Virus seems to be blocking access to security sites..

[bledd]

Cleaning a pc for a friend, (only last week I gave it back to him, freshly formatted, but I didn't bother taking an image -why?!?!??)

he's managed to nail it, big time

the clock says 'VIRUS ALERT' next to the time in his user account, and no user accounts can access updates like spybot updates, or nod32 updates (they seem blocked)

where can i check? i've tried super antispyware, spybot, nod32, avg antispyware

but none of them can access their update pages. hjt log is clean.

hosts file is clean too, any ideas before I format?

 

[Roeg1]

Sounds like anti virus 2008y virus. Im sure i killed it with avast.

 

[Brian Stuart]

Super antispyware will kill it but if you can't access the updates a format may well be the best option. How did it get on to the PC ? surely UAC should have stopped it. (assuming it is Vista BTW)

 

[bledd]

sorry, it's XP SP3

even if it was Vista, any pc i've fixed, the user said "something came up, i just clicked 'ok/allow'" :/

 

[Brian Stuart]

That is the problem with UAC, so many prompts the user just clicks "allow". Still keeps us in business I suppose

I think format is the only answer and then image

 

[Alexrose1uk]

could try malwarebytes if you can download a copy of that?

 

[bledd]

that fails to accept it's update server too

 

[Richdog]

bledd here lies the route to salvation...

1. Disable system restore.
2. Download and run combofix, preferably from safemode but ive used it in normal mode befpore with success http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3. Post a Hijackthis log for us to look at http://www.whatthetech.com/hijackthis/

Those two apps alone should sort you out, I was absolutely amazed by combofix when I ran it, very impressive little tool!

 

[bledd]

cheers

will run combofix tonight, if that fails, i'll just install xp again and hand it back to him

at the moment, my trusty old..

--

try this..

disable system restore
remove whatever av you've got now

run..

ccleaner slim
nod32 av trial
spybot s&d
adaware
avg antispyware (remove this after)

put firefox on with adblock plus and Easylist subscription (do this on your pc too)

shotgun blast approach, but usually works!

---

seems to be failing , need to add more to the list i guess

 

[Tom84]

Cleaning a pc for a friend, (only last week I gave it back to him, freshly formatted, but I didn't bother taking an image -why?!?!??)

he's managed to nail it, big time

the clock says 'VIRUS ALERT' next to the time in his user account, and no user accounts can access updates like spybot updates, or nod32 updates (they seem blocked)

where can i check? i've tried super antispyware, spybot, nod32, avg antispyware

but none of them can access their update pages. hjt log is clean.

hosts file is clean too, any ideas before I format?

I fixed the exact same thing on a customer's PC only about a month or two again, the 'VIRUS ALERT' displayed by the clock is actually a registry entry

See HERE how to remove the entries

Before that though I would run an adaware, spybot and malwarebytes scan regardless of whether or not you can contact the updates server, remove the bulk of the nasties and then see if you can update the programs

Good luck

 

[bledd]

cheers

 

[wombraider]

One way I use to deal with tards wrecking their machines is to
remove their hard drive and put it in a usb caddy and attach it to my machine
then use all the anti spyware tools / anti virus tools to fix it.

Bet you wont give it back to him without imaging it for him

 

[bledd]

i keep images for every pc i fix, but this time i figured 'nah, i'll play COH instead'

 

[Burnsy2023]

i keep images for every pc i fix, but this time i figured 'nah, i'll play COH instead'

I don't have the spare terabyte to do that for myself

Oh and have you tried using Windows Steadystate for any of your more stupid friends? It's an awesome tool.

 

[bledd]

hmm, looks like something good to run if there's kids on the machine and the parents want to limit things

i might go with the spybot resident thing, or perhaps defender, for this guy

 

[Admiral Huddy]

I had a simular problem recently which caught me out

might be worth picking any tips from this:

http://www.huddysworld.co.uk/TheAdmiralsLog.shtml#Internet_woes

in fact i'm pretty sure you helped with some of these

 

[bledd]

bledd here lies the route to salvation...

1. Disable system restore.
2. Download and run combofix, preferably from safemode but ive used it in normal mode befpore with success http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3. Post a Hijackthis log for us to look at http://www.whatthetech.com/hijackthis/

Those two apps alone should sort you out, I was absolutely amazed by combofix when I ran it, very impressive little tool!

holy #### balls, comodofix is the daddy, it's just a glorified bat file with a few small apps wrapped inside it, but damn it works well!

don't think i'll need to format after all

 

[iviv]

Also, don't most anti-spyware programs offer downloads just for the latest updates? Download them with another PC and transfer them over?

 

[swinnie]

Oh and have you tried using Windows Steadystate for any of your more stupid friends? It's an awesome tool.

+1

Windows SS (sounds German to me...) is absolutely brilliant.

Would love to keep an image of each PC I fix, but like Burnsy, I lack the storage space!

 

[Richdog]

holy #### balls, comodofix is the daddy, it's just a glorified bat file with a few small apps wrapped inside it, but damn it works well!

don't think i'll need to format after all

*bows*

Post a HJT log anyway though just to make sure it's clean.