rwilliams257
asked on
Unable to access anything internet sites after a malware attack
Hello,
I was attacked by Antispamware XP 2009 this evening. I did some reading and was able (I thought) to clean it up. Now it looks like it's come back. I am unable to access any google search engines. The "user" interface for the "program" is gone, but the annoyances still remain. Please help! See HIijackthis log below
hijackthis.log
I was attacked by Antispamware XP 2009 this evening. I did some reading and was able (I thought) to clean it up. Now it looks like it's come back. I am unable to access any google search engines. The "user" interface for the "program" is gone, but the annoyances still remain. Please help! See HIijackthis log below
hijackthis.log
ASKER
xxdcmast,
I did that already, my malwarebytes is coming up clean now, but I have the same errors. I've ran the scan 8 times.
I did that already, my malwarebytes is coming up clean now, but I have the same errors. I've ran the scan 8 times.
I would also run Smitfraudfix:
http://siri.geekstogo.com/SmitfraudFix.php
Run option 2 in safe mode. Post the log.
If you still have problems after that, download and run SDFix:
http://www.bleepingcomputer.com/files/sdfix.php
It would also be a good idea to reset your hosts file:
http://www.mvps.org/winhelp2002/hosts.htm
Good luck!!!
http://siri.geekstogo.com/SmitfraudFix.php
Run option 2 in safe mode. Post the log.
If you still have problems after that, download and run SDFix:
http://www.bleepingcomputer.com/files/sdfix.php
It would also be a good idea to reset your hosts file:
http://www.mvps.org/winhelp2002/hosts.htm
Good luck!!!
ASKER
I will try now and let you know the results...
ASKER
Things are looking good, but it seems that this thing messed up a lot of my programs...here are the logs...let me know how they look so I can award the points
rapport.txt
Report.txt
rapport.txt
Report.txt
ASKER
Take that back, seems google is working fine, but I am unable to download anything, I get the usual Internet not avaliable, almost like I'm going to a proxy. I checked the proxy and the host file (Which was replaced per your suggestion) and see no entries. I'm again lost...
Please could you post a fresh HJT log.
Thanks.
Thanks.
ASKER
Here u go...
hijackthis.log
hijackthis.log
OK. There are some entries in your HJT log which are related to your CA Security Suite:
cfgmng32.exe
mdmcls32.exe
svcprs32.exe
These have to do with Parental Controls, amongst other things. Users have reported problems with internet connection associated with these. You can uninstall the parental control part of CA's security suite by following these directions:
http://crm.my-etrust.com/CIDocument.asp?KDId=2914&Preview=0&Return=0&GUID=E573572756FF4C378D6FFF9F0FFFA732
Also this entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\winsfl t.dll
appears to relate to PureSight Internet Content Filter - which is also a parental control software. It is not showing up anywhere else in HJT. Have you installed this software at some time?
Parental control software will always be intrusive in internet connectivity. If you are running such software, please disable it temporarily and check your connection again.
cfgmng32.exe
mdmcls32.exe
svcprs32.exe
These have to do with Parental Controls, amongst other things. Users have reported problems with internet connection associated with these. You can uninstall the parental control part of CA's security suite by following these directions:
http://crm.my-etrust.com/CIDocument.asp?KDId=2914&Preview=0&Return=0&GUID=E573572756FF4C378D6FFF9F0FFFA732
Also this entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\winsfl
appears to relate to PureSight Internet Content Filter - which is also a parental control software. It is not showing up anywhere else in HJT. Have you installed this software at some time?
Parental control software will always be intrusive in internet connectivity. If you are running such software, please disable it temporarily and check your connection again.
ASKER
Rebooting now...give me a minute
ASKER
Hiijack this suggested to run spybot...running now...I will post that and new Hiijack this log upon completion
ASKER
No joy on any suggestions...any more idea...see hiijack this log attached...
hijackthis.log
hijackthis.log
So the situation now is that you can access the internet and browse to sites, but if you try to download anything, you get an error message?
You could try running Internet Explorer without add-ons (Start - programs - accessories - system tools -Internet Explorer:No Add-Ons); if the problem goes away, re-enable add-ons one by one until you find the culprit.
You could try disabling your CA Security Suite;
You've disabled all the parental control stuff, correct?
Have you tried a different browser, eg. Firefox?
Your HJT log has some registry clutter, but otherwise looks OK;
although this implies a previous install of Norton:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
It would be a good idea to run the Norton Removal Tool from Symantec:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
to avoid conflicts.
You could try running Internet Explorer without add-ons (Start - programs - accessories - system tools -Internet Explorer:No Add-Ons); if the problem goes away, re-enable add-ons one by one until you find the culprit.
You could try disabling your CA Security Suite;
You've disabled all the parental control stuff, correct?
Have you tried a different browser, eg. Firefox?
Your HJT log has some registry clutter, but otherwise looks OK;
although this implies a previous install of Norton:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
It would be a good idea to run the Norton Removal Tool from Symantec:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
to avoid conflicts.
ASKER
No joy on any of the suggestions. To top it off, I am unable to use google or any other search engine after a reboot. The only way to fix it is to rerun SDFix in safe mode. See Hiijack this log and SDFIX logs attached...
hijackthis.log
Report.txt
hijackthis.log
Report.txt
ASKER
Sorry I didn't answer your questions...
Disabled/uninstalled Parental Control Junk
Tried Firefox...no joy
Disabled/uninstalled Parental Control Junk
Tried Firefox...no joy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ASKER
Looks like it's good to Go...thanks for all your help...
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009