Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Access Blocked By Malware


  • Please log in to reply
2 replies to this topic

#1 nickyt44

nickyt44

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 25 July 2010 - 02:03 PM

Malware has hijacked my internet connection.

My desktop is a Velocity Micro Pentium 4 3.0 ghz, with 1.49 gb RAM. 46% of the 120 gb hard drive is free. The OS is MS Windows XP Pro v.5.1.2600, Service Pack 3, Build 2600.

Recently my wife began complaining about an apparent redirection when attempting to access one of her favorite sites. My daughter was still able to access the same site with no problem, so I assumed her Firefox profile had been corrupted. Since everyone but my wife has migrated to laptops, I was in no rush. However, a couple of days ago, she complained that her favorite web site was coming up “Server Not Found”. After checking on my laptop that the site was available, I decided it was time to do something.

I began by saving her Firefox profile and bookmarks in preparation for creating a new profile for her. However, when I logged onto my user account on the desktop and was unable to reach the site (also getting “Server Not Found”), I decided something more insidious was going on. At that point, I knew bad things were going on, but it seemed to be limited to this one site, as every other site I went to was accessible.

The desktop firewall/antivirus was expiring, so I renewed it and upgraded to Norton 360. That download and installation seemed to go okay. Figuring I'd need more help, I decided to download and install Malwarebytes. However, typing the URL of Malwarebytes.org produced “No Server Found.” I wound up downloading it to a USB stick attached to my laptop, and copying it to the desktop. It seemed to install okay.

When I ran Norton 360 it found 9 problems, 7 tracking cookies and 2 viruses. It took care of them. I immediately ran Malwarebytes which found 19 problems, in the registry, folders and files. Some of what it found were Rogue.AntivirusSuite, Rogue.Virus.Rescue, Trojan.Zlob, Hijack.DisplayProperties, Hijack.WindowsUpdates and Trojan.DNSChanger, among others. I had the program “fix” the problems and got a window that everything had been cared for and I needed to reboot. Which I did.

When I restarted the computer, I found that I had no web access. Firefox, Chrome and IE all were unable to connect. Firefox reported “Server Not Found”. Chrome reported that “The following page(s) have become unresponsive. You can wait for them or kill them.” Selecting “kill” did nothing. The IE tab showed “Connecting.....”, but it never did. Instead of automatically connecting through my wired network (a Linksys router and cable modem), a “Dial-up Connection” dialog box popped up with Chrome and IE7.

On my laptop I did a Google search for “malware preventing internect access” and found a link to this bleepingcomputer forum. I read several of the posts and replies which other people had documented. I decided to try the fix suggested on 6/2/10 by Blade Zephon: I downloaded TFC and SuperAntiSpyware to a USB stick and copied them to the desktop. I ran TFC, no problem. After reboot, I attempted to run SuperAntiSpyware in Safe Mode and found that double clicking the icon caused a process to run, but no program window ever appeared. I found a SuperAntiSpyware process running using 768-788 kb, but no interface or program window ever appeared.

Instead of further “backyard mechanic” attempts (replacing parts until I stumble upon the faulty one) to fix this thing, I'm asking for guidance on how to rid my computer of this malware. Any suggestions, anyone?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 27 July 2010 - 10:22 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.

Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nickyt44

nickyt44
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 01 August 2010 - 04:21 PM

:thumbsup: Joy! Thanks, Budapest. I followed your directions and my internet access has been restored. We can also access my wife's favorite website with no problem. The only thing I did different was not to use "Obtain DNS servers automatically" because there are specific DNS server addresses that I must use. Your advice was spot on. Thanks, again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users