We help IT Professionals succeed at work.

Huge Malware Problem

Medium Priority
300 Views
Last Modified: 2013-11-22
I recently have had some issues with my itnternet.  I'm using firefox and everytime I would type a website (example yahoo) it would take me to something else.  I also noticed that my antivirus (avg) was not updating properly and it got a connections error, so I update it manually.  Ran it and it found some viruses.  I deleted the things, but the internet issue was still a problem.  So I tried running some spyware.  I tried running adaware (the auto update could not coonect to the internet either so I did a manual update).  This found a couple and were deleted.  Next I tried spybot, but this would not open.  I tried going online to these websites, but every website that was antispyware or antivirus related with not open.  I went into safe mode and tried running each, but nothing more was found with adaware and spybot would not open.  I tried running a online scanner for viruses, but before it could start it said connection timed out.  I even tried installing the microsoft malware removal tool, but it would not install/load.  Anybody know a solution to this I had viruses before, but none like this.  Thank you
Comment
Watch Question


As rpggamergirl would say....


Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download 

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.

then download and install www.malwarebytes.org and for its logfile do the same as the Hijackthis.

Author

Commented:
Here you go.  Thank you.  Please note the malwarebytes found a trojan and deleted it, but problems still persist.  I attached another scan ran today with no issues.
hijackthis.log
mbam-log-2009-02-08--07-17-26-.txt
mbam-log-2009-02-08--12-29-48-.txt
something to consider: which would take less effort, removing all the malware by hand, or backing up the important data and reformatting, then reinstalling everything? neither one is pleasant, but there comes a point when reformatting is the only way to really be sure you got it all.

HijackFREE has a database that can help you sort the known-good items from the bad ones. That would probably be a good starting point

Commented:
Hi,

It could be the HOST file that may got poisoned by wrong/malicious entries. Or some rootkit that is intercepting DNS requests to these security websites.

Try using Symantec Online Security Scan: (No need to reolve anything, you can browse it by IP)

http://206.204.52.6/sscv6/home.asp?langid=ie&venid=sym&plfid=24&pkj=GEKLIZQSLDBQSBKXIGL 



A Symantec Certified Specialist @ your service

Author

Commented:
I tried the symantec online scan with no luck.  It's asking me to install the active x which I do, but then nothing.  The scan doesn't proceed.  I understand I might need to format the drive, but I would like to avoid that as much as possible.  Any other suggestions?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
There is nothing malicious in your log files. I think you should scan your system using a bootable CD. Try one of the following live CDs:

http://dl.antivir.de/down/vdf/rescuecd/rescuecd.iso

http://download.bitdefender.com/rescue_cd/bitdefender_2008_RescueCD_v2.iso

http://www.volatileminds.net/projects/clamav/ClamAVLiveCD2.0.iso

ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-4.44.1.0811190.iso



A Symantec Certified Specialist @ your service
Could be a rookit.. SDFIX will check and fix the hosts file.. Combofix will also search out rootkits.

Author

Commented:
SDFix and ComboFix worked.  Here are the logs.  Please let me know if I need to do something else.
ComboFix.txt
report.txt
Rescan with malwarebytes and AV scanner.

Author

Commented:
Thank you
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.