|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
26-11-2008, 08:42 AM
|
#11 |
|
Newbie
Join Date: Nov 2008
Age: 19
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 |
Re: Can't access Antivirus Sites/Google/Avast etc.
Content's of host file :
Code:
#F*ckY*u # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 http://www.mininova.org 127.0.0.1 www.mininova.com 127.0.0.1 http://www.thepiratebay.org 127.0.0.1 http://www.suprbay.org 127.0.0.1 mininova.org 127.0.0.1 mininova.com 127.0.0.1 thepiratebay.org 127.0.0.1 suprbay.org http://78.107.238.161 http://google.com[/quote] [quote] Content's of hijackthis log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:42 PM, on 11/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\qttask.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogin.exe C:\WINDOWS\TEMP\winlogun.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\csrssc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HP_Owner\Desktop\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Radio - WindowsMedia.com Media Guide R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\ntos.exe, O1 - Hosts: TopServer: ñòàðòîâàÿ ñòðàíèöà Google O2 - BHO: (no name) - {639fcd5c-1d44-4107-87b0-1207c456b355} - C:\WINDOWS\system32\opnlLCVm.dll O2 - BHO: (no name) - {b215471c-28a3-4d25-92c4-5a6ad0256c6b} - C:\WINDOWS\system32\ssqRIayW.dll O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jsne87fidgf.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogin.exe O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\WINDOWS\TEMP\winlogun.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogin.exe O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-9005711985-2729699680-710148900-4612\service.exe O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\WINDOWS\TEMP\winlogun.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O20 - Winlogon Notify: ssqRIayW - C:\WINDOWS\SYSTEM32\ssqRIayW.dll O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\WINDOWS\system32\siejf93.dll O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9602 bytes Last edited by Strider; 14-01-2009 at 11:59 AM.. |
|
|
|
26-11-2008, 09:37 AM
|
#12 | |
|
Founder
 
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62
  OS:
|
Re: Can't access Antivirus Sites/Google/Avast etc.
Hosts file
Did you add these lines to the file like, 127.0.0.1 mininova.org. If it's not intentionally done I suggest you remove the line lines under 127.0.0.1 localhost once we removed the malware. These processes are not looking good. I'll be back soon. Call for a meeting.  Quote:
|
|
|
|
|
|
26-11-2008, 09:47 AM
|
#13 | |
|
Newbie
Join Date: Nov 2008
Age: 19
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
|
Re: Can't access Antivirus Sites/Google/Avast etc.
Quote:
I have never opened the host file nor edited any of it's contents. I'll be here waiting, Yesterday I started the comp. and I could not click on anything, and everytime I put the mouse on top of the task bar I got an hourglass. |
|
|
|
|
|
26-11-2008, 10:13 AM
|
#14 |
|
Founder
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62
OS:
|
Re: Can't access Antivirus Sites/Google/Avast etc.
You have some infections and it's visible in the Hijackthis log.
1. First of all Disable system restore in all the drives. 2. Clear your hosts file. 3. The best way to do the fix is using a SPybot S & D scan. Are you sure you can't download it from any of the Mirrors I posted. If you can, install it and do a scan. If still can't please post back. |
|
|
|
|
26-11-2008, 10:20 AM
|
#15 |
|
Newbie
Join Date: Nov 2008
Age: 19
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
|
Re: Can't access Antivirus Sites/Google/Avast etc.
It's not letting me go to the link you provided to disable system restore.
I don't have any saved points they have all been wiped away. And I will try all the mirrors again. Last edited by e30etakid; 26-11-2008 at 10:32 AM.. Reason: Edit: Got it disabled |
|
|
|
|
26-11-2008, 10:46 AM
|
#16 |
|
Newbie
Join Date: Nov 2008
Age: 19
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
|
Re: Can't access Antivirus Sites/Google/Avast etc.
 Once again, I'm getting nothing when it try's to install. I can install the spybot.exe but I cannot install the program to my computer. |
|
|
|
|
26-11-2008, 10:51 AM
|
#17 | |
|
Founder
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62
OS:
|
Re: Can't access Antivirus Sites/Google/Avast etc.
Quote:
If you still can't do it we will use Combo fix. It's a tool to fix possible infections and restore most of the disabled features likes task manger, registry editor etc. 1. Download it (alternate link) and save it to your desktop. 2. Disable all Antivirus software you have ( Avast and Symantec) if possible. 3. Now you need to install Windows XP recovery console. Download the appropriate version and save it your desktop. Windows XP Home Edition SP2 Download details: Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install Windows XP Professional SP2 Download details: Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install In case you are unable to download the above files please download them from our local mirror. Windows XP Home (4.4 MB) Windows XP Professional (4.4 MB) 4. Close all open programs including Internet explorer and Windows explorer windows. 5. Now drag and drop the downloaded XP recovery console update on to the Fix.exe . ComboFix will install the update for you.  6. When prompted proceed with the scan. It may take some time. Do not do anything in your computer until the scan is complete. It'll create a log once the scan and cleanup is finished. Post the log here. Best of luck.
__________________
Want to ask a question? Try This! A guide on how to post a question, reply to a post etc. 
Last edited by Strider; 09-01-2009 at 04:33 PM.. |
|
|
|
|
|
26-11-2008, 10:55 AM
|
#18 |
|
Founder
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62
OS:
|
Re: Can't access Antivirus Sites/Google/Avast etc.
From the screenshot it's clearly a hosts file infection. See the Status in the big File Download window, Connecting to 127.0.0.1. The 127.0.0.1 is a loop back address. i.e. the connection won't go out to the internet.
Combofix should be able to resolve your problem.
__________________
Want to ask a question? Try This! A guide on how to post a question, reply to a post etc.
Last edited by Strider; 26-11-2008 at 11:00 AM.. |
|
|
|
|
26-11-2008, 11:01 AM
|
#19 |
|
Newbie
Join Date: Nov 2008
Age: 19
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
|
Re: Can't access Antivirus Sites/Google/Avast etc.
Do you have a mirror for the Windows Recovery Console?
|
|
|
|
|
26-11-2008, 11:12 AM
|
#20 | |
|
Founder
Join Date: Nov 2005
Location: The Last City Zion!
Posts: 3,539
Thanks: 287
Thanked 345 Times in 298 Posts
Rep Power: 62
OS:
|
Re: Can't access Antivirus Sites/Google/Avast etc.
Quote:
Click No if it asks for the Recovery console. 
__________________
Want to ask a question? Try This! A guide on how to post a question, reply to a post etc.
Last edited by Strider; 26-11-2008 at 11:14 AM.. |
|
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
