cannot update Spybot/Ad-Aware and cannot download Comodo

So, this is a multiple part question. I have tried just about everything that i can think of less of replacing the hard drives.

About three days ago, i noticed that every time i open up my mozilla firefox, when i would load a page, it would say "transferring data from google-analists.com" on the bottom of the page. I went to go try to download Comodo from their website, and got a error message saying that the page cannot be found.

Trying to access safer-networking.org aka spybot, came up with the same error. I have spybot on my computer, and went to try to update it, and got a "error retrieving update info." and cannot get into the website. I cannot update Ad-Aware either, i get the same connection message whenever i try to update it.

I had what looked like a virus on my D drive, and so after formatting and deleting the partition, not to mention redoing windows 3 times, i still am unable to download these files, update them etc.

I also keep getting a popup running firefox about my browser running in unsafe mode and to download some online protection tool. It does it with certain sites. The CD that i used to update my windows XP is the same one that came with the dell computer that i have.

I am also having all of the above issues on my dell laptop. I have formatted drives and reinstalled windows and am afraid that i may have a major virus and have to replace both hard drives in laptop and desktop. Is there anyone who can help me please? Im at my wits ends and about to rip the hard drives out and throw a magnet on each one.

~Frustrated Windows User

 

djkorn, sounds like a major problem. I try to help you if I can.

First, what is your OS, XP or something else?

2oG

 

I am running XP.

The following is what happens:

Comodo- Cannot download ( page error)
Spybot - cannot update, nor download from website ( page error)
Ad aware - Can download, cannot update
Peer guardian - Download, cannot update

Also, i have google-analytic hitting my website, and the windows protection tool only pops up from time to time. I sometimes have pages pop up on my browser as well when i google something,

 

You have picked up a Trojan that is blocking you from downloading or running anything that can remove it.

In order to remove it you must use a boot disk that doesn't start windows..

This is important:
On a CLEAN COMPUTER, if you don't have one then use a friend's computer and follow these instructions to create a Rescue Disk and then run it on the infected computer:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163


Then, reply as to how it went and we can go from there……


2oG

 

Can I use a cd I do not have a floppy drive or do I need a flopy drive

 

On a clean machine, download the program and click on the icon. It will ask for a CD to be in the drive and will burn it... Take it to the infected machine and boot it - you may need to print the instructions on the clean machine, to use for running it on the infected one..

.2oG

 

ok, so ran the file. It came up with 4 records and 1 warning, the warning being from a system restore that it couldnt read because it was encrypted. This is my laptop, my desktop i cant even get it to load up to be able to scan at the moment, im not sure what happened exactly.

Also, i cannot download any windows products such as defender one care or security suite.

Im lost at the moment, would a windows XP boot cd work? it didnt find any actual files though but will try one more time.

 

Let's work on ONE computer at a time.... I'm not bi-lingual. Lol

I guess we can start with the laptop since you were able to run the Rescue Disk on it.

First, I will need a way to look into it.. I don't have a crystal ball either.


Let’s have a look/see and hopefully determine what your problem is.

First Step:

Download HJTInstall.exe to your Desktop.

• Doubleclick HJTInstall.exe to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• The log will be saved as HijackThis.log in the C:\Program Files\Trend Micro\HijackThis folder.
• Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please copy and paste this Log in your next reply and tell me what problems you are having with the laptop….. Thanks.

2oG

 

At the present moment not only is the internet freezing up when I try to access this page but attempting to copy the txt file over to a flash drive it has froze up my computer. I'm replying from phone because neither computer works now. I think it hit the hard drive master record. The reason I say this is because every time I format the drives and reinstall I'm getting the same things happen google analystic is putting pages on my browser in firefox and ie is blocking their cookies. What I don't get is how google hijacked my browser bc even trying tgo load my school page and it would redirect me to a blank page with google analystic .com as the destination

The online protection tool is a antivirus that tries to charge me . I am wondering if replacing the drives might work . If the virus got deep enough could it stay dormnant even tho I formatted? I am using 2 120 gig and am tempted to just replace the drives

 

This is a malware removal forum and I have given you the link to one of the best malware removal boot disk that is around. It boots Linux from memory and doesn't use the drive. If it doesn't work then I would say you have more problems than I can deal with as a third party. That is, not being able to see your computer or lay hands upon it......

If you have the skills, I would suggest trying to re-format your drive, a full format and not a quick one, and then install the windows operating system from your instillation disk, assuming you have one.

If that doesn't work, before buying and installing new drives (that may not be the problem) take it to a computer repair shop, or a tech you know, for an estimate and get ready to open your wallet.......

wishing you all the luck...

2oG

 

May the force be with you.......................

 

It hapens right away after I reinstall windows. I have formatted both drives through windows setup and am kinda at a loss for words now. Every time I use mozilla it keeps trying to redirect the page amd in ie the same cookie keeps getting blocked. Its the google analystics cookie.

I cannot update nor dowbload any anti spy ware or malware programs from their sites io get a page error that it cannot display page. Avast updates just fine though but anything else it won't update. I have the logfile for hijack this and will post as soon as possible. Its weird I can download anti spy ware from oldversion.com but cannot update them. Same thing with anti virus with exception to avast. I did try unplugging router and vattery from laptop to clear ram but that did not work.

 

Rewriting master boot didn't work. Found vunerabilities but can't download windows products to computer. Any suggestions? Panda found them all including oscarbot.kd and exploit/metafile

 

Tried doing that a couple time now, but the problem is that it is still there. Ill try this again though, but i have a feeling that it wont work. I even went as far as to reset the BIOS by yanking out the battery.

The virus name is ocrabot.kd and it infected the MS060-040 vulunerability. I have a feeling that my copy of windows XP service pack 2 might have been infected but im not 100 percent certain

 

So here is the solution if this ever happens to anyone else. First off take the infected computer away from the router if one exists. Isolate the computer and run everything in safe mode avast works best. Do a boot scan and then safe mode. After runnong these things unplug both your router and modem for 30 min and when u plug it in reset it. Run one computer at a time and manually update windows. Get ur service pack from a clean computer and install from disk

 

So happy you were able to take care of this problem..
I guess both ddp and I were overlooking the fact that you had a router. It kinda got lost from the thought process (for me, anyway).

Thanks for sharing what you came up with. Hopefully it can be used to help some other poor victim that has been infected.

2oG

 

Yep. The funny thing about it is that you have to take at least one computer away from the infected site so to speak. That way it can connect to a clean router to do all the cleaning.

My suggestion is as follows: Download everything you need to cd from a clean computer, and then run infected computer in safe mode, Run as much as you can in there to clean it, tracking cookies and all. Get the latest service pack and install that, most times that would work.

Then turn off computer, reset router and clean router out by unplugging both modem and router for 30 minutes. This will clear anything held on routers memory. Have the router disc handy for this one.

Then replug in router and modem, reset router again. This ensure its been wiped, better safe than sorry. After these things have been done, reboot computer in normal mode and download updates manually. Dont worry if this takes a time or two, as there are a ton for windows, not all are high security or critical, get them all.

Dont use avast for your anti virus either, it has a clone32 virus on it. I suggest comodo firewall and antivirus personally. These work the best. Get spybot and update regularly, and also have another level of protection on top of that.

Happy hunting and if there is ay problems feel free to email me at edited by ddp and i can see what help i could offer. This virus i got is called Oscarbot.KD and it will infect you through AOL instant messenger or Through some facebook apps. It infects your IRC controller and can install itself as hardware. It will also hijack your genuine windows verificiation or remove windows update service.

Before wiping your drive, check three things:

1. Device manager for any strange hardware you shouldnt have, such as a floppy disk drive ( i didnt have one) and it was installed. Dont uninstall it, but instead disable it. If you uninstall, it reinstalls on next reboot.

2.) Do a complete scan of your computer in safe mode. This will catch things you cant catch in regular mode.

3. Double check all your settings. Get a hijack this report or some other report from a third party program and look for any suspicious activity, services that shouldnt be there or BHO ( browser helper Objects) that seem kinda strange or off to you, that is usually the first sign you got a virus.

Happy hunting.