Virus or Hijacker...Not being found

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dmock, Apr 18, 2004.

  1. dmock

    dmock Private E-2

    Ok heres the deal....I lost my ability to use my verizon.net isp about 2 weeks ago..talked with verizon microsoft downloaded avg stinger and cwshredder (which was infected with a virus from this site) and hijacker software also just bought PCBUGDoctor and it found a lot of errors..but I am still unable to log onto my isp...Doing ipconfig shows a address of 255.255.255.255 which Micrsoft thinks is part of the problem..(?) and their virus guys have no clue....I also have a home page in my internet properties of monkeybus...which if i am not wrong is part of the hijacker or virus...and yet no matter what I do..this puppy wont clean up or cant be detected...McAffee never recognized the virus..if it is one...which is just my humble opinion....in the task mgr..the svchost is runnning at almost 20k according to most that indicates a virus as it should not run above 10K...??? Ok you geeks out there...since I am not....and have done all that I can do by reading everyhting I can find........Any suggestions??? Before I trash this puppy and buy a new one??
     
    dmock, Apr 18, 2004
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    If you can post some system specs as well this will help us to help you.... you know opperating system etc etc


    Mcafee may just not show your issues up as a virus as they may just not be one, sounds more like you have Spyware infections and a browser homepage hijack.

    get yourself this app http://www.majorgeeks.com/download506.html and once installed click update to get latest files then run and clean out what it finds.

    then get this one run and post the log file so we can look at what you have running within your OS and browser http://www.majorgeeks.com/download3155.html
     
    DavidGP, Apr 18, 2004
    #2
  3. Kodo

    Kodo SNATCHSQUATCH

    Files on MG are fully scrutinized. We'll check it out, but highly, highly doubt you got the virus from us.
    Chances are you already had the virus and it infected the file you downloaded.
     
    Kodo, Apr 18, 2004
    #3
  4. Corporal Punishment

    Corporal Punishment Administrator Staff Member

    The file in question is clean. Not only area all the files on MG heavily scanned but considering the type of file CWShredder s it can set off false positives if your software is not current. Also it is very typical that a virus will attach itself to a newly downloaded executable, in order to hide. But either way the file is clean.

    It is impossible to have an IP address of 255.255.255.255 hence I suspect
    1)You have a hijacker not a Trojan or virus
    2) Your problem is compounded by a host file hijack.
    You need to check the path of svchost if it is not in your system32 folder - kill it and take it out of start up. That's your browser hijacker. Also look for files called sxchost.

    You should also get a current update of ad-aware - I believe it will handle that one as well. http://majorgeeks.com/download506.html

    As for the host file it should look like the screen shot here.
    http://www.majorgeeks.com/vb/showthread.php?t=25959
    If it doesn't, make it so.
     
    Corporal Punishment, Apr 18, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Apr 18, 2004
    #5
  6. GameDrained

    GameDrained Private E-2

    Wow. This was very helpful information thanks.
    These sites were blocked:
    127.0.0.1 www.symantec.com
    127.0.0.1 securityresponse.symantec.com
    127.0.0.1 symantec.com
    127.0.0.1 www.sophos.com
    127.0.0.1 sophos.com
    127.0.0.1 www.mcafee.com
    127.0.0.1 mcafee.com
    127.0.0.1 liveupdate.symantecliveupdate.com
    127.0.0.1 www.viruslist.com
    127.0.0.1 viruslist.com
    127.0.0.1 viruslist.com
    127.0.0.1 f-secure.com
    127.0.0.1 www.f-secure.com
    127.0.0.1 kaspersky.com
    127.0.0.1 www.avp.com
    127.0.0.1 www.kaspersky.com
    127.0.0.1 avp.com
    127.0.0.1 www.networkassociates.com
    127.0.0.1 networkassociates.com
    127.0.0.1 www.ca.com
    127.0.0.1 ca.com
    127.0.0.1 mast.mcafee.com
    127.0.0.1 my-etrust.com
    127.0.0.1 www.my-etrust.com
    127.0.0.1 download.mcafee.com
    127.0.0.1 dispatch.mcafee.com
    127.0.0.1 secure.nai.com
    127.0.0.1 nai.com
    127.0.0.1 www.nai.com
    127.0.0.1 update.symantec.com
    127.0.0.1 updates.symantec.com
    127.0.0.1 us.mcafee.com
    127.0.0.1 liveupdate.symantec.com
    127.0.0.1 customer.symantec.com
    127.0.0.1 rads.mcafee.com
    127.0.0.1 trendmicro.com
    127.0.0.1 www.trendmicro.com

    :) :) :) :)
     
    GameDrained, May 20, 2004
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds