Xp Home w/ SP2. IE 6.
I am being blocked and redirected from anti virus sites such as Symantec &
Macafee. When I type their address and hit enter I am directed to a site w/
an address like dr.webhosts x x x sx s sx. This site shows links to various
sites supposedly Norton, Symantec or MAcfee, not showing correct URLs. I
cannot download any update files for my Norton Antivirus program. All windows
SP2 updates have been applied. Any help available.
Thanks

'Dance like no one is watching'

Hi cjhjg :-)

The problem is due to a hijacker or other malware on your system. Try the
following and see if it helps. Even if you have already run some programs,
run them again according to the instructions in the information below to
thoroughly clean you system. Some variants of malware can replicate itself
and return repeatedly if not cleaned properly. It is best to read through
all the information before you start to know before hand what you need to do
and how. Follow all instructions to letter as much as possible.

WARNING>>>> Backup all documents and files before removing any spyware!!

First., download and install BHODemon from
http://www.definitivesolutions.com/bhodemon.htm
Your problem may be caused by a bad BHO.

If this does not resolve the problem, the do the following:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
What You Should Know About Spyware
http://www.microsoft.com/athome/secu...ssoftware.mspx
What you can do about spyware and other unwanted software
http://www.microsoft.com/athome/secu...ywarewhat.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Also download and install HiJackThis -

How to download and install HiJackThis:
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup, but to the HiJackThis Support
Forums below:
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

Hope this helps :-)

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm


> Xp Home w/ SP2. IE 6.
> I am being blocked and redirected from anti virus sites such as Symantec &
> Macafee. When I type their address and hit enter I am directed to a site
> w/
> an address like dr.webhosts x x x sx s sx. This site shows links to
> various
> sites supposedly Norton, Symantec or MAcfee, not showing correct URLs. I
> cannot download any update files for my Norton Antivirus program. All
> windows
> SP2 updates have been applied. Any help available.
> Thanks
>
> 'Dance like no one is watching'

Thanks "Jan Il"
With your help I found that the hosts file under
windows/system32/drivers/etc folder had been compromised. ABout 60 entries
had been added which prevented access to the sites listed such as: Virus
update sites, manufacturers sites and windows updates site were all listed
and therefore blocked. Deleted all entires except Local Host thru Notepad,
updated all programs, ran scans again and now hoping that we got all of them
removed.

"Jan Il" wrote:

> Hi cjhjg :-)
>
> The problem is due to a hijacker or other malware on your system. Try the
> following and see if it helps. Even if you have already run some programs,
> run them again according to the instructions in the information below to
> thoroughly clean you system. Some variants of malware can replicate itself
> and return repeatedly if not cleaned properly. It is best to read through
> all the information before you start to know before hand what you need to do
> and how. Follow all instructions to letter as much as possible.
>
> WARNING>>>> Backup all documents and files before removing any spyware!!
>
> First., download and install BHODemon from
> http://www.definitivesolutions.com/bhodemon.htm
> Your problem may be caused by a bad BHO.
>
> If this does not resolve the problem, the do the following:
>
> Dealing with Unwanted Spyware and Parasites:
> http://mvps.org/winhelp2002/unwanted.htm
> What You Should Know About Spyware
> http://www.microsoft.com/athome/secu...ssoftware.mspx
> What you can do about spyware and other unwanted software
> http://www.microsoft.com/athome/secu...ywarewhat.mspx
> Most importantly, be sure to run CWShredder here
> http://www.majorgeeks.com/download3019.html
> Also this program searches for hidden .dlls that recreate the malware.
> About Buster:
> http://www.majorgeeks.com/download4289.html
> Then visit these two sites to test for parasites and help basic cleaning:
> On-Line Check
> http://aumha.org/a/noads.htm
> and
> Quick-Fix Protocol.
> http://aumha.org/a/quickfix.php
> Basically, throw everything here at your "infection".
>
> Also download and install HiJackThis -
>
> How to download and install HiJackThis:
> http://www.bleepingcomputer.com/forums/topict309.html
>
> Please DO NOT post your log to this newsgroup, but to the HiJackThis Support
> Forums below:
> AumHa HiJackThis Forum
> http://forum.aumha.org/viewforum.php?f=30
> or Bleeping Computer Forum
> http://www.bleepingcomputer.com/forums/forum22.html
> to allow the experts there to evaluate your log and advise you of any
> necessary steps to clean your system.
> (Note: You will have to Register before posting on these Forums. Please
> follow all posting instructions carefully to avoid having your log deleted
> or ignored.
>
> CAUTION!!!!! Before you try to remove spyware using any of the programs
> below, download a copy of LSPFIX from any of the following sites:
> http://www.cexx.org/lspfix.htm
> http://www.spychecker.com/program/winsockxpfix.html
> (if your OS is Win2k or XP) The process of removing certain malware may kill
> your internet connection. If this should occur, this program, LSPFIX, will
> enable you to regain your connection.
>
> You should also get a copy of WINSOCKXPFIX available at:
> http://www.spychecker.com/program/winsockxpfix.html
> and
> WinsockXP Fix- WinXP
> http://www.spychecker.com/program/winsockxpfix.html
> with instructions, at
> http://www.iup.edu/house/resnet/winfix.shtm
> also... From LavaSoft- all versions of Windows-
> http://digital-solutions.co.uk/lavasoft/whndnfix.zip
> (NOTE: It is reported that in XP SP2, the command netsh winsock reset
> will fix this problem without the need for these programs.)
> or Winsock Fix Utility
> http://www.dfwonline.net/files/WinsockFix.zip
>
> NOTE: If you can not download these programs from the Internet, if your PC
> has CD read capabilities, go to another computer with CD-ROM burning
> capabilities. Create a folder on the hard drive of the other computer called
> HOLD, download the programs to that folder, then burn that folder to a CD.
> Copy the HOLD folder to your HD and then install the programs from there
> and run them. After you have IE access again, update all programs where
> possible to get the latest definitions and run them again in Safe Mode to be
> sure there are no lingering items on the system.
>
> Hope this helps :-)
>
> Jan
> Smiles are meant to be shared,
> that's why they're so contagious.
>
> Replies are posted only to the newsgroup for the benefit or other readers.
> How to make a good newsgroup post:
> http://www.dts-l.org/goodpost.htm
>
>
> > Xp Home w/ SP2. IE 6.
> > I am being blocked and redirected from anti virus sites such as Symantec &
> > Macafee. When I type their address and hit enter I am directed to a site
> > w/
> > an address like dr.webhosts x x x sx s sx. This site shows links to
> > various
> > sites supposedly Norton, Symantec or MAcfee, not showing correct URLs. I
> > cannot download any update files for my Norton Antivirus program. All
> > windows
> > SP2 updates have been applied. Any help available.
> > Thanks
> >
> > 'Dance like no one is watching'
>
>
>