Internet access blocked

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Harpua, Dec 20, 2004.

  1. Harpua

    Harpua Private E-2

    My computer seems to be infected pretty badly. I currently have Norton Internet Security, AdAware, and Spybot however as of last night something began blocking my internet access. I ran scans with all 3 programs, Spybot found and removed one item but internet access is still blocked. In reading through the FAQ here and the basic process for removing spyware, malware, etc. it is obvious that a vital step is accessing the internet and downloading software, which I can't do because my computer is so infected. So what does one do to start fixing these problems when the infected computer can't even access the internet? Thanks.
     
  2. Turcoloco

    Turcoloco MajorGeek

    ;) 3 Logical options given in easier-to-harder order:

    1) If possible then look for an alternative way (use another browser if the problem is with IE, etc.
    2) Find out the cause of it and try to correct the problem (disinfect your system completely if it is a spyware infection, etc.)
    3) Start from scratch if there are no alternative fixes available (re-install Windows).

    Not to be sarcastic or evasive but these are the options, which one you want to do or can do would be up to you. Have you read thru the stickies/instructions in the Spyware Specific section? You have to follow each and every step, if you are stuck or unsure, re-post and someone would help you out.
     
  3. Harpua

    Harpua Private E-2

    Well option 2 would be ideal. As I said in my original post I have read through the FAQ and one of the first steps is to dowload and update anti-Spyware software. Doing that requires access to the internet. The problem I am experiencing is that I don't have access to the internet. I have no problem following the instructions posted in the stickies and FAQ step by step but my inability to access the internet precludes me from doing so. It's a bit of a Catch-22.
     
  4. Turcoloco

    Turcoloco MajorGeek

    Already then we will take it from the start, dumb it down a bit to be able to analyze your 'no internet connection' problem and find a cure for it (even if it means the hard way), ok? ;)

    Now, tell us:
    What Operating System are you using?
    What browser are(were) you using?
    What type of Internet connection do (did) you have?
    How long ago did the problem start?
    What anti-spyware you have on your system (updated or not)?
    Explain what happens when you open your browser, step by step, list errors, etc.
     
  5. Harpua

    Harpua Private E-2

    1) XP home with service pack 2
    2) Avant Browser
    3) Cable
    4) Yesterday although I have had spyware issues on and off for quite a while
    5) Adaware and Spybot, and Norton Internet Security. All updated in the last 2-3 weeks but unable to access the web for new updates.
    6) When I open the browser I get About:blank and a completely blank page. When I try to access a site, any site, I get a page that says something like "web page "http//:google.com" could not be found" below that text is a search bar and below the search bar are several links under categories like "Gifts", "Games", "News", etc.

    Thanks for "dumbing it down" for me. I'm assuming that was meant as an insult but as a person who is not an expert with this stuff and a problem on my hands I suppose I'm at your mercy. Any help and advice is appreciated even if it must be doled out with more jabs at my intelligence, thanks.
     
  6. Matacumbie

    Matacumbie Rocky Top

    Just a start:

    Norton Internet Security and sp2 both have firewalls. You probably have two firewalls running, disable the sp2 firewall.

    1. Click on Start and then Control Panel.
    2. You will have one of two control panels. Click on the Security Center icon.
    3. Click on the Windows Firewall icon beneath the status updates.
    4. Click Off (not recommended) and then click OK.
    5. After turning off the Windows Firewall, you will get the following error. This error will continue to pop up in the system tray until you tell Windows that you realize the Firewall is turned off. To do this, continue to Step 6.
    6. Click on the balloon, or on the red shield in the system tray, and you will get the screen below. Click on the Recommendations... button.
    7. Place a check in the "I have a firewall solution that I'll monitor myself" box. This will stop Windows from popping up alerts that you are at risk. Click OK.
    8. After you click OK, you will get the following screen. This screen is saying that Windows will not monitor your firewall settings. Just close the window, and you are done.

    In Norton Internet Security look for Ad Blocking and turn it off for now.

    Try to access now.

    Steve
     
  7. Harpua

    Harpua Private E-2

    OK thanks, I did disable the Windows firewall a while back. I can try to disable Ad Blocking in Norton when I get home. The thing is everything was working fine with the current Norton/Windows settings one day and then stopped the next.
     
  8. Turcoloco

    Turcoloco MajorGeek

    Absolutely not, 'dumbing it down' or 'making it idiot-proof' may sound like insults and probably not the friendliest phrases but they simply mean making things so simple that everyone can understand and do without making mistakes. I am sorry if it came of as an issult. If that was my intention I'd not be wasting my time here in the first place. Anyhow, the reason for the questions was to understand your system and get a better 'feel' of the problem.

    But a few things I could suggest:

    1) Have you tried 'System Restore' to revert back to an earlier date (a date before the problem started)?
    2) I have always paid attention to the date when **it hit the fan, why so I could scan my system for all . dll, .com, .bat, .exe, etc. files created on that date and delete (at least temporarily) those that looked suspicious.
    3) Can you boot in 'Safe Mode with Networking' and see if you can browse that way? (even this works it is only a temp workaround for you to access the Internet for needed downloads and product updates).
    Since your problem occured recently it would mean even less impact on the system and other application.
    Here is a list of folders that gets infected most commonly:
    C:\Windows\ > CLEAN UP
    C:\Windows\System32\ > CLEAN UP
    C:\Windows\Downloaded Programs\ > CLEAN UP
    C:\Windows\Prefetch\ > EMPTY OUT
    C:\Windows\Temp\ > EMPTY OUT
    C:\Program Files\Common Files\ > CLEAN UP
    C:\Documents and Settings\username\Local Settings\Temporary Internet Files\ > EMPTY OUT
    C:\Documents and Settings\username\Local Settings\Temp\ > EMPTY OUT
    C:\Program Files\Internet Explorer\ > CLEAN UP

    Along with deleting spyware related files, folders and registry entries, you'd also have to restorechange the deleted or modifed ones. Sounds confusing, if yes then I'd not suggest you listen to my instructions since it would be a bit complicated so wait till Chaslang and PhilliePhan gave you a more suitable advise, ok?
     
  9. Matacumbie

    Matacumbie Rocky Top

    Good deal. These are all suggestions and with each solution, successful or not, it does help to rule things out and get closer to solving the problem.

    Do you have internet access when you get home, another computer maybe?

    Steve
     
  10. Harpua

    Harpua Private E-2

    Thanks, will try those things when I get home (unfortunately part of not having access means being able to see this forum only from work). Sorry if I jumped to conclusions on the tone of your comments, thanks for the suggestions.

    One more thing, I was looking around at files in explorer last night and noticed within the C:Norton/Quarentine there were literally thousands of application extension files all with a created date of 12/1/04. I assume these can't do any harm from the quarentine folder but they sure slow down the system scan because Norton goes through every one of them. Could these be a source of the problem or are they harmless in the quarentine folder.
     
  11. Harpua

    Harpua Private E-2

    Unfortunately not but I can give it a try in safe mode as someone has suggested, never knew that was possible.
     
  12. melendex

    melendex Private E-2

    HI,
    I HAD THE SAME POBLEM SOME MONTHS AGO. I WASN'T ABLE TO CHECK MY EMAIL FROM YAHOO, TISCALI AND HOTMAIL, ANY TIME I TRIED TO CONTACT MY ANTIVIRUS PROVIDER THE RESULT WAS A BLANK PAGE NOT FOUND. ALSO SOME KEYS ON MY KEYBOARD WERE DISABLED OR WERE ACTING FUNNY. TO GO TO THE INTERNET WAS ALMOST IMPOSSIBLE, SIMPLY THERE WAS NO WAY TO GET THE SITES I WAS LOOKING FOR. ANYTIME I TRIED TO SCAN ONLINE IT WAS TAKING AGES.
    I HAD AND STILL HAVE SPYBOT SD 1.3, ADAWARE LAVASOFT, REGISTRY MECHANICS, SP2 FIREWALL AND NORTON ANTIVIRUS.
    I ALWAYS MAKE SURE I RUN A PC CHECKING AT LEAST ONCE A WEEK AND UPDATE THE ANTIVIRUS AUTOMATICALLY.
    BUT A VIRUS HAD TAKEN OVER MY PC, ALONG WITH SOME SPYWARE.
    THEN I CAME ACROSS WITH A SOLUTION IN A VERY HELPFUL WEB SITE. http://iijut-industries.blogspot.com
    I FOUND OUT THAT THE VIRUS I HAD IN MY LAPTOP HAD CREATED A CHANGE IN "hosts" 127.0.0.1 WHICH IS THE MINISERVER IN THE COMPUTER THAT IS CONTACTED BEFORE THE SEARCH IN THE INTERNET STARTS. THE ONLY ENTRANCE WE MUST HAVE IS "127.0.0.1 localhost" which cannot be touched at all.
    WHAT I FOUND OUT ACCOMPANING MY " 127.0.0.1 localhost" WAS UNBELIEVABLE; !!!! I HAD 39 WEB ADDRESSES AFTER THE LOCALHOST,WWW. SYMANTEC IN ALL ITS VARIANTS, MCAFEE,KASPERSKY,VIRUSLIST ETC. ALL THIS WEB PAGES LISTED AT "localhost" WERN'T DISPLAYED FOR IEXPLORER WHEN I ASKED. THE VIRUS HAD BLOCKED ALL OF THEM INCLUDED HOTMAIL WEBSITE.
    I WAS CONVINCED UNTILL THEN, THAT RUNNING MY ANTIVIRUS WHICH WAS SUPPOSED TO UPDATE BY ITSELF WITH AUTOMATIC UPDATES I WAS PROTECTED, WHEN IN REALITY MI COMPUTER WASN'T ABLE TO COMMUNICATE WITH NORTON WEBSITE, I WASN' PROTECTED AT ALL.
    THIS IS THE PATH I FOLLOWED;
    c:/Windows/system32/drivers/etc/hosts AND THEN I OPENED IT WITH NOTEPAD TO EDIT. THERE YOU SELECT ALL THE ADDRESSES ADDED THEN DELETE AND SAVE. LEAVING ONLY "127.0.0.1 localhost" IN PLACE.
    I INMEDIATELLY CONTACTED THE LIVEUPDATE FROM NORTON AND I WAS ABLE TO CONNECT. SCANNED THE COMPUTER WITH ANTIVIRUS NOW REALLY UPDATED. RESULT? 8 VIRUSES WERE FOUND.
    I HOPE THIS WILL BE HELPFUL FOR SOME OF YOU. BECAUSE THESE VIRUSES WERE NOT DETECTED FOR MY SECURITY SOFTWARE AT ALL.
     
  13. Turcoloco

    Turcoloco MajorGeek

    Good analysis Melendex,
    What I normally do is be prepared despite the fact that I could handle disinfecting pretty much all spyware infections I have encountered on others' PCs.
    I normally do all Windows/IE updates, then zip the C:\Program Files\Internet Explorer and C:\Windows\System32 folders (and a few others both those 2 are the most critical).
    I also use Ontrack's (now it is owned my V-Com) PowerDesk File Manager, if an infection to occur, I boot in safe mode and unzip those two folders to a new folder I create named something like TEST directly on the C drive) and compare their contents to the ones in their original location and concentrate on the file extensions that matter the most: .bat .com .exe .dll .sys .vbs .vb .js .jse ,etc.
    PowerDesk standard is free and it has a feature I use in this case which is View > Filter (let's you filter the view mode by selecting a file name and/or extension as well as File/File&Filder/Folder) and under Tools there is a Synchronization utility that could be figured in different ways to show you added/missing/modified(newer/older) files between 2 separate folder...

    I know this is not a suitable method for tech unsavvy people but just wanted to let you know, there are different ways to handle PC problems...I like to make sure I prevent it from occuring, if not then better be prepared....
     
  14. melendex

    melendex Private E-2

    Hi turcoloco.
    I am using firefox 1.0 rigth now and i must confess i am very pleased of how easy and fast is to navigate on it. I am going to try what you told me about the IE and system 32 files, but i really hope that using firefox i will reduce the possibility of virus-spyware attacks. What do you reckon??? have you tried firefox???
    Anyway, thank you again and i wish you a merry christmas.
    :)
     
  15. Turcoloco

    Turcoloco MajorGeek

    Yes Melendex I have been using the original Mozilla since the days when it was ugly and buggy, then they developed it further and I tested some of other browsers based on its engine as well one I can remember was K-Meleon (if I got the spelling right?), I have been using CrazyBrowser (similar to AvantBrowser, based on IE engine but works much better, has built in 2-level pop-up blocking features and it is a tabbed browser as well) I have been using SlimBrowser and MyIE2 which are also shell to IE engine. Also have Opera (bu don't care for its ad banners) Quite frankly all the browsers I tried overall performec better than IE, more feature rich and secure. I download and test new shareware and freeware programs (for various purposes) for fun, more proof that I am a geek! :)
    I have been doing this for years...I crashed many systems (mostly on purpose) by installing new programs, modifying system files and registry keys, infected systems with viruses to analyze the viruses/spywares to understand their functionality and logic, etc. (yes I am a techno freak).
    I donate whatever I can once in a while to the developers of useful and cool freewares such as ToolbarCop, Spybot S&D, SpywareBlaster, Firefox. ( I don't pay the big dogs who manufacture over-priced crapware such as Norton, McAfee, SpySweeper, etc.). If I can't donate I try to help other ways by offering translation services or whatever....
    Remember, best things in the PC world are still free!

    Merry Xmas to you and to your loved ones as well. :)

    ...sorry for the boring post....the end (you may close your browser now).
    ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds