V I P E R L A I R .com - Forums

V I P E R L A I R .com - Forums (http://www.viperlair.com/forums/index.php)
-   OS related, Software and Security (http://www.viperlair.com/forums/forumdisplay.php?f=13)
-   -   Can't access antivirus sites (http://www.viperlair.com/forums/showthread.php?t=7616)

TheFunnyGuy 02-25-2009 10:27 PM
Can't access antivirus sites
 
Hey,

I'm troubleshooting a firends PC.

Symptom:
Can't access antivirus websites. IE re-directs to 'spam' sites. When I ping avg com for example it displays 127.0.0.1 (aka localhost). Google searches also get re-directed to 'junk' sites.

Cure:
Unknown. I've search the net for a solution and most forums have the victim download a multitude of scanning apps. Then the thread dies. No "It worked. Thanks!"

Anyone experienced this and found a solution?

Thanks,

pF.TK 02-26-2009 01:20 PM
I ran into this as well on my Bro-In-Laws machine, same issue with spam redirects etc etc. I used a USB stick and installed Spybot S&D did a scan and disabled anything I did not recognize on boot (this is done in the advanced section), I then installed Avast and had it do a boot time scan, it found a couple of trojans and one other I forgot what it was.
Most of it is clean now, but I just got a call last night from him that its making all th eusers change PW's, not sure if its the same infection or they found another web site :/...

TheFunnyGuy 02-26-2009 05:52 PM
Thanks. I'll try Spybot. I wonder if AVG Free has a boot time scan. If not I'll try Avast.

FYI - If you ping the AVG website (or any other site that's being re-directed/blocked) from a clean PC, you can use that IP to navigate the site on the infected PC.

LoTekGuru 02-26-2009 07:10 PM
This might be a long shot, but for the website re-directs, it could be as simple as checking your hosts file to make sure that they aren't just being redirected from there.
Open regedit and browse to this key:
"\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\Tcpip\Parameters" and look for an entry named "DatabasePath", to determine that the virus hasn't changed the location of your hosts file. The default location should be %SystemRoot%\system32\drivers\etc\ where %SystemRoot% is your windows install directory. By default %SystemRoot% will be C:\Windows (so, the default path should be c:\windows\system32\drivers\etc, and the hosts file should be in the "etc" directory)
Close regedit and browse to the directory specified in that registry key. Open the hosts file with notepad (there is no extension, the file is just named "hosts"). You should see a few lines of text that will be preceeded with a # symbol, and the following two entries: KEEP THESE ENTRIES
Code:
127.0.0.1      localhost
::1            localhost
Any other lines, especially if they start with 127.0.0.1 and have an antivirus website tagged to them such as this:
Code:
127.0.0.1    avg.com
127.0.0.1    avgfree.com
127.0.0.1    trendmicro.com
127.0.0.1    pccillinsecurity.com
will need to be deleted. after deleting these entries, save the file. changes should take effect immediately, and hopefully if you found anything like this, you will now be able to successfully browse to the sites you need to get to.

TheFunnyGuy 03-01-2009 10:02 PM
I've already checked the host files (in their default location) but haven't looked at the registry key.

Thank you. I'll take a look. All suggestions are greatly appreciated.


All times are GMT -4. The time now is 07:03 PM.

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
All trademarks used are properties of their respective owners. Copyright © 2001-2004 Viper Lair

[Output: 7.91 Kb. compressed to 7.67 Kb. by saving 0.24 Kb. (2.99%)]