Weird virus - Please help !!!

[Neil Hindry]

I have a computer with Win XP Pro. I was infected with which I thought I had
removed, the virus infected a file called explored.exe. I did a scan with
Norton & it says I am clean. I can go on the internet and connect to some
pages. However, when I try to go to www.symantec.com or some other
antivirus websites I cannot connect; it says it cannot find the page.

I rang my ISP and explained the problem. They told me to look in the hosts
file in c:\windows\system32\drivers\etc.
After the comments the next line was as follows :-
127.0.0.1 local host

After that there was a blank line and then the line as shown below :-
127.0.0.1 www.symantec.com

There were lots of other entries below that line but with symantec replaced
with other antivirus websites. So when I try to go to those sites listed I
just get sent to my own computer (like a loop) because 127.0.0.1 is my own
PC. I deleted these entries in the hosts file and then I could not connect
to any website. I put the entries back into the hosts file, then I went to
www.bitdefender.co.uk (I could get on this site) and I did an online scan
and that also found my system to be clean.

I tried to re-install Windows XP Pro and not long after it started it
stopped with an error saying there was a problem. It could be a hardware
problem or it could be a virus. Then it said

"Technical information
*** Stop: 0x0000007B (0xF7C7E63C, 0x00000034, 0x00000000, 0x00000000)"

How can I get rid of the virus that two virus programs said didn't exist?
How can I get my computer back to normal so that I can connect to any page I
want.
I really hope someone out there can help me as I am desperate for help as I
do not know what to do next. I appreciate any help or information give.

Please help me.

Thanks

 

[Conny]

I have a computer with Win XP Pro. I was infected with which I thought I had
removed, the virus infected a file called explored.exe. I did a scan with
Norton & it says I am clean. I can go on the internet and connect to some
pages. However, when I try to go to www.symantec.com or some other
antivirus websites I cannot connect; it says it cannot find the page.

I rang my ISP and explained the problem. They told me to look in the hosts
file in c:\windows\system32\drivers\etc.
After the comments the next line was as follows :-
127.0.0.1 local host

After that there was a blank line and then the line as shown below :-
127.0.0.1 www.symantec.com

There were lots of other entries below that line but with symantec replaced
with other antivirus websites. So when I try to go to those sites listed I
just get sent to my own computer (like a loop) because 127.0.0.1 is my own
PC. I deleted these entries in the hosts file and then I could not connect
to any website. I put the entries back into the hosts file, then I went to
www.bitdefender.co.uk (I could get on this site) and I did an online scan
and that also found my system to be clean.

I tried to re-install Windows XP Pro and not long after it started it
stopped with an error saying there was a problem. It could be a hardware
problem or it could be a virus. Then it said

"Technical information
*** Stop: 0x0000007B (0xF7C7E63C, 0x00000034, 0x00000000, 0x00000000)"

How can I get rid of the virus that two virus programs said didn't exist?
How can I get my computer back to normal so that I can connect to any page I
want.
I really hope someone out there can help me as I am desperate for help as I
do not know what to do next. I appreciate any help or information give.

Please help me.

Thanks

Just remove the line: 127.0.0.1 www.symantec.com

 

[null]

I have a computer with Win XP Pro. I was infected with which I thought I had
removed, the virus infected a file called explored.exe.

There are a number of malwares that install a file by that name.

I did a scan with
Norton & it says I am clean.

Is NAV up to date? I suspect Agobot:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.KM&VSect=T

I can go on the internet and connect to some
pages. However, when I try to go to www.symantec.com or some other
antivirus websites I cannot connect; it says it cannot find the page.

I rang my ISP and explained the problem. They told me to look in the hosts
file in c:\windows\system32\drivers\etc.
After the comments the next line was as follows :-
127.0.0.1 local host

After that there was a blank line and then the line as shown below :-
127.0.0.1 www.symantec.com

There were lots of other entries below that line but with symantec replaced
with other antivirus websites. So when I try to go to those sites listed I
just get sent to my own computer (like a loop) because 127.0.0.1 is my own
PC. I deleted these entries in the hosts file and then I could not connect
to any website. I put the entries back into the hosts file, then I went to
www.bitdefender.co.uk (I could get on this site) and I did an online scan
and that also found my system to be clean.

Rename the hosts file to get it out of the way. You can create another
one later if you want one.

I tried to re-install Windows XP Pro and not long after it started it
stopped with an error saying there was a problem. It could be a hardware
problem or it could be a virus. Then it said

"Technical information
*** Stop: 0x0000007B (0xF7C7E63C, 0x00000034, 0x00000000, 0x00000000)"

How can I get rid of the virus that two virus programs said didn't exist?
How can I get my computer back to normal so that I can connect to any page I
want.
I really hope someone out there can help me as I am desperate for help as I
do not know what to do next. I appreciate any help or information give.

I suggest that you Google explored.exe and find out which malware
matches the descriptions you'll find ... for one thing. Start out
though by seeing if Agobot variant descriptions match what you see in
the registry and so forth.

You could also try running Trend's SysClean in Safe mode. See my web
for the Sys-Up download.


Art
http://www.epix.net/~artnpeg

 

[David W. Hodgins]

I rang my ISP and explained the problem. They told me to look in the hosts
file in c:\windows\system32\drivers\etc.
After the comments the next line was as follows :-
127.0.0.1 local host

That should be localhost, without the space.

PC. I deleted these entries in the hosts file and then I could not connect
to any website. I put the entries back into the hosts file, then I went to

You should keep the line with localhost, and just delete the rest.

I tried to re-install Windows XP Pro and not long after it started it

Did you format first? Re-install over top of an existing installation will not
overwrite files, or registry entries that have been added, since you first installed.

It will also effectively "undo" all of the security updates you've applied, and
leave your computer completely open to attack, by such things as blaster.

stopped with an error saying there was a problem. It could be a hardware
problem or it could be a virus. Then it said

Delete the contents of the hosts file, except for the localhost line. Read and
follow the instructions in http://isc.sans.org/presentations/xpsurvivalguide.pdf
to reinstall xp, and then apply all of the updates.

Regards, Dave Hodgins