No Internet page shows up - still virues(es)

[Guest]

I've posted about this Dell 2400 (XP) before (Dec 9); I've been working on it
to remove viruses, adware, etc 'cuz it was loaded with junk and had no AV
program installed. I finally got Grisoft's AVG to load. When I first tried to
update the definitions, it started then popped up "Virus found!". I ran the
scan - it had 28 viruses (removed 27). When I tried to go online after that,
I could connect (dial-up), but I couldn't get to a page. A box popped up
saying the Internet connection failed. The address showed
"res:shdoclc.dll/dnserror.htm" on the Cannot find server page.How can I fix
this???
-- Also, the one remaining that couldn't be fixed (deleted) was a Trojan
horse - Downloader.VB.S. After searching on Symantec's website, I couldn'd
find a fix or reference to it. It was in the file
C:\WINDOWS\SYSTEM32\Cip9g.exe. Is this a valid file or just trash?? Is this
affecting the Internet? Please help!!
Barb Zakrzewski

 

[Lanwench [MVP - Exchange]]

I've posted about this Dell 2400 (XP) before (Dec 9); I've been
working on it to remove viruses, adware, etc 'cuz it was loaded with
junk and had no AV program installed. I finally got Grisoft's AVG to
load. When I first tried to update the definitions, it started then
popped up "Virus found!". I ran the scan - it had 28 viruses
(removed 27). When I tried to go online after that, I could connect
(dial-up), but I couldn't get to a page. A box popped up saying the
Internet connection failed. The address showed
"res:shdoclc.dll/dnserror.htm" on the Cannot find server page.How can
I fix this???

Can you run an ipconfig /all and see that you're getting an IP address,
subnet mask, default gateway? Can you ping the default gateway IP address?
If not, post your results and/or see if http://www.cexx.org/lspfix.htm
helps.

-- Also, the one remaining that couldn't be fixed

(deleted) was a Trojan horse - Downloader.VB.S. After searching on
Symantec's website, I couldn'd find a fix or reference to it. It was
in the file C:\WINDOWS\SYSTEM32\Cip9g.exe. Is this a valid file or
just trash?? Is this affecting the Internet? Please help!!
Barb Zakrzewski

Different vendors use different names. Try searching at www.grisoft.com or
look in your virus vault/logs in AVG to see if you can get more info about
it. Google may help....

You need to keep your AV software updated - note that if you're using AVG 6
free edition, it's been replaced by AVG 7. Updates/support for 6 will
discontinue as of 12/31/2004 so go get the latest one from Grisoft & install
it.

Also keep your Windows Updates current, and make sure you enable your
firewall. Practice save hex. Etc.

 

[Guest]

Lanwench -
Thanks for advice about multiple posting - I didn't know that.
As for my problem, I did the ipconfig and have IP address, subnet, and the
default gateway of: (216.114.164.133). I did ping it successfully (4 sent
and 4 ret'd.)
I have not had a chance to research the other websites. (Today I will.) Do
you think it was probably an infected IE file and AVG deleted it??
I was able to access Internet before I did the AVG definitions update - I
honestly don't know if that update ever fin'd 'cuz of the "Virus found"
message. I tried to redo the update immediately after that and that's when I
got "Internet connection has failed. ...?check settings?" (not exact words).
Any add'l ideas?? I will check that cexx.org site.

 

[Lanwench [MVP - Exchange]]

Lanwench -
Thanks for advice about multiple posting - I didn't know that.

No prob!

As for my problem, I did the ipconfig and have IP address, subnet,
and the default gateway of: (216.114.164.133). I did ping it
successfully (4 sent and 4 ret'd.)

OK...then try pinging something else, like www.yahoo.com and see if a) it
resolves to a name and b) replies
If this works, it isn't a TCP/IP/networking problem, more likely a browser
problem.

 

[Guest]

Lanwench -
Thank-you for the LSPfix website. I had heard about this LSPfix before, but
hadn't bothered trying it. I also didn't know where to get it 'cuz I lost
that info. This Dell computer caught me "with my pants down", but now before
I install and run AdAware on any computer I'm cleaning, I'll probably install
the LSPfix on Desktop in case I need it. I've copied it to a 3.5" floppy.
This worked on the Dell and now we can go to any website. Thanks again!!
There is still a problem with this computer as there is a black "warning"
screen about hard drive info being attainable even if you delete things,
etc... Then at the bottom, there's a "removal instructions" line. The major
part of this black screen is like a website with the "hand" when you run the
mouse over it. I can still get to the regular desktop, as there is about a
half-inch of regular desktop at bottom to use when needed. I'm leery of
pressing the "Removal " line 'cuz I'm afraid it might be a virus unleashed.
Any ideas?? I can repost with more exact wording, but right now I'm not home.
The AVG scan shows no viruses now. I really would like to get rid of this
screen. Thanks.

 

[Lanwench [MVP - Exchange]]

Lanwench -
Thank-you for the LSPfix website. I had heard about this LSPfix
before, but hadn't bothered trying it. I also didn't know where to
get it 'cuz I lost that info. This Dell computer caught me "with my
pants down", but now before I install and run AdAware on any computer
I'm cleaning, I'll probably install the LSPfix on Desktop in case I
need it. I've copied it to a 3.5" floppy.

Good to have around, definitely. There are others utilities like it out
there too.

This worked on the Dell
and now we can go to any website. Thanks again!!

You're welcome.

There is still a
problem with this computer as there is a black "warning" screen about
hard drive info being attainable even if you delete things, etc...

Exact message?

Then at the bottom, there's a "removal instructions" line. The major
part of this black screen is like a website with the "hand" when you
run the mouse over it. I can still get to the regular desktop, as
there is about a half-inch of regular desktop at bottom to use when
needed. I'm leery of pressing the "Removal " line 'cuz I'm afraid it
might be a virus unleashed. Any ideas?? I can repost with more exact
wording, but right now I'm not home. The AVG scan shows no viruses
now.

This doesn't sound like a virus. Download the latest versions of both
AdAware and Spybot Search & Destroy, install them, run one at a time
(update) and scan.

 

[Guest]

Lanwench -
The black screen has a smaller area in dashed lines and that is like a
webpage where you get the "hand". If you click on it, it brings you to:
"http://213.159.117.149/partner/jump.php/?2" address in bar.
The black screen actually says:
"WARNING!
YOU'RE IN DANGER!

All you do with computer is stored forever in your hard disk. When you visit
sites, send e-mails... all your actions are logged. And it is impossible to
remove them with standard tools. Your data is still available for forensics.
And in some cases for your boss, your friends, your wife, your children.

Every site you or somebody or even something, like spyware, opened in your
browser, with all images, and all downloaded and maybe later removed movies
or mp3 songs - ARE STILL THERE and could broke your life!

SECURE YOURSELF RIGHT NOW!"

Then underneath that is a line in gray box "REMOVAL INSTRUCTIONS" but
doesn't seem to do anything.

When I clicked on message area, went to a website (IP address above) that
wants you to buy their protection services (various). Any idea how to get
rid of this black screen?? I've returned the computer to the owners, but
after XMAS I'll probably stop by. I might be able to talk them thru a fix if
it's easy enough. I sat down with daughter and showed how to do all system
maintenance. The Spybot and AdAware are up-to-date as is the AVG7.0. Please
help, thanks.

 

[Malke]

Lanwench -
The black screen has a smaller area in dashed lines and that is like a
webpage where you get the "hand". If you click on it, it brings you
to: "http://213.159.117.149/partner/jump.php/?2" address in bar.
The black screen actually says:
"WARNING!
YOU'RE IN DANGER!

All you do with computer is stored forever in your hard disk. When you
visit
sites, send e-mails... all your actions are logged. And it is
impossible to remove them with standard tools. Your data is still
available for forensics. And in some cases for your boss, your
friends, your wife, your children.

Every site you or somebody or even something, like spyware, opened in
your browser, with all images, and all downloaded and maybe later
removed movies or mp3 songs - ARE STILL THERE and could broke your
life!

SECURE YOURSELF RIGHT NOW!"

Then underneath that is a line in gray box "REMOVAL INSTRUCTIONS" but
doesn't seem to do anything.

When I clicked on message area, went to a website (IP address above)
that
wants you to buy their protection services (various). Any idea how to
get
rid of this black screen?? I've returned the computer to the owners,
but
after XMAS I'll probably stop by. I might be able to talk them thru a
fix if it's easy enough. I sat down with daughter and showed how to do
all system
maintenance. The Spybot and AdAware are up-to-date as is the AVG7.0.
Please help, thanks.

I hope Lanwench won't mind that I jump in here. The black screen proves
that the computer is not clean of malware. Since most of this thread
was taken up by your problem getting to the Internet (solved with
LSPFix), you never described what you did to remove the malware.
Although you've used Spybot and Ad-aware, you should go through the
following removal steps again, using updated tools and doing all scans
in Safe Mode. When I clean a system, I also manually delete bad files,
but this takes a deep knowledge of the Windows operating system and
skill. This isn't something you can have an end user do.

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Depending on what you're charging and what the client wants to pay, it
might be a lot more sensible to just flatten the system and start over.

Malke

 

[Lanwench [MVP - Exchange]]

I hope Lanwench won't mind that I jump in here.

Not at all - your advice is sound, as always.

 

[Guest]

How do I change my screen to be smaller so I can view in Outlook and Windows
in general. Also, I get a warning each time I open my PC saying" Google
Desktop is not compatible with your PC and you need Windows XP or Service
Pack 3 or above." I already have Windows XP. Can you help me?