Solved

Unable to access anything internet sites after a malware attack

Posted on 2008-10-28
18
808 Views
Last Modified: 2013-12-06
Hello,
   I was attacked by Antispamware XP 2009 this evening.  I did some reading and was able (I thought) to clean it up.  Now it looks like it's come back.  I am unable to access any google search engines.  The "user" interface for the "program" is gone, but the annoyances still remain.  Please help!  See HIijackthis log below
hijackthis.log
0
Comment
Question by:rwilliams257
  • 12
  • 5
18 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 22828494
You need to download and run malwarebuytes antimalware. And then follow the steps here
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
0
 

Author Comment

by:rwilliams257
ID: 22828504
xxdcmast,
I did that already, my malwarebytes is coming up clean now, but I have the same errors.  I've ran the scan 8 times.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22829228
I would also run Smitfraudfix:

http://siri.geekstogo.com/SmitfraudFix.php

Run option 2 in safe mode.  Post the log.

If you still have problems after that, download and run SDFix:

http://www.bleepingcomputer.com/files/sdfix.php

It would also be a good idea to reset your hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

Good luck!!!
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 

Author Comment

by:rwilliams257
ID: 22830144
I will try now and let you know the results...
0
 

Author Comment

by:rwilliams257
ID: 22834162
Things are looking good, but it seems that this thing messed up a lot of my programs...here are the logs...let me know how they look so I can award the points
rapport.txt
Report.txt
0
 

Author Comment

by:rwilliams257
ID: 22834293
Take that back, seems google is working fine, but I am unable to download anything, I get the usual Internet not avaliable, almost like I'm going to a proxy.  I checked the proxy and the host file (Which was replaced per your suggestion) and see no entries.  I'm again lost...
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22834644
Please could you post a fresh HJT log.

Thanks.

0
 

Author Comment

by:rwilliams257
ID: 22834717
Here u go...
hijackthis.log
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22835027
OK.  There are some entries in your HJT log which are related to your CA Security Suite:
cfgmng32.exe
mdmcls32.exe
svcprs32.exe
These have to do with Parental Controls, amongst other things.  Users have reported problems with internet connection associated with these.  You can uninstall the parental control part of CA's security suite by following these directions:

http://crm.my-etrust.com/CIDocument.asp?KDId=2914&Preview=0&Return=0&GUID=E573572756FF4C378D6FFF9F0FFFA732

Also this entry:
O10 - Unknown file in Winsock LSP: c:\windows\system32\winsflt.dll
appears to relate to PureSight Internet Content Filter - which is also a parental control software.  It is not showing up anywhere else in HJT.  Have you installed this software at some time?

Parental control software will always be intrusive in internet connectivity.  If you are running such software, please disable it temporarily and check your connection again.

0
 

Author Comment

by:rwilliams257
ID: 22835257
Rebooting now...give me a minute
0
 

Author Comment

by:rwilliams257
ID: 22835396
Hiijack this suggested to run spybot...running now...I will post that and new Hiijack this log upon completion
0
 

Author Comment

by:rwilliams257
ID: 22836076
No joy on any suggestions...any more idea...see hiijack this log attached...
hijackthis.log
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22839238
So the situation now is that you can access the internet and browse to sites, but if you try to download anything, you get an error message?
You could try running Internet Explorer without add-ons (Start - programs - accessories - system tools -Internet Explorer:No Add-Ons); if the problem goes away, re-enable add-ons one by one until you find the culprit.
You could try disabling your CA Security Suite;
You've disabled all the parental control stuff, correct?
Have you tried a different browser, eg. Firefox?

Your HJT log has some registry clutter, but otherwise looks OK;
although this implies a previous install of Norton:

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

It would be a good idea to run the Norton Removal Tool from Symantec:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039



to avoid conflicts.

0
 

Author Comment

by:rwilliams257
ID: 22842332
No joy on any of the suggestions.  To top it off, I am unable to use google or any other search engine after a reboot.  The only way to fix it is to rerun SDFix in safe mode.  See Hiijack this log and SDFIX logs attached...
hijackthis.log
Report.txt
0
 

Author Comment

by:rwilliams257
ID: 22843053
Sorry I didn't answer your questions...

Disabled/uninstalled Parental Control Junk
Tried Firefox...no joy
0
 
LVL 23

Accepted Solution

by:
phototropic earned 500 total points
ID: 22843122
Lets try Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please post the combofix log.  Thanks.
0
 

Author Comment

by:rwilliams257
ID: 22844392
Look like it works on Firefox and after a reboot, I'm reinstalling IE7 now...but I wanted to get you the log...also, I got this error when I ran Combofix...is that normal?


log.txt
error.bmp
0
 

Author Comment

by:rwilliams257
ID: 22844857
Looks like it's good to Go...thanks for all your help...
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question