where to go for malware help?

[S. Needham]

Folk:

Monday I hit a site that apparently malwared me. I've been having trouble
with IE7 since then; today I noticed that none of my antivirus or
antispyware apps can connect to their update sites; last updates were
Monday; cannot system restore; cannot connect to antivirus or antispyware
download sites.

This is now a Serious Problem. HELP!!

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[John Inzer]

Folk:

Monday I hit a site that apparently malwared me. I've been having
trouble with IE7 since then; today I noticed that none of my
antivirus or antispyware apps can connect to their update sites; last
updates were Monday; cannot system restore; cannot connect to
antivirus or antispyware download sites.

This is now a Serious Problem. HELP!!

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

===============================
Did you try system restore in Safe Mode?

--

J. Inzer MS-MVP
Digital Media Experience

Notice
This is not tech support
I am a volunteer

Solutions that work for
me may not work for you

Proceed at your own risk

 

[Daave]

Folk:

Monday I hit a site that apparently malwared me. I've been having
trouble with IE7 since then; today I noticed that none of my
antivirus or antispyware apps can connect to their update sites; last
updates were Monday; cannot system restore; cannot connect to
antivirus or antispyware download sites.

This is now a Serious Problem. HELP!!

See this post:

http://groups.google.com/group/microsoft.public.security.homeusers/msg/6dd5ca436492f390?hl=en

One thing that might work is to use another PC and download the free
version (click on the blue button) of MalwareBytes Antimalware:

http://www.malwarebytes.org/mbam.php

The installation
file is named:

mbam-setup.exe

Rename the file to something like nnedham.exe

Then transfer it to a flash drive.

Then start your PC in Safe Mode (with Networking, if possible), copy the
file from the flash drive to your PC, and double-click it to install. If
you are able to use Safe Mode with networking, you have the added
benefit of downloading the latest antimalware definitions. If not,
install and run in plain old Safe Mode; it's better than nothing.

Reboot.

If the above doesn't work, then see the post referenced above so that
you can run HijackThis.

 

[Bruce Hagen]

Folk:

Monday I hit a site that apparently malwared me. I've been having trouble
with IE7 since then; today I noticed that none of my antivirus or
antispyware apps can connect to their update sites; last updates were
Monday; cannot system restore; cannot connect to antivirus or antispyware
download sites.

This is now a Serious Problem. HELP!!

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

Checking for help with Hijackware

http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It
will help you to both identify and remove any hijackware/spyware *with
assistance from an expert in such matters*.

**Post your logs to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

 

[albert hodkinson]

I have used Spybot search and destroy. This seems to find all spy and
mallware. Easy to install and updates every week. It has kept my laptop
running with no problems.

Albert

 

[RJK]

.... one of my favourites,with a good detection rate is PrevX,
.... http://www.prevx.com/freescan.asp

regards, Richard

 

[PA Bear [MS MVP]]

Asked/Answer in IE General. If you must make identical posts to multiple
newsgroups, please cross-post one (1) message to all of them. Thank you.

Multiposting vs Crossposting:
http://www.blakjak.demon.co.uk/mul_crss.htm

 

[S. Needham]

Yes.

--

SN

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[S. Needham]

My problem is that any spyware remover I install needs to connect to
update--whatever I've got prevents all such connections. But I will try.

--

SN

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[S. Needham]

Well, answered is not solved. But message received.

SN

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[Alias]

Folk:

Monday I hit a site that apparently malwared me. I've been having trouble
with IE7 since then; today I noticed that none of my antivirus or
antispyware apps can connect to their update sites; last updates were
Monday; cannot system restore; cannot connect to antivirus or antispyware
download sites.

This is now a Serious Problem. HELP!!

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

Are you backed up?

You can spend the next hours/days trying to find and nuke this malware
or you can reinstall Windows in a few hours. I would go the latter route
as it's for sure. You may find malware but not all of it and you WILL
spend a long time doing it.

Alias

 

[Twayne]

Folk:

Monday I hit a site that apparently malwared me. I've been having
trouble with IE7 since then; today I noticed that none of my
antivirus or antispyware apps can connect to their update sites; last
updates were Monday; cannot system restore; cannot connect to
antivirus or antispyware download sites.

This is now a Serious Problem. HELP!!

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

Often those blocks only block text URLs, not IP addresses. That means
that instead of using the text URL if you put the IP address
(xxx.xxx.xxx.xxx) into the address bar instead, you are likely to be
able to connect to your AV update site.

One place you can do that is at:
http://centralops.net/co/DomainDossier.aspx
Enter the text URL www.whatever.tld, check the Network Whois Record box,
then click GO and the IP will be the first line in the output.
Then put that IP in your browser addess box instead of the text. It
should take you to your desired site.

I've used this method once myself and a couple of times on other's
machines; it works well.
HTH,

Twayne`

 

[RJK]

...also
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201397
....paragraph 4
i.e. ...PrevX uses a "cloud" of it's own, as well !!!

regards, Richard

 

[Paul]

My problem is that any spyware remover I install needs to connect to
update--whatever I've got prevents all such connections. But I will try.

I found a reference here, to getting MalwareBytes to run on an
isolated (no network) computer.

http://www.malwarebytes.org/forums/index.php?showtopic=11217&pid=55838&st=0&#entry55838

The poster suggested going to these two links. This will give you the program,
plus the updates.

http://www.download.com/Malwarebyte...4572.html?part=dl-10804572&subj=dl&tag=button

http://www.gt500.org/malwarebytes/database.jsp

Good luck,
Paul

 

[Randem]

This information might be useful http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

 

[S. Needham]

So I was able to d/l PreVx, and it IDed and removed the malware. ZoneAlarm
was dazed and confused, so I reinstalled it. Only problem now is that I
can't update ZA--but I'll try the IP address tricks.

Thanks to all who responded.

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[Jose]

So I was able to d/l PreVx, and it IDed and removed the malware.  ZoneAlarm
was dazed and confused, so I reinstalled it.  Only problem now is that I
can't update ZA--but I'll try the IP address tricks.

Thanks to all who responded.

Regards and Happy Trails,

Scott Needham

Good job.

I have been running Prevx for on a couple reusables here - nice chart
they have.

I quickly scanned the trail here - do you remember know what it
identified? Just curious.

Jose

 

[PA Bear [MS MVP]]

I can't update ZA

Can you reach http://windowsupdate.microsoft.com & install available
updates? If not, you have more work to do.

 

[S. Needham]

Can you reach http://windowsupdate.microsoft.com & install available
updates? If not, you have more work to do.

Good thought, and when I tried I can't get there.

DANG THEIR BLACK SOULS, MATEY.

Now what?

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA

 

[S. Needham]

Is there server info I can put in my hosts file? That was the problem with
updating ZoneAlarm.

Regards and Happy Trails,

Scott Needham
Boulder, Colorado, USA