Canreef Aquatics Bulletin Board
Page 2 of 3 < 1 2 3 >
Show 40 post(s) from this thread on one page

Canreef Aquatics Bulletin Board (http://www.canreef.com/vbulletin/index.php)
-   Lounge (http://www.canreef.com/vbulletin/forumdisplay.php?f=14)
-   -   these sites down? (http://www.canreef.com/vbulletin/showthread.php?t=47961)

Powertec 01-04-2009 04:55 AM
Mark did you try to get to that site in Safemode?
I had an issue the other day which makes me wonder if i had the same problem but i went in with safemode with networking and managed to get whatever it was off.

mark 01-04-2009 06:00 AM
still blocked in safemode

KrazyKuch 01-04-2009 06:34 AM
Can you get to this website???
http://vundofix.atribune.org/

that should get ride of the trojan

mark 01-04-2009 06:53 AM
Quote:
Originally Posted by KrazyKuch (Post 374169)
Can you get to this website???
http://vundofix.atribune.org/

that should get ride of the trojan
blocked in both IE and Firefox.

At least Canreef is still here.

midgetwaiter 01-04-2009 07:15 AM
Mark sent me a PM with a screenshot of what is going on when he tries to update spybot and I think you guys are right it is this vundo thing. I checked it out, it's a bastard.

For the techie types that may be interested, it works by using a Browser Help Object to snag requests to anti spyware sites and redirect them to localhost. This is especially evil because any spyware definition update that use a dll from the standard microsoft network package seem to be also redirected by the BHO.

Hijack This! is probably the best tool for getting rid of this kind of thing but like Snaz says it isn't exactly simple to use.

Mark, I'll put the Vundofix program from Atribune on my site and send you a link.

mark 01-04-2009 07:19 AM
was able to get Vundofix v7.0.6 fr Softpedia.com.

It didn't find anything.

Aquattro 01-04-2009 04:40 PM
Can the BHO be unloaded from within IE? If not, can dll or ocx be renamed before launching IE?

Snaz 01-04-2009 04:47 PM
If it is a Browser Helper Object(BHO) that is doing the redirect then Hijackthis should clean that up.
http://www.download.com/Trend-Micro-...-10227353.html

Close all other programs, install HJT and then click "Do System Scan and Save a Log file"

It will list all kinds of switches and programs that determine how your computer behaves. As a start, select all BHO and click "FIXED CHECKED". Becareful with the other items HJT finds as some of them are needed for your computer to run. Removing all BHO should not an issue but yahoo toolbars etc will be missiing but you can always install them again as needed. The object today is to get you browser to goto your AV home to update definitions. If your current AV does not fix it try AVG Free AV at:

http://grisoft.com and search there site for "FREE" and try the free version, very nice.

If that does not work and you have the time, try the HJT upload service, it may take you further.

Keith

DanG 01-04-2009 09:06 PM
Quote:
Originally Posted by mark (Post 374126)
Using Superantispyware and Spybot (all freeware).

Thing with this is just tried the malwarebytes site and was blocked;

With Firefox get:

Failed to Connect

The connection was refused when attempting to contact www.malwarebytes.org.


Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.

* Are you unable to browse other sites? Check the computer's network connection.

* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.
See if you can get it from http://www.download.com/Malwarebytes...=dl&tag=button

mark 01-05-2009 03:34 AM
Quote:
Originally Posted by DanG (Post 374327)
Looks like I got it with Malwarebytes.

A big thanks to all.


All times are GMT. The time now is 07:46 PM.
Page 2 of 3 < 1 2 3 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.