Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Issues


  • Please log in to reply
5 replies to this topic

#1 Fajardo

Fajardo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:58 PM

Posted 30 March 2010 - 06:27 PM

Greetings, I've read the tutorial topic for creating new topics here. I understood everything, but unfortunately I'm accessing the internet mainly from my working place, because back at home, things are a bit suspicious and not functional. I must apologize for not posting the proper logs required to create new topics, but this is not my computer, and I won't be able to post logs in several hours, and that will only happen if I luckly manage to connect to this forum.

Lemme explain my issue:

Sunday night I was searching images(not porn) using google, then I visited a certain website. (Which I can't recall nor can find it again, because in dispair I deleted all browsers data.)
What happaned was the following, upon visiting that page for a full view of it, a new window opened and what appeared to be a fake scan to some drivers had begun, I knew it was fake because that weren't my drivers, so I closed the window, then afterwards Firefox prompted me to accept or not to execute a .exe file, I pressed cancel but I think it was too late. Then my computer become slow as hell and I couldn't even move files on the desktop, I mean dragging them from a place to another, I rebooted my computer and things began to work smoother again. But before that reboot I downloaded BitDefender and installed, in order to do that I had to uninstall my crappy Windows Defender, okay, so everything installed, made a full in-depth scan of all my drivers, found some issues, but the problem persists.

I haven't explained the problem yet, so it is: Most pages take forever to load, some don't even load at all, and I did notice that there is something very wrong with my connection, because I have OutPost Firewall here and I can see which connections are open and to where they are connected, so I notice that all connections were trying to communicate with a group of IPs alike, I think whatever infected my machine has forced it to try and connect anything using a remote proxy, even for DNS I think, things are really weird! I took a screenshot from my Firewall view and it shows one of the many IPs that my browses and games want to communicate whenever I open them. I tried ipconfig /flushdns === Disabled WINS proxy on the registry === today I ran ComboFix. I brought the log here in a Pen Driver, if you guys need it...

The addresses end with 1e100.net and static.host.gvt.net.br. Sometimes a certain 65.xx.xx.xx also appears. I made a previous search about those xy-in-f102.1e100 and they appear to be DNS providers domains, I don't know what else to do, I found this page by searching for ComboFix.

So here's the screenshot from my Firewall:
Posted Image

Edited by Budapest, 30 March 2010 - 06:36 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 Fajardo

Fajardo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:58 PM

Posted 30 March 2010 - 06:33 PM

From another use with similar problem:
"The internet connection is active. I can successfully ping sites from the command prompt, packets are going out and coming in"

It is the same here, I can ping the websites, I can even play my games, though they tried to connect to that addresses, I blocked theirs attempts to do so with my firewall, then games are running normally now.

Edit: By the way, if I block my browsers access to those addresses they can't open any page. I think whenever something connects to that addresses it is like it acts a DNS or Proxy, since I blocked my games before they even made their first connection to any of those IPs, they run fine. Softwares like Garena(Gaming Lobby) also are working, though it's adds that are shown like as if in a normal browser do not appear, Garena says "Failed to open page".

Edited by FreeRides4TheLadies, 30 March 2010 - 06:36 PM.


#3 Fajardo

Fajardo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:58 PM

Posted 01 April 2010 - 05:49 PM

((Update - Not Bump))

Greetings, finally managed to run the DDS scan, I'll post it here. On the other hand I couldn't run the GMER.exe scan, I ran it but soon after it prompts an error, I can't even dismark those combo boxes as intructed.


DDS (Ver_10-03-17.01) - NTFSx86

Log removed as not allowed in this forum. ~ OB[/b]

Edited by Orange Blossom, 28 July 2010 - 11:38 PM.


#4 Fajardo

Fajardo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:58 PM

Posted 01 April 2010 - 06:03 PM

Forgot to mention a few things!

Hmm, tried to go online with MSN and of course it didn't work, I clicked repair then it said that my hosts files had entries that would affect how MSN would connect. I'm wandering if this supposed virus somehow changed my hosts file/diretory somewhere on the registry, because the file itself in (something like) %SystemRoot%\Windows\System32\Drivers\etc is clean, only the local host is shown, although today it changed, it always had some texts with instructions in my language, portuguese, now everything but the localhost remained.

Also, thanks to TuneUp Utilities I found out that Administrative Shares were allowed, and they were not! Something changed it!

And thanks to Outpost, I found out that a certain file, something like wpermp.exe was asking for direct disk access R0. No idea with R0 is, but I denied it, there two processes with that same name, took a screenshot but forgot to save...

#5 Fajardo

Fajardo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:58 PM

Posted 04 April 2010 - 01:00 AM

Problem solved.

First I'd like to congratulate everybody that is part of this great community that is Bleepingcomputer. By briefly checking other user's posts and seeing the kind of support that is given, I'm glad that I found this "good alliance" on the internet, there are far too many hacking forums and such.

Second I've solved the problem myself, installed/ran nearly a dozen software and tools. I indeed caught something that changed my computer online behavior, those tools really, really helped me out. I presume that after removing all the infections BitDefender somehow began to block my browsers, like the next day I got it installed. I found out about this possibility tonight, visting another forum which two users posted that their similar issue were solved after uninstalling Norton, their antivirus was messing with their connections, I just gave it a try and as soon BitDefender finished uninstalling and prompted me for a reboot and I clicked no, then I tried to open my browsers and Bang, working again. So I leave this tip here, don't know if it's mentioned somewhere on the forum, I admit I didn't look that much around. So if is not mentioned anywhere perhaps the Administrators should debate about including uninstall the Antivirus software as a solution step if nothing else works to restore the connection. Everything working again, no more connections through those 1e100.net proxy-like servers. Funny thing they are Google's.

Third and final I'd like to say that I'm a bit disappointed in how help never reached me until today. I mean, almost 5 days since my first post, not a single reply. I'm glad I managed to solve it by myself, but I like were virtually unable to use my internet for an entire week(not you guys fault!). Also glad that I've learned a lot about tools and solutions, but maybe if help came sooner things would have been solved two days ago. Finally all this said I must point out that I'll come back here occasionally to check how things are going, read news, get some heads up and such, and certainly will come back when I have my next issue, which is certain as death, life with Windows is full of perils! Again congratulations everybody that dedicates their times to solve other people's problems, gratz for the amazing structure you guys manage at bleepingcomputer, sorry for being sincere but I understand how there are a hundred or more people around here asking help, soon or later I'd be the one on the line. Thank you.

Edited by Fajardo, 04 April 2010 - 01:00 AM.


#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:58 PM

Posted 28 July 2010 - 11:40 PM

Hello,

I'm sorry your topic was overlooked, but by self-responding, it was assumed that you were receiving assistance. I removed the DDS log as such are not allowed in this forum and because your issues are resolved.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users