PDA

View Full Version : Hijacked and blocked from most spyware support sites.



Tensai
23-08-2008, 02:53 AM
Sorry for the test topic, but whatever is on my computer isn't letting me post on forums as well it seems... just resets my connection everytime. I tried to get this through so many times, you wouldn't believe it... got surprised the test topic actually got posted, was sort of a desperate attempt. Once again, excuses.

What I did before my computer got 'hit'

I was on a (previously) trusted torrent site, tried to download a torrent, got redirected to one of those sites that needed you to wait a few seconds before the download link appears, clicked on it and suddenly my computer became slow as hell... before I realized something popped up calling itself "windows xp virus scanner" and telling me to click install.
Of course I ignored it, but the computer was so slow I decided to just hit the reset button.

The problems

Once I got back into windows, the desktop has a Warning! Spyware detected on your computer! install an antivirus or spyware remover to clean your computer block. Then further down it shows two detected files: "Warning! win32/adware.virtumonde detected on your computer"

and

"Warning! win32/privacyremover.m64 detected on your computer"

It looks like the interface of an antivirus program, but it's imprinted in my desktop, so I guess sort of a wallpaper rather than something real. The rest of the desktop is now white. Also, popups appeared and when I idle for a while, I get this (luckily, it turns out it's only a screensaver): a blue screen with the following warning: "A problem has been detected and windows will restart to prevent damage to your computer". The screen then turns black and proceeds to show the exact same rebooting screens as when you reboot Windows XP.

I went on to reboot in safe mode and scan the computer with avg spyware 7.5. After deletion of 110 tracking cookies, I booted back into windows to download the latest version of spybot for another scan... unfortunately, all its sites seem down and when I tried to install the older version I still had on my computer, it couldn't connect to the site for the install???
An awful lot of other sites I usually go to for problem solving seem to not connect as well, they just give me an "unable to connect" page immediately. It doesn't even try to connect, as if normally happens when you're working offline or your internet is down. Can't enter any site I googled with "antispyware" in its link name either and can not enter hijackthis.nl either.

Whatever is on my computer couldn't possibly have a list of wellknown spyware removal sites which it blocks you from entering them could it???

Tensai
23-08-2008, 02:56 AM
A hijackthis log with v. 2.0.2

There's probably a newer version out now, but I can't go to hijackthis sites it seems to download it so I hope this can do:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:46, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcr6dj0er99.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\oembios.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OutpostFeedBack]

Tensai
23-08-2008, 02:59 AM
C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [lphcr6dj0er99] C:\WINDOWS\system32\lphcr6dj0er99.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerWord 2002.lnk = C:\Program my\Kingsoft\XDict\XDICT.EXE
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f97d314b4a8411d1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8691 bytes

Tensai
23-08-2008, 03:00 AM
Hope someone can help me with this... thanks in advance.

EDIT: I also just used atf cleaner, selected everything and emptied.

Speedy Gonzales
23-08-2008, 05:50 AM
Run hijackthis again (you've got the latest version), tick these then tick fix checked

Close browsers

Disable system restore

C:\WINDOWS\system32\lphcr6dj0er99.exe <-- delete this file, this file will be the main problem

Uninstall Symantec Internet Security, its rubbish

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lphcr6dj0er99] C:\WINDOWS\system32\lphcr6dj0er99.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...9_20060727.cab

Then reboot.

Then get Malwarebytes and trojan remover in my sig below, install, and update both. Then click on scan. Then select all options under the utilities menu in trojan remover. If you cant get to the trojan remover site, Here's the direct link to the file (http://www.simplysup1.com/download/dl/trsetup.exe)

Uninstall AVG and Install Avast Home (www.avast.com)

pctek
23-08-2008, 08:59 AM
I was on a (previously) trusted torrent site, tried to download a torrent, got redirected to one of those sites


Tut, tut. No such thing as trusted torrents.
For one thing, never mind the torrent site itself, where do you think all these files come from? Someone elses infested PC most likely.

And second you should have all your anti-spyware already installed, not try to get them after the infections have occurred.

Apart from what Speedy has said, make sure you have at least 2 antispyware programs installed, update them at least once a fortnight and scan at least twice a week.

Spybot
Spyware Terminator
Superantispyware

are 3 of the better free ones.

Tensai
23-08-2008, 09:05 AM
Run hijackthis again (you've got the latest version), tick these then tick fix checked

Close browsers

Disable system restore

C:\WINDOWS\system32\lphcr6dj0er99.exe <-- delete this file, this file will be the main problem

Uninstall Symantec Internet Security, its rubbish

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lphcr6dj0er99] C:\WINDOWS\system32\lphcr6dj0er99.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...9_20060727.cab

Then reboot.

Then get Malwarebytes and trojan remover in my sig below, install, and update both. Then click on scan. Then select all options under the utilities menu in trojan remover. If you cant get to the trojan remover site, Here's the direct link to the file (http://www.simplysup1.com/download/dl/trsetup.exe)

Uninstall AVG and Install Avast Home (www.avast.com)

Thanks for the reply and your help.

Before I do anything, I see you have taken out a few lines from my hijackthis log. What do you want me to do with that?

And removing the file you're telling me: is it as simple as going to that particular directory and delete it? Or is your explenation and advice on downloading and running the programs you mentioned further down meant to tell me how to get rid of that file?

I should have included into the post that I am no computer expert, nor do I deal with this stuff regularly... so basically, I need to be told what to do to the point :(

Speedy Gonzales
23-08-2008, 09:11 AM
You tick the entries I posted, then tick fix checked. Like what I said in the post

NO, dont delete the folders, you'll make things worse

Go to control panel / add or remove programs, find the entry then uninstall the program

The files / links I gave will scan your system to see if there's anything nasty on it. And Avast is better than AVG as an Anti virus program

And if the my computer icon is on the desktop / right mouse on it / properties. Go to the system restore tab FIRST, and tick turn off system restore

Tensai
23-08-2008, 09:42 AM
I have just:

-uninstalled symantec from the add-remove

-disabled system restore

-closed browsers

-ran hjt, checked the lines you told me to, fixed them

-rebooted

The desktop has turned from white to blue, with that fake warning thing still imprinted in it.

Internet speed seems to be back though.

I could not delete the file you told me to, says it's in use.

What now?

Tensai
23-08-2008, 09:45 AM
Never mind, after the reboot, I tried again. That file is gone now. Should I reboot to check if the desktop is back to normal yet?

Speedy Gonzales
23-08-2008, 09:50 AM
Yup reboot then get the files I posted in the links

Tensai
23-08-2008, 10:00 AM
Internet speeds are back (still can't get on spybot s&d site or forums though, same with you?), computer a whole lot less sluggish, but deleting that file and rebooting didn't get rid of that fake warning on my desktop.

Anything else wrong with my comp?

Pancake
23-08-2008, 10:04 AM
Its all fixable.....



Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


==============================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Speedy Gonzales
23-08-2008, 10:05 AM
Did you install trojan remover and Avast?

Get malwarebytes as well. Install and update it then click on scan

Its in my sig below

Tensai
23-08-2008, 10:10 AM
Pancake, just saw your post. Are you telling me what to do after I did the fixes speedy gonzales told me to do or replying to the original problem?
I'll do what you're asking anyway.


Did you install trojan remover and Avast?

Get malwarebytes as well. Install and update it then click on scan

Its in my sig below

Not yet, just tried to go to malwarebytes site in your sig... same problem, something seems to be blocking me to go there (probably because it recognizes the words malware in the link.. ****ing snidey ***holes whoever created this crap).

Thanks for your help, having a go with pancake's advice as well now before I focus on the after-cleanup.

Speedy Gonzales
23-08-2008, 10:12 AM
Thanks for your help, having a go with pancake's advice as well now before I focus on the after-cleanup.

Go for it

Tensai
23-08-2008, 10:15 AM
Pancake, can't connect to either of the links for that mbam software. Whatever it is that's still on my comp is blocking me. Get an instant connection error. Anyone able to send me that file or have other links...

Nor can I go to that site for combofix. However, I still have that from help I received for a similar (less big) problem a year ago, so I'm not sure if that version is too old.

Speedy Gonzales
23-08-2008, 10:29 AM
Click this to download malwarebytes (http://majorgeeks.com/downloadget.php?id=5756&file=14&evp=693ee0b20204960edfd909666f809b26)

Pancake
23-08-2008, 10:30 AM
The old version is no good.You need the latest.Can you download the stuff from another computer and tranfer it to yours..?

Tensai
23-08-2008, 10:32 AM
No... can you upload them to sendspace or something like that... can probably go to those sites.

EDIT: speedy, can't get it from there either. Majorgeeks seem to be blocked as well, tried to enter that site from my google search earlier today and it was the same problem.

Tensai
23-08-2008, 10:48 AM
Hmmm, internet seems to be acting like before again... pages half-loading oftentimes, slow as hell.

wainuitech
23-08-2008, 10:57 AM
OK its being sneaky eh! so lets out sneak it-:rolleyes: Download This file here (http://dl3u.savefile.com/0b5aef24801757b587102347e93e2d94/mbamsetup.pdf) - I have uploaded malware bytes to a file sharing site.

NOW heres how to fool the bugs, download the file, you will see its named as pdf, RENAME it to mbamsetup.exe it will change to the exe file, install and run as directed before.

Speedy Gonzales
23-08-2008, 10:57 AM
Go to start / search. Type in hosts

Highlight it (its just called hosts), / right mouse / open. Select notepad. Then OK

Copy and paste whats in this file here

Tensai
23-08-2008, 11:11 AM
OK its being sneaky eh! so lets out sneak it-:rolleyes: Download This file here (http://dl3u.savefile.com/0b5aef24801757b587102347e93e2d94/mbamsetup.pdf) - I have uploaded malware bytes to a file sharing site.

NOW heres how to fool the bugs, download the file, you will see its named as pdf, RENAME it to mbamsetup.exe it will change to the exe file, install and run as directed before.

Thanks got it. Got the new version of combofix for me as well?


Go to start / search. Type in hosts

Highlight it (its just called hosts), / right mouse / open. Select notepad. Then OK

Copy and paste whats in this file here

Seems to not be the problem, hasn't been modified since 2001.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

By the way, when I try to install spybot, it connects with 127.0.0.1 and then the error... shouldn't it be connecting with the spybot site. :confused:

Speedy Gonzales
23-08-2008, 11:13 AM
Ok, the hosts file isnt the prob

wainuitech
23-08-2008, 12:18 PM
Okay - heres combofix - same as before Download from here (http://dl3u.savefile.com/377ceae2db46cf81875c9d0caf9bfbab/ComboFix.pdf) - direct link, then rename to Combofix.exe