C
Chris Barnes
I am trying to help a person recover from an infected computer and am
*almost* there, but have 1 nagging problem I can't seem to figure out.
I am not 100% positive it is related to her infection.
WinXP Home w/ SP2 (but obviously still needing some updates).
Removed an old version of Norton and installed Corp Ed 10.2.
* Had to run the updated virus defs manually because the computer
wouldn't connect to symantec to do them automatically.
Also installed Spybot Search & Destroy. Was able to do those updates.
Rebooted into Safe Mode - ran both AV and Spybot. Found 12 spyware & 14
virii (one of them had 60+ occurances). Cleaned those off - but had a
couple it couldn't clean.
Rebooted into Safe Mode and ran them again. Spybot found 2 more; was
able to clean off. AV found 1 more virus, was able to quarantine (which
I then deleted).
Rebooted into Safe Mode for 3rd time and did it again. Both scans came
up clean (finally).
HERE IS WHERE THE EXISTING PROBLEM SHOWS UP...
Rebooted into regular mode. Nothing suspicious in Task Manager. Tried
to goto http://windowsupdate.microsoft.com/, but computer tries to
connect to 192.168.0.1 Check my network settings - yep, have a valid
IP. Open cmd prompt and can ping out. Check Symantec AV - still can't
connect to it's Liveupdate site.
Check IE settings - the Security is set to "Allow all cookies". Reset
to default, close IE. Reopen IE and check settings again - Security
again set to "allow all cookies".
Now I turn to this group for advice. I am usually pretty good at nuking
infected machines, but this one has me stumped.
*almost* there, but have 1 nagging problem I can't seem to figure out.
I am not 100% positive it is related to her infection.
WinXP Home w/ SP2 (but obviously still needing some updates).
Removed an old version of Norton and installed Corp Ed 10.2.
* Had to run the updated virus defs manually because the computer
wouldn't connect to symantec to do them automatically.
Also installed Spybot Search & Destroy. Was able to do those updates.
Rebooted into Safe Mode - ran both AV and Spybot. Found 12 spyware & 14
virii (one of them had 60+ occurances). Cleaned those off - but had a
couple it couldn't clean.
Rebooted into Safe Mode and ran them again. Spybot found 2 more; was
able to clean off. AV found 1 more virus, was able to quarantine (which
I then deleted).
Rebooted into Safe Mode for 3rd time and did it again. Both scans came
up clean (finally).
HERE IS WHERE THE EXISTING PROBLEM SHOWS UP...
Rebooted into regular mode. Nothing suspicious in Task Manager. Tried
to goto http://windowsupdate.microsoft.com/, but computer tries to
connect to 192.168.0.1 Check my network settings - yep, have a valid
IP. Open cmd prompt and can ping out. Check Symantec AV - still can't
connect to it's Liveupdate site.
Check IE settings - the Security is set to "Allow all cookies". Reset
to default, close IE. Reopen IE and check settings again - Security
again set to "allow all cookies".
Now I turn to this group for advice. I am usually pretty good at nuking
infected machines, but this one has me stumped.