Solved

when installing spybot get as far as trying to contact 127.0.0.1

Posted on 2008-09-29
6
2,440 Views
Last Modified: 2013-12-06
I have XP Pro, Comcast internet, the two are connected with a router.

Earlier today Google started returning search results to me that, when clicked, took me to HotJobs and other ad sites.  Uh oh.

I have run AVG, it has found nothing.

I have seen one message today when "AV.DAT" tried to go through AVG firewall.  I denied it.

I downloaded Search & Destroy (on an other machine) but during its install it wants to download files from "127.0.0.1" and the error message is that a connection could not be established.  That isn't surprising to me because I cannot surf to:

http://msdn.microsoft.com/
http://www.safer-networking.org/

I can't get to the Hijackthis site to download it.

HOSTS file is empty save for the comments at the top.  127.0.0.1 WAS there, I removed it.

Malwarebytes is running right now, but it could not contact its web site when it tried.

Please help me.  ;-)

0
Comment
Question by:JXCovert
6 Comments
 
LVL 7

Assisted Solution

by:aboredman
aboredman earned 50 total points
ID: 22596900
127.0.0.1 is the loopback adress. It's the machine local adress. There is not really any danger in contacting 127.0.0.1
0
 
LVL 20

Assisted Solution

by:IndiGenus
IndiGenus earned 50 total points
ID: 22596980
If you can, download HijackThis on another PC and copy it over with a USB drive or whatever is convenient. If it still won't run try renaming it. The log would help analyze what is going on.
0
 
LVL 11

Accepted Solution

by:
ladarling earned 400 total points
ID: 22597175
If you are trying to download from \\localhost (127.0.0.1) then your machine is looking at itself. If you dont have any server software running, then you *should*  just get an error. HOSTS, by default, will be blank except for a reference to the localhost (127.0.0.1), so you should not be concerned about that.
If you can browse to *any* well known web sites, then your redirection or blocking is either coming from the Browser, firewall software, or your ISP's DNS server.
 First Thing:  check Add-Ons if you are using IE, disable any add-ons that you cant identify. This is a common place for hijack-ware.
Also, check your Internet Explorer LAN (Tools > Internet Options > Connections > LAN Settings) settings to make sure the you are not being pointed to a Proxy server and that Automaticaly detect settings is checked.
If thats good, check to make sure that you are not blocking the sites with overly-aggressive security settings.
If all else fails, contact you ISP to see if they are having DNS issues.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 

Author Comment

by:JXCovert
ID: 22597517
Thanks to all thus far!

Malwarebytes found a Trojan and destroyed it (it appears).  I can now surf to the above listed sites quite well.  Spybot is installed and running, thus far it has identified only one threat:

Microsoft.WindowSecurityCenter

Heh!

My issues now are:

-- cannot connect to my home windows network (it shows me that the network exists, but trying to see other computers on it gives "mynetworkname is not accessible".

-- I cannot ping my work VPN, which is disconcerting

LADarling: Automatically detect settings was NOT checked, now it is.  I doubt it is ISP; my other machines on my network here work fine.   I have just disabled a bunch of IE AddOns.

Powering down entire bagshoot now...


0
 

Author Comment

by:JXCovert
ID: 22597822
These...
-- cannot connect to my home windows network (it shows me that the network exists, but trying to see other computers on it gives "mynetworkname is not accessible".

-- I cannot ping my work VPN, which is disconcerting

are now remedied (LADarling - overzealous firewalling was correct!).  I am going into wait-and-see mode prior to closing this question.

Thanks all!
0
 

Author Comment

by:JXCovert
ID: 22604951
So in the final analysis:

-- MalwareBytes removed a virus

-- An overzealous firewall was blocking the sites I could not reach.  Perhaps the malware adjusted the firewall, that's unknown.

Thanks ABoredMan.  Thanks IndiGenus.  Thanks LADarling.

I am obliged to you'alll for hopping on this so quickly.

0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question