Solved

Unable to access anything internet sites after a malware attack

Posted on 2008-10-28
18
806 Views
Last Modified: 2013-12-06
Hello,
   I was attacked by Antispamware XP 2009 this evening.  I did some reading and was able (I thought) to clean it up.  Now it looks like it's come back.  I am unable to access any google search engines.  The "user" interface for the "program" is gone, but the annoyances still remain.  Please help!  See HIijackthis log below
hijackthis.log
0
Comment
Question by:rwilliams257
  • 12
  • 5
18 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 22828494
You need to download and run malwarebuytes antimalware. And then follow the steps here
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
0
 

Author Comment

by:rwilliams257
ID: 22828504
xxdcmast,
I did that already, my malwarebytes is coming up clean now, but I have the same errors.  I've ran the scan 8 times.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22829228
I would also run Smitfraudfix:

http://siri.geekstogo.com/SmitfraudFix.php

Run option 2 in safe mode.  Post the log.

If you still have problems after that, download and run SDFix:

http://www.bleepingcomputer.com/files/sdfix.php

It would also be a good idea to reset your hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

Good luck!!!
0
 

Author Comment

by:rwilliams257
ID: 22830144
I will try now and let you know the results...
0
 

Author Comment

by:rwilliams257
ID: 22834162
Things are looking good, but it seems that this thing messed up a lot of my programs...here are the logs...let me know how they look so I can award the points
rapport.txt
Report.txt
0
 

Author Comment

by:rwilliams257
ID: 22834293
Take that back, seems google is working fine, but I am unable to download anything, I get the usual Internet not avaliable, almost like I'm going to a proxy.  I checked the proxy and the host file (Which was replaced per your suggestion) and see no entries.  I'm again lost...
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22834644
Please could you post a fresh HJT log.

Thanks.

0
 

Author Comment

by:rwilliams257
ID: 22834717
Here u go...
hijackthis.log
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22835027
OK.  There are some entries in your HJT log which are related to your CA Security Suite:
cfgmng32.exe
mdmcls32.exe
svcprs32.exe
These have to do with Parental Controls, amongst other things.  Users have reported problems with internet connection associated with these.  You can uninstall the parental control part of CA's security suite by following these directions:

http://crm.my-etrust.com/CIDocument.asp?KDId=2914&Preview=0&Return=0&GUID=E573572756FF4C378D6FFF9F0FFFA732

Also this entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\winsflt.dll
appears to relate to PureSight Internet Content Filter - which is also a parental control software.  It is not showing up anywhere else in HJT.  Have you installed this software at some time?

Parental control software will always be intrusive in internet connectivity.  If you are running such software, please disable it temporarily and check your connection again.

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:rwilliams257
ID: 22835257
Rebooting now...give me a minute
0
 

Author Comment

by:rwilliams257
ID: 22835396
Hiijack this suggested to run spybot...running now...I will post that and new Hiijack this log upon completion
0
 

Author Comment

by:rwilliams257
ID: 22836076
No joy on any suggestions...any more idea...see hiijack this log attached...
hijackthis.log
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22839238
So the situation now is that you can access the internet and browse to sites, but if you try to download anything, you get an error message?
You could try running Internet Explorer without add-ons (Start - programs - accessories - system tools -Internet Explorer:No Add-Ons); if the problem goes away, re-enable add-ons one by one until you find the culprit.
You could try disabling your CA Security Suite;
You've disabled all the parental control stuff, correct?
Have you tried a different browser, eg. Firefox?

Your HJT log has some registry clutter, but otherwise looks OK;
although this implies a previous install of Norton:

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

It would be a good idea to run the Norton Removal Tool from Symantec:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039



to avoid conflicts.

0
 

Author Comment

by:rwilliams257
ID: 22842332
No joy on any of the suggestions.  To top it off, I am unable to use google or any other search engine after a reboot.  The only way to fix it is to rerun SDFix in safe mode.  See Hiijack this log and SDFIX logs attached...
hijackthis.log
Report.txt
0
 

Author Comment

by:rwilliams257
ID: 22843053
Sorry I didn't answer your questions...

Disabled/uninstalled Parental Control Junk
Tried Firefox...no joy
0
 
LVL 23

Accepted Solution

by:
phototropic earned 500 total points
ID: 22843122
Lets try Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please post the combofix log.  Thanks.
0
 

Author Comment

by:rwilliams257
ID: 22844392
Look like it works on Firefox and after a reboot, I'm reinstalling IE7 now...but I wanted to get you the log...also, I got this error when I ran Combofix...is that normal?


log.txt
error.bmp
0
 

Author Comment

by:rwilliams257
ID: 22844857
Looks like it's good to Go...thanks for all your help...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now