windows Vista Hosts file
  • Booted into Windows
  • Ran Spybot S&D
  • Host file is not reported as a problem
  • Opened Host file to confirm.
  • Host file is clean.
  • Used System Internals Process Explorer to find and remove My Security Wall
  • Ran ClamAV
  • System is Clean
  • Ran Malware Bytes
  • System is Clean
  • Ran SpyBot S&D
  • System is Clean
Notes:
  • Internet Explorer was originally set to use a proxy on the localhost
  • Security related websites time out or are redirected.
  • Anti-virus will not update. Installed updates manually.
  • They did have a copy of McAfee at one point, they removed it though as per the instructions of the Scareware Vista Antispyware 2010.
  • This un-installation was only partially successful. Some components of McAfee are still present on their system.
Found Viruses (that I remember)
  • Hotbar
  • My Security Wall
  • Vista Anti-virus 2010
  • Something that began with a Z that is rather common, but for the life of me I can't remember the name.
  • Spybot S&D fixed 50 some entries total.
  • Malware Bytes fixed 70 something entries total.
Current Problem
  • Security related websites fail to load.
    • malwarebytes.org Resolves to 93.188.162.18.static.ukrtelegroup.com.ua (93.188.162.18)
    • bleepingcomputer.com Resolves to 93.188.162.18.static.ukrtelegroup.com.ua (93.188.162.18) and Non-Authoritative Answer 208.43.87.2
    • Websites load if Freegate is used to proxy connections
  • Anti-Virus fails to update.
    • Believed to be casued by the same thing as problem #1
Attempted Solutions
See Notable events for the full list of events that brought me to this point.
  • Ran ClamAV
  • Ran Spybot S&D
  • Ran Malware Bytes
  • Manually removed Vista Antispyware 2010
  • Manually removed My Security Wall
  • Manually modified C:\\Windows\System32\drivers\etc\HOSTS
  • Original hosts file can be found here http://pastebin.org/98735
Specs:

In a nutshell:
32-bit Windows Vista Home Premium
Service Pack 1
4 GB RAM
Intel Core 2 Duo @ 2.40 GHz

Full Specs:
Dell XPS M1530 Notebook
http://www.notebookreview.com/default.asp?newsID=4135

Edited by Orange Blossom, 27 February 2010 - 08:19 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:17 PM

Posted 27 February 2010 - 08:21 PM

Hello,

You've provided a very detailed and clear description of your issues etc. Given everything that you have done, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. Please be sure to include all the information in the post above in the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Zell Faze

Zell Faze
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 27 February 2010 - 08:30 PM

I was actually in the middle of generating the logs, I planned to post them in a reply.

I will begin a new topic as per your instructions. The log files are posted on Pastebin. I hope this will not be a problem. If it is I will just download them to this computer and upload them again to attach them to the post.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:17 PM

Posted 27 February 2010 - 08:43 PM

Hello,

It is best to copy and paste the logs directly into the the text box area excepting for that we ask you to attach such as the Attach text.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users