What infection might these "symptoms" indicate?

[Garret Swayne]

I'm posting this in behalf of a friend of mine whose computer seems infected
with a worm or virus of some sort. Here are the "symptoms":

1. Somehow her Internet Exporer is prevented from visiting the Norton or
McAfee websites for help. Whenever she navigates to one of these anti-virus
sites, she gets a "This page cannot be displayed" error. She can visit
other sites on the web, but not these anti-virus sites. We haven't tried
them all, just the two primary ones I know of--Symantec (Norton) and Network
Associates (McAfee). And the sites are not just "down". I check with my
non-infected computer, and those websites display fine. But she can't from
hers.

2. I got her a copy of Norton Anti-Virus 2004 and installed it on her
machine (a Sony Vaio lapton running Windows XP home edition). Supposedly,
it installed fine. But whenever we'd try to execute the AntiVirus program
or the Live Update program, it would open a window and start executing, but
then the window would unexpectedly and inexplicably close. Like the program
was being internally terminated by something.

3. She's noticed some other odd behaviors but can't exactly describe them.
But outside of what's mentioned above, her computer seems to function fairly
normally. She can get her email, she can surf the web, just not the sites
mentioned above. But she's scared to do any of that because she doesn't
have any functioning AV protection.

Do any of you AV experts out there know what kind of infection might cause
symptoms like these? We installed Norton Anti-virus software, but the
apparent infection is not allowing it to execute! What shall we do? I
presume the first step is to identify and get rid of the current infection
which seems to prevent the AV software from running. Is there a way to
maybe boot up her computer in DOS and run the AV program from DOS? But if
this infection is a very recent one, the AV program running under DOS
wouldn't be able to detect or fix it unless the program could first obtain
the most recent file updates. And there's no easy way to get the computer
to go online and do that under DOS, correct?

Anybody have a solution? Or can you point us to where we might be able to
find a solution? Any help or advice would be most appreciated.


=-=-=-=-=-=-=-=-=-=-=-=-=-=
Garret Swayne
(e-mail address removed)
www.garretswayne.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

[Brian]

I'm posting this in behalf of a friend of mine whose computer seems infected
with a worm or virus of some sort. Here are the "symptoms":

1. Somehow her Internet Exporer is prevented from visiting the Norton or
McAfee websites for help. Whenever she navigates to one of these anti-virus
sites, she gets a "This page cannot be displayed" error. She can visit
other sites on the web, but not these anti-virus sites. We haven't tried
them all, just the two primary ones I know of--Symantec (Norton) and Network
Associates (McAfee). And the sites are not just "down". I check with my
non-infected computer, and those websites display fine. But she can't from
hers.

2. I got her a copy of Norton Anti-Virus 2004 and installed it on her
machine (a Sony Vaio lapton running Windows XP home edition). Supposedly,
it installed fine. But whenever we'd try to execute the AntiVirus program
or the Live Update program, it would open a window and start executing, but
then the window would unexpectedly and inexplicably close. Like the program
was being internally terminated by something.

3. She's noticed some other odd behaviors but can't exactly describe them.
But outside of what's mentioned above, her computer seems to function fairly
normally. She can get her email, she can surf the web, just not the sites
mentioned above. But she's scared to do any of that because she doesn't
have any functioning AV protection.

Do any of you AV experts out there know what kind of infection might cause
symptoms like these? We installed Norton Anti-virus software, but the
apparent infection is not allowing it to execute! What shall we do? I
presume the first step is to identify and get rid of the current infection
which seems to prevent the AV software from running. Is there a way to
maybe boot up her computer in DOS and run the AV program from DOS? But if
this infection is a very recent one, the AV program running under DOS
wouldn't be able to detect or fix it unless the program could first obtain
the most recent file updates. And there's no easy way to get the computer
to go online and do that under DOS, correct?

Anybody have a solution? Or can you point us to where we might be able to
find a solution? Any help or advice would be most appreciated.

1. Try connecting to http://housecall.antivirus.com/housecall/start_corp.asp
where, if it will connect, you can run an online virus check.
2. Make sure there is no firewall on her machine that needs to be configured
for the blocked sites.
3. Run Windows in 'Safe Mode' (by pumping F8 during bootup and then
selecting Safe Mode from the list) and then run the anti virus software.

Brian

 

[Tom R]

I'm posting this in behalf of a friend of mine whose computer seems infected
with a worm or virus of some sort. Here are the "symptoms":

1. Somehow her Internet Exporer is prevented from visiting the Norton or
McAfee websites for help. Whenever she navigates to one of these anti-virus
sites, she gets a "This page cannot be displayed" error. She can visit
other sites on the web, but not these anti-virus sites. We haven't tried
them all, just the two primary ones I know of--Symantec (Norton) and Network
Associates (McAfee). And the sites are not just "down". I check with my
non-infected computer, and those websites display fine. But she can't from
hers.

2. I got her a copy of Norton Anti-Virus 2004 and installed it on her
machine (a Sony Vaio lapton running Windows XP home edition). Supposedly,
it installed fine. But whenever we'd try to execute the AntiVirus program
or the Live Update program, it would open a window and start executing, but
then the window would unexpectedly and inexplicably close. Like the program
was being internally terminated by something.

3. She's noticed some other odd behaviors but can't exactly describe them.
But outside of what's mentioned above, her computer seems to function fairly
normally. She can get her email, she can surf the web, just not the sites
mentioned above. But she's scared to do any of that because she doesn't
have any functioning AV protection.

Do any of you AV experts out there know what kind of infection might cause
symptoms like these? We installed Norton Anti-virus software, but the
apparent infection is not allowing it to execute! What shall we do? I
presume the first step is to identify and get rid of the current infection
which seems to prevent the AV software from running. Is there a way to
maybe boot up her computer in DOS and run the AV program from DOS? But if
this infection is a very recent one, the AV program running under DOS
wouldn't be able to detect or fix it unless the program could first obtain
the most recent file updates. And there's no easy way to get the computer
to go online and do that under DOS, correct?

Anybody have a solution? Or can you point us to where we might be able to
find a solution? Any help or advice would be most appreciated.


=-=-=-=-=-=-=-=-=-=-=-=-=-=
Garret Swayne
(e-mail address removed)
www.garretswayne.com
=-=-=-=-=-=-=-=-=-=-=-=-

This is my standard answer to people that ask me what to
do about an infected computer, they don't have to be done
in this order but I've found it works best.
TR

Install Zone Alarm "Free"
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Here is a link to the Zone Alarm home page so you can read some more about
it.
http://www.zonelabs.com/store/content/home.jsp

I would download and run Ad-Aware, (free) be sure to update it after you
install it. http://www.lavasoftusa.com/software/adaware/

You should also run Spybot Search and Destroy, (free)
http://www.safer-networking.org
Run both Ad-Aware, and Spybot at least once a week if you do a lot of
browsing.
They both need to be updated every once in awhile. They do the same thing,
but
one of them will find stuff that the other one don't



This is just to be sure that nothing got by Norton's, I don't think
any anti-virus program will catch everthing, there are too many
new virus's for any one company to keep up.

Then run at least one of these free online virus scan programs,

RAV http://www.ravantivirus.com/scan/

Panda: http://www.pandasoftware.com/activescan/

BitDefender http://www.bitdefender.com/scan/license.php


After you are sure the machine is clean, download and install
SpywareBlaster(free) to help keep it that way,
be sure and click the "Update" button after you install it.
Katie,
You should be able to do this now, while the computer is new.

http://www.javacoolsoftware.com/spywareblaster.html

Good Luck, Tom

 

[Bullwinkel J. Moose]

Just a thought: if these are the only 2 site you can't get to try for google
and get to them through google.

 

[Vladesch]

I'm posting this in behalf of a friend of mine whose computer seems infected
with a worm or virus of some sort. Here are the "symptoms":

1. Somehow her Internet Exporer is prevented from visiting the Norton or
McAfee websites for help. Whenever she navigates to one of these anti-virus
sites, she gets a "This page cannot be displayed" error. She can visit
other sites on the web, but not these anti-virus sites. We haven't tried
them all, just the two primary ones I know of--Symantec (Norton) and Network
Associates (McAfee). And the sites are not just "down". I check with my
non-infected computer, and those websites display fine. But she can't from
hers.

Search for a file(s) cales HOSTS
Delete all but localmachine

2. I got her a copy of Norton Anti-Virus 2004 and installed it on her
machine (a Sony Vaio lapton running Windows XP home edition). Supposedly,
it installed fine. But whenever we'd try to execute the AntiVirus program
or the Live Update program, it would open a window and start executing, but
then the window would unexpectedly and inexplicably close. Like the program
was being internally terminated by something.

Its terminating Nortons.
Try running in safe mode (hit f8 on startup), or disable the virus in
startup with msconfig.
Sometimes they are hard to spot. They use names like WINMGR or MSRUN etc etc
to try and fool you.

3. She's noticed some other odd behaviors but can't exactly describe them.
But outside of what's mentioned above, her computer seems to function fairly
normally. She can get her email, she can surf the web, just not the sites
mentioned above. But she's scared to do any of that because she doesn't
have any functioning AV protection.

Do any of you AV experts out there know what kind of infection might cause
symptoms like these? We installed Norton Anti-virus software, but the

This is pretty standard for many worms.
Run the latest patches, turn on the firewall.

 

[9th Commandment]

www.grisoft.com has AVG which should fix the problem provided she has
a firewall program as well. She probably has the Padabot.P virus along
with qhosts, Sasser and some others. If she is that infected you
should get at least two of the spyware removal programs that are
available for free.

I had the exact same problems and with the latest AVG I was able to
get rid of it and with the help of Spy Sweeper get rid of some
suspicious residuals.

http://www.webspawner.com/users/shawcable/index.html

 

[Cliff Wragg]

Yes....I have a friend with exactly the same problem.

Eventually, we found that he had 4 trojans on board (BOClean was the
only program that could catch them). They were: wserv32, pornkey,
keylogger and netsky.

One or all of them shut down all the protection such as ZoneAlarm and
Norton and AVG.

After many attempts to cure the problem, we had to reformat the drive
and reinstall XP. The damage was too great. Even then, I had to do it
twice because first time I reimported the rogue emails when I restored
his data. (I needed to scan the back-up CD and avoid the culprits)

Good luck

CliffW

 

[cquirke (MVP Win9x)]

On Wed, 7 Jul 2004 18:22:26 +0000 (UTC), Cliff Wragg

Eventually, we found that he had 4 trojans on board (BOClean was the
only program that could catch them). They were: wserv32, pornkey,
keylogger and netsky. One or all of them shut down all the protection
such as ZoneAlarm and Norton and AVG.

After many attempts to cure the problem, we had to reformat the drive
and reinstall XP. The damage was too great.

I'd re-phrase that as: XP's maintainability was too useless. Unless
you're talking about payload damage?

Even then, I had to do it twice because first time I reimported the
rogue emails when I restored his data. (I needed to scan the
back-up CD and avoid the culprits)

This highlights the importance of clean, pure data backups.

You have to dance around:
- email apps that hide attachments in mailboxes (most of them)
- MS duhfaults that use "My Documents" for IE, MSN etc.

-------------------- ----- ---- --- -- - - - -

No, perfection is not an entrance requirement.
We'll settle for integrity and humility

 

[a. chalupa]

On Wed, 7 Jul 2004 18:22:26 +0000 (UTC), Cliff Wragg



I'd re-phrase that as: XP's maintainability was too useless. Unless
you're talking about payload damage?


This highlights the importance of clean, pure data backups.

You have to dance around:
- email apps that hide attachments in mailboxes (most of them)
- MS duhfaults that use "My Documents" for IE, MSN etc.



No, perfection is not an entrance requirement.
We'll settle for integrity and humility

I'm battling the same exact issue. One thing to consider is using a
program call HiJaak This it's a spyware application. There are some
notes on what to do at www.spywareinfo.com which is a great spyware
resource. Go into the forums area and do a search on Qhosts you'll
find a few articles on where to go and what to remove when using the
hijaak program. BTW hijaak is a very small app and should be used
cautiosly as not all it reports is necessarily bad but very thourough
in telling you whats loading on your computer.

Like you I have repeatedly loaded NAV 2004 and only get one good run
out of it until a reboot then everything goes south and quits working.
Refer to the above webstite and search out the details you should get
the tips you need.

Im going to try tonight to finally rid the computer of it and will
post my findings.