Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Fails to load Security Related Sites


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zell Faze

Zell Faze

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 27 February 2010 - 08:35 PM

I have been working with a computer infected with several viruses for the better part of the day now. I believe I have almost everything cleaned off.

Table of Contents
I. Notable Events
II. Current Problem
III. Attempted solutions
IV. Specs
V. Log Files

Notable Events:

Events:
  • Computer was sent to me.
  • Booted and found it was infected with Malware.
  • Ran ClamWin Portable
  • Removed 2 files from memory
  • Attempted and Failed to insall AVG Free.
  • Ran Spybot S&D off Hiren Boot CD
  • Installed Spybot S&D
  • Ran Spybot S&D in Time Critical Mode.
  • Removed reported problems (could not remove changes to Hosts file)
  • Installed Malware Bytes
  • Ran Malware Bytes Quick Scan
  • Removed reported problems.
  • Ran Malware Bytes Full Scan
  • Removed Reported Problems
  • Ran Spybot S&D
  • Failed to fix Hosts File.
  • Booted into safe mode
  • Ran Spybot S&D
  • Failed to fix Hosts file
  • Booted into BackTrack Linux
  • Modified Hosts file to match original Windows Vista Hosts file
  • Booted into Windows
  • Ran Spybot S&D
  • Host file is not reported as a problem
  • Opened Host file to confirm.
  • Host file is clean.
  • Used System Internals Process Explorer to find and remove My Security Wall
  • Ran ClamAV
  • System is Clean
  • Ran Malware Bytes
  • System is Clean
  • Ran SpyBot S&D
  • System is Clean
Notes:
  • Internet Explorer was originally set to use a proxy on the localhost
  • Security related websites time out or are redirected.
  • Anti-virus will not update. Installed updates manually.
  • They did have a copy of McAfee at one point, they removed it though as per the instructions of the Scareware Vista Antispyware 2010.
    • This un-installation was only partially successful. Some components of McAfee are still present on their system.
Found Viruses (that I remember)
  • Hotbar
  • My Security Wall
  • Vista Anti-virus 2010
  • Something that began with a Z that is rather common, but for the life of me I can't remember the name.
  • Spybot S&D fixed 50 some entries total.
  • Malware Bytes fixed 70 something entries total.
Current Problem
  1. Security related websites fail to load.
    • malwarebytes.org Resolves to 93.188.162.18.static.ukrtelegroup.com.ua (93.188.162.18)
    • bleepingcomputer.com Resolves to 93.188.162.18.static.ukrtelegroup.com.ua (93.188.162.18) and Non-Authoritative Answer 208.43.87.2
    • Websites load if Freegate is used to proxy connections
  2. Anti-Virus fails to update.
    • Believed to be casued by the same thing as problem #1
Attempted Solutions
See Notable events for the full list of events that brought me to this point.
  • Ran ClamAV
  • Ran Spybot S&D
  • Ran Malware Bytes
  • Manually removed Vista Antispyware 2010
  • Manually removed My Security Wall
  • Manually modified C:\\Windows\System32\drivers\etc\HOSTS
Specs:

In a nutshell:
32-bit Windows Vista Home Premium
Service Pack 1
4 GB RAM
Intel Core 2 Duo @ 2.40 GHz

Full Specs:
Dell XPS M1530 Notebook
http://www.notebookreview.com/default.asp?newsID=4135

Log Files:
DDS Log: http://pastebin.com/98745
DDS Attach Log: http://pastebin.com/98746
ark.txt Log: http://pastebin.com/98753

If there is anything else you need, or if you would like me to download and attach these log files as files. Please let me know.

BC AdBot (Login to Remove)

 


#2 Zell Faze

Zell Faze
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 27 February 2010 - 08:42 PM

Problem Resolved!

I feel rather stupid now actually.

I decided to take a look at the IP settings for the NIC. There was my problem.
  • Opened up Network Center
  • Went to network interfaces.
  • Loaded the properties for my active NIC
  • Went to the properties for TCP/IPv4
  • Found these as custom DNS servers.
    • 93.188.162.18
    • 93.188.161.35
  • Switched it over to obtain DNS servers automatically
  • Checked whether the problem still existed
  • Felt really dumb

Thank you for your help. Even though I turned out not needing it.

~Zell Faze~
Computer Repair Technician

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,103 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:45 PM

Posted 28 February 2010 - 06:21 AM

Glad to hear you got it fixed.

This topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users