0

Hi there,

As this post's subject says it all, I can not access any of microsoft.com or avg.com or trendmicro or any anti-virus or any-spyware site. It started since Saturday when my AVG automatic update failed.

Also, when I needed, I tried to open one my hidden data file (which contains my personal data), I could not enable show hidden files/folder option in "Folder Option". I googled it and found a solution where I changed few registry key values for explorer..

Over the past two/three weeks, I did notice strange behavior of explorer.exe. At times, it would stop responding for no apparent reason. Only option left after that was to reboot the system or kill that process (not the explorer.exe process from process list but any explorer/folder window open from Application list tab of task manager) from task manager.

My AVG update were normal until last saturday.. Since then I can not access any anti-virus websites. I can visit all other web sites including secured (SSL) sites. This is I am talking about my desktop. Using same internet connection, I can connect to all these sites from my notebook/laptop.

My hosts file is default and has only one entry
127.0.0.1 localhost

Following is my HijackThis log:
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:54 PM, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINXPPRO\System32\smss.exe
F:\WINXPPRO\system32\winlogon.exe
F:\WINXPPRO\system32\services.exe
F:\WINXPPRO\system32\lsass.exe
F:\WINXPPRO\system32\svchost.exe
F:\WINXPPRO\System32\svchost.exe
F:\WINXPPRO\system32\ZoneLabs\vsmon.exe
F:\WINXPPRO\system32\spoolsv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINXPPRO\system32\wscntfy.exe
F:\WINXPPRO\Explorer.EXE
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINXPPRO\system32\taskmgr.exe
E:\XP_Installed_programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F449BA4-28FA-4C93-827E-2545B0F733ED}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - F:\WINXPPRO\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINXPPRO\system32\ZoneLabs\vsmon.exe

--
End of file - 2070 bytes
---------------------------------------------------------------------------

I have installed most of my applications as portable. I prefer portable applications whenever available.

For internet connection, I have DSL and some times I use ISP's DNS setting and other times I use OpenDNS DNS setting.

Looks like for selected domains, access request is re-routed. At times, My Zone alarm does display alert-log for internet access request from explorer.exe which I obviously deny.

I think that is all. Thanks in advance. Looking forward to resolve my access issues..

Cheers!!
Shailesh.
------------------------------------------------
Small update not sure if relevant...

Using NSLookup, when I try to get IP address for microsoft.com, I get correct IP address i.e 207.46.232.182
When I try http://207.46.232.182 in firefox, instantly it gets replaced by http://microsoft.com in address bar and server not fount error..

If I do the same thing for google.com, I get IP address 74.125.67.100 and when I try http://74.125.67.100 in firefox, I get google search page in firefox and address bar STILL shows http://74.125.67.100 It does not get replaced by http://google.com just like it does for microsoft.com

thought it might be relevant..

Cheers!!
Shailesh.

Edited by sr009: n/a

8
Contributors
12
Replies
13
Views
7 Years
Discussion Span
Last Post by BtdW
Featured Replies
  • The log looks good, but the symptom are very similar to those caused by Conficker virus. You can restore access to security web sites on an infected machine by taking the following steps: 1. Click Start > Run. 2. In the Run box, type the following: cmd 3. Click OK. … Read More

0

Hi,

I still have that problem. I would appreciate any help to resolve this issue. I am out of alternatives and options.

Cheers!!
Shailesh.

1

The log looks good, but the symptom are very similar to those caused by Conficker virus. You can restore access to security web sites on an infected machine by taking the following steps:

1. Click Start > Run.
2. In the Run box, type the following: cmd
3. Click OK.
4. Type the following and then press Enter. cd..
5. Repeat the previous step until you get to the root level, or C:\>. Note that if your root drive is not C, the letter will be different.
6. At C:\> type the following: net stop dnscache
7. Press Enter. This disables the domain blocking feature of Conficker and you should now be able to reach security Web sites.

Edited by ignys: n/a

Votes + Comments
Saved my laptop from Conficker.B!
0

Thank you IGNYS.

That solved my problem. How do I make sure that I am not infected by conficker malware/virus? Lately, my explorer behaves strangely. For no apparent reason, at times, it fails to open any new window/folder and only way out is restart.

Cheers!!
Shailesh.

0

THANKS IGNYS!!!!
I had been looking everywhere for a solution to this drama, and i found it here supplied by you. I joined this thread just so i could thank you..this thing had me completley stumped.
Tried flushing the DNS, resetting ip, resetting winsock, different browsers, adjusting settings..nothing would work.
I couldn't understand how it was the "conficker" virus though as this was a clean installation of XP pro sp3.
Anyways i don't care anymore i can finally update my windows and download Antivirus/Antispyware software!!! Thanks so much you are legend and have made my day!!! I hope something good comes your way.
:)

Edited by HACKSAW: n/a

0

I have had this problem for months & the most knowledgeable Techs I know could not solve. Persistance paid off when I stumbled acrossed this thread & you. IT WORKS THANKS SO MUCH. lyke1936

0

Thank you for this thread and for IGNYS.
you must be the only one in the world to know wtf is going on.

IGNYS is da man, THANK YOU SIR!

0

it seems this has helped alot of people and there are alot of people out there with this issue.

i am finding that it works but i have to do the same thing everytime i reboot. is there something else that needs to be done to stop this? if there is anymore info i would be greatful.

NW

0

it seems this has helped alot of people and there are alot of people out there with this issue.
i am finding that it works but i have to do the same thing everytime i reboot. is there something else that needs to be done to stop this? if there is anymore info i would be greatful.

This is not a "Fix." This is a work-around that bypasses the poisoned DNS cache.
Once you are able to visit security sites and download the appropriate tools, you need to put them to good use :)


I suggest you download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

  • DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

-- Then, please start a new thread for your specific issue. Post the MBAM log and one of the volunteers will be happy to assist you further, if need be.

Cheers :)
PP

0

I'm having exactly the same problem, but "net stop dnscache" didn't do anything.

I've tried MBA-M as well, but found nothing. I've run hijack and didn't see anything suspicious, but got rid of everything that was not necessary just in case. Also deleted all cookies, updated windows,winSocksfix, checked the hosts file, run spybot etc.

The interesting thing is that yesterday, I had the same problem, but the difference was that some webpages would redirect me to fake webs, i.e. hijackthis webpage was replaced with a generic "antivirus.com - what you need it, when you need it", and the same thing with the met office webpage. Then I started doing all the hijack, spybot etc etc but nothing worked, and suddenly it was gone. All webpages were loading fine again. I pretended I had probably fixed it without realizing but I knew something was not quite right =)

But now again the same problem =( no generic "what you need, when you need it" webs this time though

0

I'm having exactly the same problem, but "net stop dnscache" didn't do anything.

I've tried MBA-M as well, but found nothing. I've run hijack and didn't see anything suspicious, but got rid of everything that was not necessary just in case. Also deleted all cookies, updated windows,winSocksfix, checked the hosts file, run spybot etc.

Please start a new thread for your individual problem and one of the volunteers ought to be able to advise you further.

Cheers :)
PP

0

i got an email you replied to my thread. im not sure but i think you have to start a new thread. i am not qualified to help you unless your dodge truck is broken.
good luck,these guys are good so you should be able to get problem resolved

NW

0

Thank you IGNYS, for your idea of entering net stop dnscache in the command prompt, this has allowed me to access the Microsoft site at last and download their 'Security Essentials' kit, which has promptly located and removed Conficker.B from my laptop. Many thanks, that was beginning to get a bit frustrating! :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.