Solved

Microsoft.com not loading Hijackthis log

Posted on 2009-04-11
6
294 Views
Last Modified: 2013-12-06
microsoft.com and nexislexis.com stopped loading from sbs2003 and clients. any clues from this hijackthis log?
hijackthis-log-041109.txt
0
Comment
Question by:bryanatabc
  • 3
  • 3
6 Comments
 
LVL 15

Assisted Solution

by:greyknight17
greyknight17 earned 500 total points
ID: 24127200
I don't see anything in the log that indicates any malware. Did you check your hosts file to make sure they are not restricted?

Let's see if the following two scans will find anything:

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
0
 

Author Comment

by:bryanatabc
ID: 24127859
have run MBAB, attached is summary from 4 scans. Have run full scans from trendmicro worry free, microsoft malicious software remover, and malwarebytes, working on trying combofix, but am a little concerned with it since this is a working small business server 2003 in a single server office. I may have to take more time and pin everything I can down and make an image of the drives besides the normal backups. Thanks in advance for the help
Summary-4-mbam-scans.txt
0
 
LVL 15

Expert Comment

by:greyknight17
ID: 24129610
No problem. Are you only have issues accessing those two sites in particular? Any other sites giving you problems?

Do you get a page can not be displayed error? Try to ping those two sites from the command prompt and see if you get a response back. If you do, try accessing them through their IP address to see if you can get the page displayed.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:bryanatabc
ID: 24129784
So far, just the two sites are blocked. When you try to open them, the browser gets stuck "waiting for..."
Combo fix would not run, incompatible with OS windows small business server 2003. I have tried typing the address found for both sites from my own system into the browser and get the same results. I have tried firefox with the same result. The system is configured as a two nic server, one connected to an Actiontec DSL router, and the other to a hub for the Lan. If i plug a laptop into the hub, I have no trouble getting to the sites from the laptop. Pinging lexisnexis.com gets a reply from 138.12.4.174
Pinging msn or microsoft.com times out, but they also time out from my system so they most likley do not respond to pings. Thank again for the help. Any ideas would be appreciated.
0
 
LVL 15

Expert Comment

by:greyknight17
ID: 24133000
Can you access the site using the IP address 138.12.4.174?
0
 

Accepted Solution

by:
bryanatabc earned 0 total points
ID: 24133201
Problem solved. ISP made improvments to their network. After changing the dsl modem from PPPoE to PPPoa, everything workslike a charm, and a lot faster. Thank you much greyknight17 for the assistance.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now