Jump to content

Cannot access some websites after virus cleaning

Guest Alex

By Guest Alex
in Windows XP

 Share

Recommended Posts

Guest Alex

Guest Alex

Posted
Posted

Hi,

 

I experience huge issues with my laptop since I was infected by Virtumonde

earlier this week.

 

I managed to clean Virtumonde by using spybot, but even though the virus

seems to have disappeared, I still experience huge problems with Internet

browsing.

 

I can access some websites like Lenovo, FreeCall, Free, my router, my bank,

 

but I cannot access other websites such as http://www.lemonde.fr, linkedin,

facebook, oanda, smartmoney...

 

that's weird, that seem that a pipe is blocked or something filtering the

DNS, only allowing some sites... but ping and resolving is OK!

 

I tried flushing DNS to no avail, I have cleared all my caches and temp

files to no avail, I have tried with deactivating the fw to no avail... I

dont know what to do...

 

I could not find anything on the Internet...

 

Here is the symptom: when I start http://www.facebook.com (or another website),

firefox displays Waiting for http://www.facebook.com... in the status bar and

nothing else happens....

 

The problem is also similar with IE7 and I cannot access Windows Update.

 

I tried upgrading to Firefox 3, but the problem remains. I am on Windows XP

OEM SP2... I am hesitating installing SP3, I don't think that would solve the

problem.

 

I checked my router and it seems OK, since other PC on the same router have

no problem accessing any website.

 

I think the mess was created when I tried to eradicate the virus... also my

MS Office seems corrupted, when I try to launch Excel, he asks for CD.

Winword and Outlook are fine though.

 

I have been using Windows PCs for 15 years and I am an IT professional, but

that's the first time I see something like that. I am getting crazy...

 

Any help would be very much appreciated; do u think I should reinstall

Windows, or is there anything else I could try? Any kind of test to indentify

the problem?

 

Cheers,

 

Alex

 

--

Alex

  • Replies 7
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Alex

Guest Alex

Posted
Posted

RE: Cannot access some websites after virus cleaning

 

Update: I think I still have the virus. After a few minutes, I got a crash in

Firefox and the following message : WOWEXEC caused an access violation in

ntvdm.exe

 

Also Spybot informed me that a weird DLL wanted to register itself, I denied

it...

 

I don't know how to cure the problem for good... I tried many tools to fix

virtumonde to no avail...

 

Please help me to find the best option...

 

Alex

 

--

Alex

 

 

 

"Alex" wrote:

> Hi,

>

> I experience huge issues with my laptop since I was infected by Virtumonde

> earlier this week.

>

> I managed to clean Virtumonde by using spybot, but even though the virus

> seems to have disappeared, I still experience huge problems with Internet

> browsing.

>

> I can access some websites like Lenovo, FreeCall, Free, my router, my bank,

>

> but I cannot access other websites such as http://www.lemonde.fr, linkedin,

> facebook, oanda, smartmoney...

>

> that's weird, that seem that a pipe is blocked or something filtering the

> DNS, only allowing some sites... but ping and resolving is OK!

>

> I tried flushing DNS to no avail, I have cleared all my caches and temp

> files to no avail, I have tried with deactivating the fw to no avail... I

> dont know what to do...

>

> I could not find anything on the Internet...

>

> Here is the symptom: when I start http://www.facebook.com (or another website),

> firefox displays Waiting for http://www.facebook.com... in the status bar and

> nothing else happens....

>

> The problem is also similar with IE7 and I cannot access Windows Update.

>

> I tried upgrading to Firefox 3, but the problem remains. I am on Windows XP

> OEM SP2... I am hesitating installing SP3, I don't think that would solve the

> problem.

>

> I checked my router and it seems OK, since other PC on the same router have

> no problem accessing any website.

>

> I think the mess was created when I tried to eradicate the virus... also my

> MS Office seems corrupted, when I try to launch Excel, he asks for CD.

> Winword and Outlook are fine though.

>

> I have been using Windows PCs for 15 years and I am an IT professional, but

> that's the first time I see something like that. I am getting crazy...

>

> Any help would be very much appreciated; do u think I should reinstall

> Windows, or is there anything else I could try? Any kind of test to indentify

> the problem?

>

> Cheers,

>

> Alex

>

> --

> Alex

>

Guest Erwin Moller

Guest Erwin Moller

Posted
Posted

Re: Cannot access some websites after virus cleaning

 

 

Alex schreef:

> Hi,

>

> I experience huge issues with my laptop since I was infected by Virtumonde

> earlier this week.

>

> I managed to clean Virtumonde by using spybot, but even though the virus

> seems to have disappeared, I still experience huge problems with Internet

> browsing.

>

> I can access some websites like Lenovo, FreeCall, Free, my router, my bank,

>

> but I cannot access other websites such as http://www.lemonde.fr, linkedin,

> facebook, oanda, smartmoney...

>

> that's weird, that seem that a pipe is blocked or something filtering the

> DNS, only allowing some sites... but ping and resolving is OK!

>

> I tried flushing DNS to no avail, I have cleared all my caches and temp

> files to no avail, I have tried with deactivating the fw to no avail... I

> dont know what to do...

>

> I could not find anything on the Internet...

>

> Here is the symptom: when I start http://www.facebook.com (or another website),

> firefox displays Waiting for http://www.facebook.com... in the status bar and

> nothing else happens....

>

> The problem is also similar with IE7 and I cannot access Windows Update.

>

> I tried upgrading to Firefox 3, but the problem remains. I am on Windows XP

> OEM SP2... I am hesitating installing SP3, I don't think that would solve the

> problem.

>

> I checked my router and it seems OK, since other PC on the same router have

> no problem accessing any website.

>

> I think the mess was created when I tried to eradicate the virus... also my

> MS Office seems corrupted, when I try to launch Excel, he asks for CD.

> Winword and Outlook are fine though.

>

> I have been using Windows PCs for 15 years and I am an IT professional, but

> that's the first time I see something like that. I am getting crazy...

>

> Any help would be very much appreciated; do u think I should reinstall

> Windows, or is there anything else I could try? Any kind of test to indentify

> the problem?

>

> Cheers,

>

> Alex

>

 

Hi Alex,

 

I don't know what screwed up Office, but if you cannot reach some

websites, try this:

1) In C:\WINDOWS\system32\drivers\etc you will find a file named hosts.

(It has no extension.)

Op this in notepad.

 

It should only contain a bunch of comments that start with # and:

127.0.0.1 localhost

unless you added more by hand.

 

Do you see more?

I am no virusexpert, so I don't know the one you described, but some

malware likes to change your hosts file, in such a way it can fool you.

eg, you type:

http://www.mybank.com

 

but you end up on a completely different site that tries to get your

logincredentials.

 

Could that be your problem?

(If you are in doubt and see more entries than 127.0.0.1 localhost, just

delete them all.)

 

Regards,

Erwin Moller

Guest Malke

Guest Malke

Posted
Posted

RE: Cannot access some websites after virus cleaning

 

Alex wrote:

> Update: I think I still have the virus. After a few minutes, I got a crash

> in Firefox and the following message : WOWEXEC caused an access violation

> in ntvdm.exe

>

> Also Spybot informed me that a weird DLL wanted to register itself, I

> denied it...

>

> I don't know how to cure the problem for good... I tried many tools to fix

> virtumonde to no avail...

 

At this point you should get guided help from one of the specialty forums

listed below (in no particular order). Choose one, register, read its

posting FAQ, and post as directed. PLEASE DO NOT POST LOGS OF THIS SORT IN

THE MS NEWSGROUPS.

 

The alternative is to back up your data and return the computer to factory

condition using whatever method was provided by the laptop mftr. OR take

the machine to a local computer professional (who may do the same thing).

 

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and

the stickies *first*.

http://www.atribune.org/forums/index.php?showforum=9

http://aumha.net/viewforum.php?f=30

http://www.bleepingcomputer.com/forums/forum22.html

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://spywarewarrior.com/viewforum.php?f=5

http://forums.techguy.org/54-security/

http://forums.tomcoyote.org/

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

Guest Alex

Guest Alex

Posted
Posted

Re: Cannot access some websites after virus cleaning

 

Hi,

 

Sorry, forgot to mention about host file:

 

-was using DNSAccelerator so my host file was full of websites (and perhaps

some crap too)

-deactivated my dnsaccelerator and deleted everything in the hosts file

yesterday

-now my hosts file is clean only localhost as you mentioned

 

But it seems that the virus is still present and causing trouble to IE and

Firefox....

Tried many fix tools to no avail

 

Do not see what to do... lost!

 

Alex

--

Alex

 

 

 

"Erwin Moller" wrote:

>

> Alex schreef:

> > Hi,

> >

> > I experience huge issues with my laptop since I was infected by Virtumonde

> > earlier this week.

> >

> > I managed to clean Virtumonde by using spybot, but even though the virus

> > seems to have disappeared, I still experience huge problems with Internet

> > browsing.

> >

> > I can access some websites like Lenovo, FreeCall, Free, my router, my bank,

> >

> > but I cannot access other websites such as http://www.lemonde.fr, linkedin,

> > facebook, oanda, smartmoney...

> >

> > that's weird, that seem that a pipe is blocked or something filtering the

> > DNS, only allowing some sites... but ping and resolving is OK!

> >

> > I tried flushing DNS to no avail, I have cleared all my caches and temp

> > files to no avail, I have tried with deactivating the fw to no avail... I

> > dont know what to do...

> >

> > I could not find anything on the Internet...

> >

> > Here is the symptom: when I start http://www.facebook.com (or another website),

> > firefox displays Waiting for http://www.facebook.com... in the status bar and

> > nothing else happens....

> >

> > The problem is also similar with IE7 and I cannot access Windows Update.

> >

> > I tried upgrading to Firefox 3, but the problem remains. I am on Windows XP

> > OEM SP2... I am hesitating installing SP3, I don't think that would solve the

> > problem.

> >

> > I checked my router and it seems OK, since other PC on the same router have

> > no problem accessing any website.

> >

> > I think the mess was created when I tried to eradicate the virus... also my

> > MS Office seems corrupted, when I try to launch Excel, he asks for CD.

> > Winword and Outlook are fine though.

> >

> > I have been using Windows PCs for 15 years and I am an IT professional, but

> > that's the first time I see something like that. I am getting crazy...

> >

> > Any help would be very much appreciated; do u think I should reinstall

> > Windows, or is there anything else I could try? Any kind of test to indentify

> > the problem?

> >

> > Cheers,

> >

> > Alex

> >

>

> Hi Alex,

>

> I don't know what screwed up Office, but if you cannot reach some

> websites, try this:

> 1) In C:\WINDOWS\system32\drivers\etc you will find a file named hosts.

> (It has no extension.)

> Op this in notepad.

>

> It should only contain a bunch of comments that start with # and:

> 127.0.0.1 localhost

> unless you added more by hand.

>

> Do you see more?

> I am no virusexpert, so I don't know the one you described, but some

> malware likes to change your hosts file, in such a way it can fool you.

> eg, you type:

> http://www.mybank.com

>

> but you end up on a completely different site that tries to get your

> logincredentials.

>

> Could that be your problem?

> (If you are in doubt and see more entries than 127.0.0.1 localhost, just

> delete them all.)

>

> Regards,

> Erwin Moller

>

Guest Alex

Guest Alex

Posted
Posted

RE: Cannot access some websites after virus cleaning

 

Hi Malke.

 

I registered and posted on Atribune.

 

Seems that my computer is still infected....

 

Considered this thread closed. Thanks.

--

Alex

 

 

 

"Malke" wrote:

> Alex wrote:

>

> > Update: I think I still have the virus. After a few minutes, I got a crash

> > in Firefox and the following message : WOWEXEC caused an access violation

> > in ntvdm.exe

> >

> > Also Spybot informed me that a weird DLL wanted to register itself, I

> > denied it...

> >

> > I don't know how to cure the problem for good... I tried many tools to fix

> > virtumonde to no avail...

>

> At this point you should get guided help from one of the specialty forums

> listed below (in no particular order). Choose one, register, read its

> posting FAQ, and post as directed. PLEASE DO NOT POST LOGS OF THIS SORT IN

> THE MS NEWSGROUPS.

>

> The alternative is to back up your data and return the computer to factory

> condition using whatever method was provided by the laptop mftr. OR take

> the machine to a local computer professional (who may do the same thing).

>

> http://aumha.net/ - Click on the HijackThis forum. Read the announcement and

> the stickies *first*.

> http://www.atribune.org/forums/index.php?showforum=9

> http://aumha.net/viewforum.php?f=30

> http://www.bleepingcomputer.com/forums/forum22.html

> http://www.dslreports.com/forum/cleanup

> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

> http://gladiator-antivirus.com/forum/index.php?showforum=170

> http://spywarewarrior.com/viewforum.php?f=5

> http://forums.techguy.org/54-security/

> http://forums.tomcoyote.org/

>

> Malke

> --

> MS-MVP

> Elephant Boy Computers - Don't Panic!

> FAQ - http://www.elephantboycomputers.com/#FAQ

>

>

Guest Erwin Moller

Guest Erwin Moller

Posted
Posted

Re: Cannot access some websites after virus cleaning

 

 

Alex schreef:

> Hi,

>

> Sorry, forgot to mention about host file:

>

> -was using DNSAccelerator so my host file was full of websites (and perhaps

> some crap too)

> -deactivated my dnsaccelerator and deleted everything in the hosts file

> yesterday

> -now my hosts file is clean only localhost as you mentioned

>

> But it seems that the virus is still present and causing trouble to IE and

> Firefox....

> Tried many fix tools to no avail

>

> Do not see what to do... lost!

>

> Alex

 

Yeah, malware can be a real pain.

I never had a virus/keylogger/whatever that actually made it that far it

infected my PC ever in the 25 years I use computers now. :-)

/me knocks on wood.

 

For what it is worth: the only tools I use lately are:

1) Mc Afee virusscan (set to scan every file written to disk, which IS a

performancepain on low-end systems, but untill now it kept my system clean.)

2) adaware.

 

I suggest you do something similar when your PC is up and running again.

 

I saw you went for advise to the virushelp forums now.

If they cannot help you, my advise would be:

1) Back up your whole PC (not systembackup, but simply the files you need)

2) reinstall windows

3) install GOOD anti-virus software

4) Get latest servicepacks in and all other windowsupdate stuff

5) Never use IE, use FF instead.

 

Then have a look at your backup'ed files, and place them on your new system.

If some of them are infected, your virusscanner will recognize them.

 

Hope that helps.

 

Good luck.

Regards,

Erwin Moller

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: Cannot access some websites after virus cleaning

 

You'll most likely find that Vundo is still present, along with ZLOB and an

SDBot-variant, all protected by a rootkit. And chances are that Windows

Update and your anti-virus application aren't working.

 

Alex wrote:

> Hi Malke.

>

> I registered and posted on Atribune.

>

> Seems that my computer is still infected....

>

> Considered this thread closed. Thanks.

>

>> Alex wrote:

>>

>>> Update: I think I still have the virus. After a few minutes, I got a

>>> crash

>>> in Firefox and the following message : WOWEXEC caused an access

>>> violation

>>> in ntvdm.exe

>>>

>>> Also Spybot informed me that a weird DLL wanted to register itself, I

>>> denied it...

>>>

>>> I don't know how to cure the problem for good... I tried many tools to

>>> fix

>>> virtumonde to no avail...

>>

>> At this point you should get guided help from one of the specialty forums

>> listed below (in no particular order). Choose one, register, read its

>> posting FAQ, and post as directed. PLEASE DO NOT POST LOGS OF THIS SORT

>> IN

>> THE MS NEWSGROUPS.

>>

>> The alternative is to back up your data and return the computer to

>> factory

>> condition using whatever method was provided by the laptop mftr. OR take

>> the machine to a local computer professional (who may do the same thing).

>>

>> http://aumha.net/ - Click on the HijackThis forum. Read the announcement

>> and the stickies *first*.

>> http://www.atribune.org/forums/index.php?showforum=9

>> http://aumha.net/viewforum.php?f=30

>> http://www.bleepingcomputer.com/forums/forum22.html

>> http://www.dslreports.com/forum/cleanup

>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

>> http://gladiator-antivirus.com/forum/index.php?showforum=170

>> http://spywarewarrior.com/viewforum.php?f=5

>> http://forums.techguy.org/54-security/

>> http://forums.tomcoyote.org/

>>

>> Malke

>> --

>> MS-MVP

>> Elephant Boy Computers - Don't Panic!

>> FAQ - http://www.elephantboycomputers.com/#FAQ

 Share
Go to topic listing
×
×
  • Create New...