|
|
#1
 02-25-2009, 09:27 PM
|
||||
|
||||
|
Can't access antivirus sites
Hey,
I'm troubleshooting a firends PC. Symptom: Can't access antivirus websites. IE re-directs to 'spam' sites. When I ping avg com for example it displays 127.0.0.1 (aka localhost). Google searches also get re-directed to 'junk' sites. Cure: Unknown. I've search the net for a solution and most forums have the victim download a multitude of scanning apps. Then the thread dies. No "It worked. Thanks!" Anyone experienced this and found a solution? Thanks, 
|
|
#2
02-26-2009, 12:20 PM
|
||||
|
||||
|
I ran into this as well on my Bro-In-Laws machine, same issue with spam redirects etc etc. I used a USB stick and installed Spybot S&D did a scan and disabled anything I did not recognize on boot (this is done in the advanced section), I then installed Avast and had it do a boot time scan, it found a couple of trojans and one other I forgot what it was.
Most of it is clean now, but I just got a call last night from him that its making all th eusers change PW's, not sure if its the same infection or they found another web site :/...
__________________
________________ <xterm> The problem with America is stupidity. I'm not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? ________________ Brook Moore aka Tw1st3d Kn0t (TK0 on Steam) Viperlair Sr. Staff Writer MSI x58 Platinum Intel i7 920 (2.66@3.54) HIS 3850 6GB SuperTalent PC3-12800
|
|
#3
02-26-2009, 04:52 PM
|
||||
|
||||
|
Thanks. I'll try Spybot. I wonder if AVG Free has a boot time scan. If not I'll try Avast.
FYI - If you ping the AVG website (or any other site that's being re-directed/blocked) from a clean PC, you can use that IP to navigate the site on the infected PC.
|
|
#4
02-26-2009, 06:10 PM
|
||||
|
||||
|
This might be a long shot, but for the website re-directs, it could be as simple as checking your hosts file to make sure that they aren't just being redirected from there.
Open regedit and browse to this key: "\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv ices\Tcpip\Parameters" and look for an entry named "DatabasePath", to determine that the virus hasn't changed the location of your hosts file. The default location should be %SystemRoot%\system32\drivers\etc\ where %SystemRoot% is your windows install directory. By default %SystemRoot% will be C:\Windows (so, the default path should be c:\windows\system32\drivers\etc, and the hosts file should be in the "etc" directory) Close regedit and browse to the directory specified in that registry key. Open the hosts file with notepad (there is no extension, the file is just named "hosts"). You should see a few lines of text that will be preceeded with a # symbol, and the following two entries: KEEP THESE ENTRIES
Code:
127.0.0.1 localhost ::1 localhost
Code:
127.0.0.1 avg.com 127.0.0.1 avgfree.com 127.0.0.1 trendmicro.com 127.0.0.1 pccillinsecurity.com
__________________
Joo Fargin' Sneeeeeky Bastage! eVGA 133-K8-NF41-AX nForce4 SLI AMD Athlon64 X2 4400+ 1GB Kingston DDR400 @ 2-2-2-5 1GB Corsair DDR400 @ 2-2-2-5 Dual eVGA 256MB 7800GTs in SLI Creative X-Fi Music Extreme sound card (6,530 3DMarks)
|
|
#5
03-01-2009, 09:02 PM
|
||||
|
||||
|
I've already checked the host files (in their default location) but haven't looked at the registry key.
Thank you. I'll take a look. All suggestions are greatly appreciated.
|
 |
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
