If I try to get it off MajorGeeks, it says it can't find store.malwarebytes.org. I can only get it from download.com, which was last updated on the 10th, which I guess accounts for the old version.

I have this problem with it refusing to find the site when I try to update my MSN, it won't connect to a certain part of the microsoft site. But it lets me on web messenger, so I'm not sure what the deal is.

I ran adaware on here a few days ago, and it cleared a load of stuff out. I don't know if that helps, or not.

MBAM is far superior - Definitely go with that.

Some malware is blocking those sites. Used to be a simple check of the Hosts file could address this, but not so simple these days....

--- Try START > RUN > type or copy&paste:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0
and click OK

Then, see if MBAM can update using the Update Tab.

PP

Just out of curiosity - do you have the same trouble Downloading, Updating and Running SuperAnti-Spyware?

Try that if not joy with MBAM.

I'll be back Sunday Evening.

Cheers
PP

Yeah, MBAM still won't update. And I have *exactly* the same problem with superantispyware, FF won't find the server.

This sounds a lot like conficker - of course lots of other malware have done this as well. I'm surprised none of the tools we ran addressed this.

Let's check a few things:
-- Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC and use notepad to open the HOSTS file and post that for me.

-- At command prompt, type ipconfig /flushdns ENTER
See if that helps

-- Do you have this security update?
Security Update for Windows XP (KB958644)
You can find it in Add/Remove Programs (be sure box at top to Show Updates is checked)
Or, use the search function to find KB958644

-- Are you able to access and run this scanner:
http://onecare.live.com/site/en-us/default.htm

PP

The DNS flush didn't help, unfortunately.

My hosts file contains simply "127.0.0.1 localhost".

I don't have that update, I'll pick it up shortly though. The Microsoft scanner does appear to work, though. I had it at 35% before I accidentally rebooted the machine and had to start over. Will post the results when it finishes, though.

Did you get an error message?
If not, we can try this:
START > Run >type services.msc and Stop / Disable the DNS Client service. Maybe that will help in the short term.

That is what it should be.

Good - Let me know what it finds.
I probably made a mistake in assuming everybody had taken steps to remove and patch conficker . . . Should know better than that.

PP

Well, it won't let me copy/paste what it found, but conficker was among the virii. It found three other trojans, a Java exploit, and a hell of a lot of performance issues which I assume aren't really what we're dealing with, so I won't mention them. Plus an open port. I'll leave the window open for now and not move on to the next step, if you want the exact info I'll try and find a way of getting it all out of there.

Regarding conficker, I should probably come clean now and admit that my housekeeping has been dreadful. I've had this computer for the best part of 5 years, it's never been reformatted, and I've only sporadically run freeware AV's, Spybot S&D and Ad-Aware. I've never really had to deal with anything like this before, though.... I've been online on multiple computers for at least a decade now and I've dealt with them all the same and never had anything like this to deal with. I guess you could call it a very rude awakening .

Regarding the DNS flush, no, I got no error message. Just a prompt asking me if I wanted to do it or not. It was successful on both my laptop and tower.

As long as the baddies were removed, we are good to continue.
-- See if you can now run MBAM and update via the Update tab.
Then, run the full scan. Remove what it finds and post the log. Reboot afterwards.


I imagine you are waaay behind on patches - If MBAM updates and runs, we will probably have come to the point where you need to decide if you want to pull your data off and reformat or try to patch/update everything.

The problem here was with my plan of attack, I think. Not being able to access the machine directly led to a different approach and I didn't get to see a few crucial items regarding patches etc...
That, and a few wrong assumptions.

Anyhoo, let's try MBAM and cross our fingers
PP

EDIT: Probably a good idea to run that Onecare scan on Laptop.....

Nope, immediate refusal to update. Same as before.

The scan said it couldn't remove a few of the virii. I know at least one of them was quarantined by combofix, and two of the others were saved in my old system restore point. I'm not sure if that's an issue or not.

I'll patch conficker now. And hey, your plan of attack has cleared out an awful lot of the bugs, so I'm not complaining .

I will run that scanner on my laptop in the near future.

edit: it won't let me patch conficker. Same instant refusal.