How to get rid of this malware?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
To all,

I know there's some malware/trojan/virus inside my PC, because it is
acting very very weird, but I can't do anything about.

Although I have Norton Antivirus installed, NAV doesn't seem to be
working.

Spec: Dual Core CPU with 4GB RAM, XP Pro

Now the symptom:

There are times when I am not downloading anything, I can see the
upload/download light is on, and I know there's something going on.

So I try downloading hijackthis, but my Firefox keeps telling me
"Firefox can't establish a connection to the server"

Then I try download the rsit.exe file, Firefox again gives me that
"Firefox can't establish a connection to the server"

That virus or trojan has blocked me from reaching almost ALL the known
anti-malware / anti-virus sites. It keeps on giving me the "Firefox
can't establish a connection to the server".

I tried using Opera, Google Chrome and IE to get to those sites, no
luck.

What is going on, and how to get rid of this malware?

Please help, as I am out of idea how to fight this thing.

Thank you for reading, and please help !!

Wishing all a Happy Hanukkah and a Merry Christmas !!

PS: And I just found out that the darn thing has erased ALL MY
COOKIES !!! Please help !!!

Re: How to get rid of this malware?

Quoted text here. Click to load it


I have upped the HijackThis install file for you:
http://www.megaupload.com/?d=WJE9FGJO
See if you can download it from there.



Re: How to get rid of this malware?

wrote:

Quoted text here. Click to load it


One thing you can try.
Try downloading again. If the same screen shows up immediately open
task manager. Check the first 3 tabs for any clues.

You can also try downloading from a site such as downloads.com or
tucows.com.

If you're still having problems I can upload it to my site and you
should get it from there with no problems.
I know my little site ain't gonna be on their list.



Re: How to get rid of this malware?

wrote:

Quoted text here. Click to load it

Malwarebytes at http://www.malwarebytes.org /. If it won't let you on
the site I can email it to you. I'm betting it will clear it up as I
know the symptoms well.

Email me

Re: How to get rid of this malware?


Quoted text here. Click to load it

Out of stupidity I'm interested to know what exactly the symptoms are. Can
you elucidate?

Quoted text here. Click to load it

Re: How to get rid of this malware?

On Mon, 22 Dec 2008 13:37:00 -0500, "Mack Wiliams"

Quoted text here. Click to load it

"That virus or trojan has blocked me from reaching almost ALL the
known anti-malware / anti-virus sites. It keeps on giving me the
"Firefox can't establish a connection to the server"."

Did you miss that part?

Re: How to get rid of this malware?



Lookout wrote:
Quoted text here. Click to load it

Try downloading MBAM from this site. It may work whereas the MalWareByte's
site might not.
http://www.download.com/1770-20_4-0.html?query=Malwarebytes+Anti+Malware&tag=404&searchtype=downloads
If you do get it downloaded and it will not install, just change the name of
the executable, example: change   mbam-setup.exe to something like
gotcha.exe   or whatever you want to call it.
Make sure you click on the MBAM (MalWareByte's Anti-Malware 1.31) link and
not on the top two ones
Malware Removal Download------NOT
Spyware & Trojan Remover-------NOT

Let us know if it works.
Buffalo



Re: How to get rid of this malware?

Quoted text here. Click to load it
http://www.download.com/1770-20_4-0.html?query=Malwarebytes+Anti+Malware&tag=404&searchtype=downloads

Hey, kids! Here is comp.security.misc, not comp.eventuality.misc.

A "malware removal tool" never can work dependably. If this computer
really is infected, then it has to be flattened and rebuild from scratch.

Yours,
VB.
--
"Any sufficiently advanced technology is indistinguishable from magic."

        Clarke's third law

Re: How to get rid of this malware?

Hi Volker,

Monday December 22 2008, Volker Birk writes to Buffalo:

 > computer really is infected, then it has to be flattened and
 > rebuild from scratch.

I got inlaws that could sit on that PC and squish it. <grin>

        Gufus

--
K Klement

Enhance your marketing at   http://www.gypsy-designs.com
                           mailto:info@gypsy-designs.com
Gypsy Designs                        Fax: (403) 242-3221

... Why glue my bills together?  It's a mail bonding ritual.

Re: How to get rid of this malware?

wrote:

Quoted text here. Click to load it
Good idea on the 2nd site. That's why I offered my email to send it.
It's a great little program

Re: How to get rid of this malware?


Quoted text here. Click to load it

To the OP: 'Lookout' the loon is a spammer and a cracker - caution should be
exercised when considering whether to accept email from 'Lookout' or not -
after all the subject matter is malware, and 'Lookout thrives on entrapment
of innocent individuals like your good self.

You hace been warned.

Re: How to get rid of this malware?


Quoted text here. Click to load it

Some malware modifies your HOSTS file and you may have to edit it.  It resides
at C:\WINDOWS\System32\drivers\etc and you'll have to choose Notepad to open it
up with.  There should be several lines with a "#" at the beginning.  Ignore
these lines, they are comments.  Following these comments, you should only have
one line which looks like this:

127.0.0.1    localhost

If you have any other lines than this, especially if they relate to the
anti-malware sites you're trying to get to, delete them or add a "#" to the
beginning of the line to comment them out.  Save and close the file, then try
browsing to the sites again.

--
<Ben174> : If they only realized 90% of the overtime they pay me is only cause i
like staying here playing with Kazaa when the bandwidth picks up after hours.

<ChrisLMB> : If any of my employees did that they'd be fired instantly.
<Ben174> : Where u work?
<ChrisLMB> : I'm the CTO at LowerMyBills.com
*** Ben174 (BenWright@TeraPro33-41.LowerMyBills.com) Quit (Leaving)

Re: How to get rid of this malware?


Quoted text here. Click to load it

Just a second thought.

Unplug your modem for a minute or two and try again.

Start | Run <type in>
cmd /k ipconfig
<enter>

 and see if your even connect to the internet.

The blinking lights could be the modem trying to renew/aquire a
license.
--

MacGyver Mutli-tool
http://data.tumblr.com/b9vfl4b63hhpzy6gWRWBrLx9o1_500.jpg

Re: How to get rid of this malware?

On Mon, 22 Dec 2008 08:42:48 -0800, Pennywise@DerryMaine.Gov wrote:

Quoted text here. Click to load it


I'm just curious. How exactly do you do this in vista?
As I don't see the command line in my start button.
All I get is a "search" and anything I type there opens up windows
explorer.

Re: How to get rid of this malware?


Quoted text here. Click to load it

You're such a lazy b'st'd - You do know how to use Google, don't you?

Here, choke on it you ingrate:

http://www.howtogeek.com/howto/windows-vista/enable-run-command-on-windows-vista-start-menu/

Re: How to get rid of this malware?

On Mon, 22 Dec 2008 13:33:53 -0500, "Dylan Boman"

Quoted text here. Click to load it

Thank you.
Perhaps in the future we should get accustomed to saying "press the
win button + R".

BTW, I choked on it and choked on it and choked on it and the damn
thing still wouldn't start. That's when I noticed it wasn't even
plugged in.


Re: How to get rid of this malware?

richard wrote:
Quoted text here. Click to load it


It's not that hard if you bother to look it up.

http://www.tech-recipes.com/rx/1262/vista_run_box_appear_on_start_menu_shortcut /

Re: How to get rid of this malware?


Quoted text here. Click to load it

Type the line in the search window just  as was indicated. I
know it says search but it will provide other functions as
well. Another windows occassion of not clearly identifying
options/functions

Top

Re: How to get rid of this malware?


Quoted text here. Click to load it

Let me restate that for you. type in "cmd /k" first, <enter>,
that brings up a an old DOS style command window. Then in this
case issue the ipconfig <enter>.

After looking at my first reply the above was not clear
enough.

Top

Re: How to get rid of this malware?


Quoted text here. Click to load it

http://www.grc.com/default.htm

From 'Hot Spots' select the Shields-Up link then select proceed, then select
'Common Ports' if the result is 'Stealth' that's good, if not report which
ports are either open or closed and not 'Stealth'.

Add to your reporting information if you know why any of the ports either
open or closed - in other words, do you know what program requires such
status.

Once you've determined that and that 'Stealth is the result, you can
eliminate the possibility of invasive behaviour of your machine, at least
until next time something on your machine decides to call home.

Site Timeline