Solved

when installing spybot get as far as trying to contact 127.0.0.1

Posted on 2008-09-29
6
2,436 Views
Last Modified: 2013-12-06
I have XP Pro, Comcast internet, the two are connected with a router.

Earlier today Google started returning search results to me that, when clicked, took me to HotJobs and other ad sites.  Uh oh.

I have run AVG, it has found nothing.

I have seen one message today when "AV.DAT" tried to go through AVG firewall.  I denied it.

I downloaded Search & Destroy (on an other machine) but during its install it wants to download files from "127.0.0.1" and the error message is that a connection could not be established.  That isn't surprising to me because I cannot surf to:

http://msdn.microsoft.com/
http://www.safer-networking.org/

I can't get to the Hijackthis site to download it.

HOSTS file is empty save for the comments at the top.  127.0.0.1 WAS there, I removed it.

Malwarebytes is running right now, but it could not contact its web site when it tried.

Please help me.  ;-)

0
Comment
Question by:JXCovert
6 Comments
 
LVL 7

Assisted Solution

by:aboredman
aboredman earned 50 total points
ID: 22596900
127.0.0.1 is the loopback adress. It's the machine local adress. There is not really any danger in contacting 127.0.0.1
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 50 total points
ID: 22596980
If you can, download HijackThis on another PC and copy it over with a USB drive or whatever is convenient. If it still won't run try renaming it. The log would help analyze what is going on.
0
 
LVL 11

Accepted Solution

by:
ladarling earned 400 total points
ID: 22597175
If you are trying to download from \\localhost (127.0.0.1) then your machine is looking at itself. If you dont have any server software running, then you *should*  just get an error. HOSTS, by default, will be blank except for a reference to the localhost (127.0.0.1), so you should not be concerned about that.
If you can browse to *any* well known web sites, then your redirection or blocking is either coming from the Browser, firewall software, or your ISP's DNS server.
 First Thing:  check Add-Ons if you are using IE, disable any add-ons that you cant identify. This is a common place for hijack-ware.
Also, check your Internet Explorer LAN (Tools > Internet Options > Connections > LAN Settings) settings to make sure the you are not being pointed to a Proxy server and that Automaticaly detect settings is checked.
If thats good, check to make sure that you are not blocking the sites with overly-aggressive security settings.
If all else fails, contact you ISP to see if they are having DNS issues.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:JXCovert
ID: 22597517
Thanks to all thus far!

Malwarebytes found a Trojan and destroyed it (it appears).  I can now surf to the above listed sites quite well.  Spybot is installed and running, thus far it has identified only one threat:

Microsoft.WindowSecurityCenter

Heh!

My issues now are:

-- cannot connect to my home windows network (it shows me that the network exists, but trying to see other computers on it gives "mynetworkname is not accessible".

-- I cannot ping my work VPN, which is disconcerting

LADarling: Automatically detect settings was NOT checked, now it is.  I doubt it is ISP; my other machines on my network here work fine.   I have just disabled a bunch of IE AddOns.

Powering down entire bagshoot now...


0
 

Author Comment

by:JXCovert
ID: 22597822
These...
-- cannot connect to my home windows network (it shows me that the network exists, but trying to see other computers on it gives "mynetworkname is not accessible".

-- I cannot ping my work VPN, which is disconcerting

are now remedied (LADarling - overzealous firewalling was correct!).  I am going into wait-and-see mode prior to closing this question.

Thanks all!
0
 

Author Comment

by:JXCovert
ID: 22604951
So in the final analysis:

-- MalwareBytes removed a virus

-- An overzealous firewall was blocking the sites I could not reach.  Perhaps the malware adjusted the firewall, that's unknown.

Thanks ABoredMan.  Thanks IndiGenus.  Thanks LADarling.

I am obliged to you'alll for hopping on this so quickly.

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now