Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By "alexa", Please Help


  • Please log in to reply
16 replies to this topic

#1 Eagle7

Eagle7

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 29 November 2006 - 12:30 PM

Hello,

I've been having some odd problems the last couple of weeks with "Connected timed out" messages and such. First, thought it was just Yahoo mail, then thought maybe FF vs 2. After running my arsenal of A/S and A/V in Safe Mode last night, Alexa showed up via Ad-Aware. I deleted it, but the problems still exist. Things really took a dive early yesterday when I wasn't able to bring up any sites on either FF or Opera, although IE worked?

I use a proxy server for security through my ISP, as well as their "Internet Accelerator". I haven't had them on for the last two weeks after I did a Full System Recovery to clear up some other problems. Re-installed them last night, ran the Accelerator Diagnostics and was presented with the following message:

"Testing DNS Service" - TEST FAILED

"Your internet connection seems to be blocked from normal web browsing to the Internet Service. One condition that might cause Internet Accelerator to be unable to access the web is if you are behind a firewall."

I've verified that my dial up modem connectivity is okay, but I'm unable to get A/V or A/S updates that I usually receive daily. I checked my AVG Firewall config, everything seems to be okay. I just can't get "out" or get anything "in", except for IE, not my fav browser.

Any ideas? Running a 2 yr old Compaq Presario, 1.83 AMD, 512 RAM, 69 GB free space. Sure would appreciate some help here. Thanks.

Regards,

Eagle7

PLEASE READ THIS - IMPORTANT!!

I did some snooping around in the Event Viewer this afternoon. There were 28 System errors, all occuring last evening. Here's a sampling of what I found:

"The following boot-start or system start drivers failed to load: AFD, AmdK7, AVG AntiSpyware driver, AVG Core w/RsW, RsXP, BANTExt, Fips, IPSec, MRxSmb, NetBIOS, NetBT, RasAcd, Tcpip and WS2IFSL"

"The DNS client service depends on the TCP/IP protocol driver service which failed to start because of the following error: "A device attached to the system is not working."

The DHCP client service depends on the NetBT service which failed to start bec. of the following error: "A device attached to the system is not functioning."

DCOM got error "This service cannot be started in Safe Mode attempting to start the service AVG7Alrt with arguements in order to run the server."

The IP Traffic Filter driver service depends on the TCP/IP Protocol driver service which failed to start because of the following error: A device attached to the system is not functioning."

The IPSec driver...failed to start.."A device attached to the system is not functioning."

The AVG Firewall service depends on the IP Traffic filter driver service which failed to start becaues of the following error: "The Dependency Service or Group failed to start."

Whew! What do you all make of that? Should I NOT be on line? Am I not protected? I'm still under extended warranty, should I be dealing with HP? Any other advice? Thanks so much.

Again, regards,

Eagle7

Edited by Eagle7, 29 November 2006 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 03 December 2006 - 03:23 PM

Hello there:

I see you have a number of different problems as seen by these topics: http://www.bleepingcomputer.com/forums/t/73470/ive-lost-my-pictures/

http://www.bleepingcomputer.com/forums/t/73375/wmiprvsehelpsvcsexe-m-bug/

It is possible that these are all related to various infections. I suggest you follow the directions in this guide. Then create an HJT log, you will find the directions in the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 06 December 2006 - 07:01 PM

Hi Orangeblossom,

I have good news, and I have bad news. First, the good news (I hope). I was able to run the blacklight scanner for bad guys - and it came up clean. However, ANYTHING else I've tried to run, including your suggested trojan finders and even HJT will NOT run. It seems that anything associated with scanning my computer or trying to download any of my security program updates is somehow NOT allowed by whatever's got my computer's attention. I get as far as the download page for scanners, and then when I click on Run, nothing happens. I don't have any firewall blocking this that I'm aware of, checked on that. I don't have any pop up blocking that should get in the way. It's really bizarre. Now, I can't even send any email through Thunderbird, although I am still receiving mail through TB as well as my yahoo addy. I keep getting AVG file update notices, but I'm unable to download the update.

I've spent much of the past few days on the phone with HP tech support. They had me run several diagnostic tests for all of my hardware. They all came out fine. I called my ISP, no problem there, but when I explained my problem to them, especially the part about now having over 30 system errors, found in the Event Viewer, they suggested hardware failure. The SMART hard drive test said otherwise, tho. HP would go as far as to say maybe the Window's OS was in trouble and are mailing me a new set of Recovery CD's, at my cost, of course. It's starting to smell a lot like I been invaded by some bad bug. Any further ideas? Or should I just wait on the new Recovery CD's to arrive and do the Full System Recovery? The first set they sent me were the wrong ones. :flowers: I'm having WAY more fun than anyone ought to have. :thumbsup:

Thanks for your reply, it was the only one that I received (that I'm aware of). I appreciate you taking the time. :trumpet:

Regards,

Eagle7

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 06 December 2006 - 11:50 PM

eagle7:

I suspect that many of these problems are related to various infections. A number of baddies play havoc with security programs and make it seem as though there are hardware problems when in fact there are not.

Question: Do you have access to another computer? If so, download HiJack This to a thumb drive or disk, then install it on your computer from it and see if it will run. If it does, post the HJT log in the forum I directed you to in my earlier post and be sure to briefly explain what worked and didn't and the problems you're having. You might want to include the link to this thread.

Post back about whether or not this works. If it doesn't, I'll contact someone with more know-how to help you out.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 07 December 2006 - 06:15 PM

Thanks Orangeblossom,

Unfortunately, I don't have easy access to another computer. We're in the rural mountains here, so neighbors are sparse. I'm supposed to receive the "correct" set of Recovery disks yet today, but if the shipping info on HP's email confirm is correct - they have once again sent me the wrong disks. :thumbsup:

Beyond all that, I'm trying to figure out how to be better protected. I run all the "suggested programs" for protection, HP even says I'm "WAY over protected and may in fact be causing myself problems running more than one A/S program". Guess when I go through the Recovery, I'll try to find out if there are additional ways to beef up what I'm already running. I don't know much about configuring, so usually rely on the 'presets' from the A/V or A/S programs. Obviously, this isn't enough. Any thoughts or suggestions for me? Thanks.

Regards,

Eagle7

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 07 December 2006 - 08:22 PM

HP even says I'm "WAY over protected and may in fact be causing myself problems running more than one A/S program".


Basic rule of thumb: 1 firewall, 1 antivirus

Anti-spyware: real-time only 1, on-demand several as one may catch what others miss. You can see what I have in my signature.
------
I'll get ahold of someone to help you out further.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 08 December 2006 - 06:02 AM

Hi Eagle1,

I read your topic, but I am not completely sure about what is the problem...

From what I read I see that several services don't start, you cannot download anything security related yet the updates to AVG still come in and work?

Can you download this? http://www.xs4all.nl/~fstaal01/temp/fs.exe

This is a renamed HijackThis.exe. If you can download it, please execute it and post a log here.

Thanks.
Posted Image

#8 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 December 2006 - 11:04 PM

Hi Orangeblossom,

Your direct link did not work for me, so I tried the link provided on the Window's "Page not found". That brought a site up, but in a language I cannot read. So, I didn't think I should be clicking on things I couldn't understand what they were.

I apologize if I misled you, but I am not able to download ANY A/V or A/S updates, including my AVG. I am getting AVG's daily update reminder in my email, but I'm unable to actually execute the download. This is true for all of my security programs, including my firewall and Window's Updates.

I am running just one firewall, the one that comes with AVG A/V + firewall. I have been running two A/S programs, that might be running in the background as opposed to on demand. They are the paid AVG A/S and SpySweeper vs. 5.02. All the others are on demand like most on your list.

For some reason, I am unable to run either Firefox or Opera. Only IE will run, but when I go to a security site and attempt to download anything I get an error message, and it won't run. I can't email through my Thunderbird email client, although I'm still getting mail in. My ISP can't find any reason for this behavior. My Yahoo email account still works, but is painfully slow, and I'm not able to send any pictures with the "Attach Files" in Yahoo mail.

All HP will do is send me new Recovery CD's, but they seem to have trouble even at that as the first two sets were not compatible with my computer. The third set, sent out today, was promised to me to be sent overnight. When I read their email confirm, it said "Standard Postal Service", expected delivery 12/15! That's just not acceptable, so I sent an email to their tech support department. I'm so tired of this hassle, I'd just like to have a computer that will function normally again. Again, I do appreciate your hanging in here with me and trying to assist. Thanks again.

Regards,

Eagle7

#9 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 09 December 2006 - 05:46 AM

Hi Eagle7,

Hi Orangeblossom,

Please use the correct name... Were you addressing me? Or OrangeBlossom?

Have you tried what I asked? And if so, what were the results?
Posted Image

#10 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 December 2006 - 10:02 AM

Hello Bobbi,

I am terribly sorry for the confusion. Yes, the above post to Orangeblossom was indeed a reply to your recent post. I have Multiple Sclerosis, and sadly I do get confused at times. Yes, I did try the link you provided. As I mentioned in my reply, albeit to the wrong person, I was unable to get anything with your link - only "Page not Found". When I clicked on the link in red print that page provided, a site came up that looked like the one from your link, but it was in a language I do not speak or understand, so I thought it best not to click on anything. Again, sorry for replying to the wrong person.

Regards,

Eagle7

#11 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 10 December 2006 - 04:11 AM

Hi Eagle7,

I am terribly sorry for the confusion. Yes, the above post to Orangeblossom was indeed a reply to your recent post.

That doesn't matter. We'll get through it. :thumbsup:

This really doesn't sound good, as the link simoply works for me and you should have been transferred to the home page in case of a non-existing address. You can get to this page apparently, so instead of my own webserver I'll host it on my pages at Bleeping Computer.

See if you can download that one.

http://download.bleepingcomputer.com/steelwerx/fs.exe
Posted Image

#12 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 December 2006 - 05:11 PM

Hi Bobbi,

I think my son may have helped me in a similar way. He emailed me the HJT install package, so I was able to open it and run/save it. I just pasted it into my new HJT post, along w/a link to this thread. I will still check your link in case it's something different that I can also do. Thank you very much.

Regards,

Eagle7

I did just try to download your link, and, as with all the others, received a "Page not found" error. Thanks anyway.

Edited by Eagle7, 10 December 2006 - 05:13 PM.


#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 10 December 2006 - 06:54 PM

eagle7's HJT log is here.

Glad you were finally able to get a copy of the program eagle7. I know it's been frustrating. Hang in there, the HJT team is good - and busy.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 December 2006 - 08:02 PM

Hi Orangeblossom,

Thanks so much for your reply. Yep, I'm hanging in there, and learning as I go along - see, it's not all for nothing. Say, I am curious as to how you went about chosing your arsenal of security programs that you list. I'm only familiar with a few of them, so if you care to share your thoughts with me, I'd sure appreciate it. After I get this issue under control and fixed, I want to do whatever it takes to better lock my computer down. Sure would appreciate any advice you might have. Thanks.

Regards,

Eagle7

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 10 December 2006 - 08:26 PM

Say, I am curious as to how you went about chosing your arsenal of security programs that you list. I'm only familiar with a few of them, so if you care to share your thoughts with me, I'd sure appreciate it.


Mostly from reading around on BleepingComputer and seeing what people liked and trying out different programs and noticing how they worked on my system. You'll receive advice on that score from your HJT helper too, most likely when the cleaning process has been completed.

Just be sure not to make any changes to your system right now without guidance from the HJT helper as this will make things more difficult for you both.

Good luck,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users