1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Unable to browse sites

By pncl321 ยท 16 replies
Nov 4, 2008
  1. Hi, Im posting about a problem I have regarding being able to browse the internet.

    Whenever I visit my homepage google.com instead of google coming up a different site appears that seems to be from Microsoft security center.
    and says

    Alert : Your computer have been attacked by spyware or viruses!

    Please download AntiSpyware to fix.

    Then if i try to go to a lot of other websites nothing comes up besides

    Bad Request (Invalid Hostname)

    Please help, thank you

    My hijack this and Malwarebytes anti malware logs are attached. I ran Malwarebytes and superantispyware twice.

    Attached Files:

  2. almcneil

    almcneil TS Guru Posts: 1,277

    This is a common spyware that I've cleaned off many customers computers. Here's what you do:

    1) Remove any obvious spyware programs from the Startup list in MSCONFIG

    Start -> Run -> msconfig -> Startup

    2) Remove any obvious spyware programs from the program list using Add/Remove Programs

    Start -> Control Panel -> Add/Remove Programs

    3) Download/install Spybot Search & Destroy (click here for download) Restart in Safe Mode and run a scan there first.

    Repost with results. We may need to perform more removal techniques.

    -- Andy
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    @almcneil Read here: https://www.techspot.com/vb/showpost.php?p=680345&postcount=4

    Note in these types of members threads they need their HJT log looked at
    That's why they supplied it!
    You are requested again not to reply to these threads unless you know how to read HJT logs (ironically)



    Please re-run HJT and place a tick next to the following, then fix it:
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Search for posts by momok using keyword = combofix. Follow instructions. Post log. I suspect that the O20 entry remanant will be detected.

    Use HJT to Fix-Check all O1 entries. This may give temporary ability to access sites for obtaining malware removal tools.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    kimsland, do you look at those Host files? Quite a variety there- from Microsoft to YouPorn!

    DO NOT use System Restore. Mbam removes some entries, but R is a protected folder and malware doesn't get removed by the programs. We will have you drop the old restore point when you're clean.

    One of the infections was a rootkit so I expect you ar going to be ask to run more specialized program.

    Update Java:
    Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
    Please install it and then reboot your computer.

    You need to run SuperAntispyware and include that log.

    almcneil, I cannot believe you would instruct a user to do this:
    What is an "obvious spyware program"? It has become painfully clear that you do not know how to read the logs from the malware programs. Until or unless you do, you should not be advising anyone in the forum.
  6. momok

    momok TS Rookie Posts: 2,265

    Just a note: the user's hijackthis shows SP2. Recommended to patch to latest
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes. That day I posted I was very busy, which took my attention off the HJT log. I think you may appreciate that ;)
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    pncl321, what is you source for the Host Files? It is redirecting to AKANOC Solutions. Since the files are so mixed, as mentioned, Microsoft to YouPorn, I need to know if you or a program your are using has set the Host files up. Two program that I know of offhand that set up Host files are Spybot and ZoneAlarm, however I don't see either.

    The Host Files show as the 01 entries in the HijackThis log.

    Okay, let get some protection on the system. I don't see any evidence of an antivirus program:

    Please download and install Avast Free:http://www.avast.com/eng/download-avast-home.html

    There may be a problem accessing due to the hoist files. Please do this NOW and let me know if it's on.
  9. pncl321

    pncl321 TS Rookie Topic Starter

    Ok i updated to service pack 3
    My Java was updated to the latest already.
    and I installed and ran avast

    This is my log after it all.

    I also had spybot search and destroy before, but i uninstalled it.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The reason you aren't able to browse sites is because most are listed in the Host files. They need to be removed:
    Please reopen HijackThis and scan> Place a CHECK by all of the following:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

    Download KillBox from the link here: http://www.bleepingcomputer.com/files/killbox.php

    Download this file and run the killbox.exe file.
    When it loads type the full path to the file you would like to delete in the field:
    and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

    Advise system status after this. There are more entries to be removed, but we may need to run additional programs if the hosts files can''t be suppressed.
  11. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

  12. pncl321

    pncl321 TS Rookie Topic Starter

    When i ran killbox and pasted that into it it said that that file does not exist.???
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks jobeard. Looks like that handled the host files.

    I have included the BitComet entries to be removed. I strongly recommend you remove them and uninstall the program. It will be a constant source of malware:

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Control Panel> Add/Remove Programs> Uninstall the following:
    Reboot into Normal Mode

    If the original problem has been handled, we can clean up:
    Remove the cleaning tools:
    * Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
    This will remove all restore points except the new one you just created.

    Let us know if you need more help

    EDIT: I have removed this from the list of entries to remove per momok's suggestion:
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
  14. momok

    momok TS Rookie Posts: 2,265

    note on pokerstars program: It's not really bad per se, it's just a program from one of the online poker servers. I've personally used it before to play poker. The reason why sometimes its classified as adware is due to the splash screen on the exit of the program. I think we can leave the choice of uninstalling it to the user.

    There is however a trojan which drops similarly named files on the system. So we just have to check with the user if he uses that particular poker server.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No problem. I usually see so many Tracking Cookies- and a few other things in SAS from these sites.
  16. pncl321

    pncl321 TS Rookie Topic Starter

    Everything works good now.

    thank you everyone for your help. much appreciated.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Let us know if you need more help.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...