• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 822
  • Last Modified:

Unable to access anything internet sites after a malware attack

Hello,
   I was attacked by Antispamware XP 2009 this evening.  I did some reading and was able (I thought) to clean it up.  Now it looks like it's come back.  I am unable to access any google search engines.  The "user" interface for the "program" is gone, but the annoyances still remain.  Please help!  See HIijackthis log below
hijackthis.log
0
rwilliams257
Asked:
rwilliams257
  • 12
  • 5
1 Solution
 
Joseph DalyCommented:
You need to download and run malwarebuytes antimalware. And then follow the steps here
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
0
 
rwilliams257Author Commented:
xxdcmast,
I did that already, my malwarebytes is coming up clean now, but I have the same errors.  I've ran the scan 8 times.
0
 
phototropicCommented:
I would also run Smitfraudfix:

http://siri.geekstogo.com/SmitfraudFix.php

Run option 2 in safe mode.  Post the log.

If you still have problems after that, download and run SDFix:

http://www.bleepingcomputer.com/files/sdfix.php

It would also be a good idea to reset your hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

Good luck!!!
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
rwilliams257Author Commented:
I will try now and let you know the results...
0
 
rwilliams257Author Commented:
Things are looking good, but it seems that this thing messed up a lot of my programs...here are the logs...let me know how they look so I can award the points
rapport.txt
Report.txt
0
 
rwilliams257Author Commented:
Take that back, seems google is working fine, but I am unable to download anything, I get the usual Internet not avaliable, almost like I'm going to a proxy.  I checked the proxy and the host file (Which was replaced per your suggestion) and see no entries.  I'm again lost...
0
 
phototropicCommented:
Please could you post a fresh HJT log.

Thanks.

0
 
rwilliams257Author Commented:
Here u go...
hijackthis.log
0
 
phototropicCommented:
OK.  There are some entries in your HJT log which are related to your CA Security Suite:
cfgmng32.exe
mdmcls32.exe
svcprs32.exe
These have to do with Parental Controls, amongst other things.  Users have reported problems with internet connection associated with these.  You can uninstall the parental control part of CA's security suite by following these directions:

http://crm.my-etrust.com/CIDocument.asp?KDId=2914&Preview=0&Return=0&GUID=E573572756FF4C378D6FFF9F0FFFA732

Also this entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\winsflt.dll
appears to relate to PureSight Internet Content Filter - which is also a parental control software.  It is not showing up anywhere else in HJT.  Have you installed this software at some time?

Parental control software will always be intrusive in internet connectivity.  If you are running such software, please disable it temporarily and check your connection again.

0
 
rwilliams257Author Commented:
Rebooting now...give me a minute
0
 
rwilliams257Author Commented:
Hiijack this suggested to run spybot...running now...I will post that and new Hiijack this log upon completion
0
 
rwilliams257Author Commented:
No joy on any suggestions...any more idea...see hiijack this log attached...
hijackthis.log
0
 
phototropicCommented:
So the situation now is that you can access the internet and browse to sites, but if you try to download anything, you get an error message?
You could try running Internet Explorer without add-ons (Start - programs - accessories - system tools -Internet Explorer:No Add-Ons); if the problem goes away, re-enable add-ons one by one until you find the culprit.
You could try disabling your CA Security Suite;
You've disabled all the parental control stuff, correct?
Have you tried a different browser, eg. Firefox?

Your HJT log has some registry clutter, but otherwise looks OK;
although this implies a previous install of Norton:

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

It would be a good idea to run the Norton Removal Tool from Symantec:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039



to avoid conflicts.

0
 
rwilliams257Author Commented:
No joy on any of the suggestions.  To top it off, I am unable to use google or any other search engine after a reboot.  The only way to fix it is to rerun SDFix in safe mode.  See Hiijack this log and SDFIX logs attached...
hijackthis.log
Report.txt
0
 
rwilliams257Author Commented:
Sorry I didn't answer your questions...

Disabled/uninstalled Parental Control Junk
Tried Firefox...no joy
0
 
phototropicCommented:
Lets try Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please post the combofix log.  Thanks.
0
 
rwilliams257Author Commented:
Look like it works on Firefox and after a reboot, I'm reinstalling IE7 now...but I wanted to get you the log...also, I got this error when I ran Combofix...is that normal?


log.txt
error.bmp
0
 
rwilliams257Author Commented:
Looks like it's good to Go...thanks for all your help...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now