these sites down?
 

Picked up some spyware the other day and think I got some of it with the old definitions I had, but now if I try to update Spybot or SuperantiSpyware, I can't.

I've allowed the sites through the firewall as done updates before and even turn the firewall off but can't connect to http://www.spybot.info/ or http://www.superantispyware.com/ .

These sites should be okay as show as the sites home page and come up on google, but could someone try them. Not sure if being paranoid that whatever I got is blocking them or they're just down. There's still something as everytime I open a link in Firefox (default is in a new tab) a second window tries to start (http://sagipsul.com/...).

They both worked fine for me with Safari Mark.

Hi Mark

Im on firefox and they all open fine for me as we'll.

open the file c:\windows\system32\drivers\etc\hosts in notepad.

You should see this:
The last line may be missing in XP, no biggie.

Some spyware will insert additional entries in the file. This file is used to maintain a list of hosts and their numerical addresses so your computer can figure out just who www.whatever.com is. With your internet connection this mapping is provided by your DNS servers but entries in this file will override that. It has become common for spyware to put something like

127.0.0.1 www.spybot.info

into this file so your computer can't find the site, just remove the line and save the file. That will get rid of it.

Thanks, tried this and still no joy. Even thought I would try some other anti-spyware and places like Microsoft Download Ctr is blocked

open a command prompt and do this

nslookup (enter)

then type in www.spybot.info and hit enter again.

Your output should look like this:

now try http://89.238.64.39 in the address bar of your browser.

What ever you picked up Mark so do I... it seems to block all the anti-spyware/anti-virus sites that I can think of.. :(

Not sure how to go about removing the infection. :sad:

Update your Anti virus definitions if you can. It will probably fail. Then do a full computer scan in SAFE MODE:

1. Enter safe mode by tapping F8 as soon a the computer starts or restarts. You will get a menu to enter safe mode, try safe mode with networking as then you might be able update your AV definitions.

2. Do a full computer scan while in safe mode, delete or quarantine any nasties.

3. Reboot and do it all again, enter safe mode and do a full computer scan.

4. Reboot into normal mode. If the virus comes back then you will need to work harder to clean it up. Tools like Hijackthis will help but are not for the novice. Get a nerd buddy to help or otherwise backup your files, bookmarks etc and wipe the machine. :sad:

Good luck

You've got vundo, it's a really really nasty piece of spyware.

I've gotten rid of it on a friends laptop using Malware Bytes anti malware program.

www.malwarebytes.org

What are you running for antivirus?

Using Superantispyware and Spybot (all freeware).

Thing with this is just tried the malwarebytes site and was blocked;

With Firefox get:

Failed to Connect

The connection was refused when attempting to contact www.malwarebytes.org.


Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.

* Are you unable to browse other sites? Check the computer's network connection.

* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

Mark did you try to get to that site in Safemode?
I had an issue the other day which makes me wonder if i had the same problem but i went in with safemode with networking and managed to get whatever it was off.

still blocked in safemode

Can you get to this website???
http://vundofix.atribune.org/

that should get ride of the trojan

blocked in both IE and Firefox.

At least Canreef is still here.

Mark sent me a PM with a screenshot of what is going on when he tries to update spybot and I think you guys are right it is this vundo thing. I checked it out, it's a bastard.

For the techie types that may be interested, it works by using a Browser Help Object to snag requests to anti spyware sites and redirect them to localhost. This is especially evil because any spyware definition update that use a dll from the standard microsoft network package seem to be also redirected by the BHO.

Hijack This! is probably the best tool for getting rid of this kind of thing but like Snaz says it isn't exactly simple to use.

Mark, I'll put the Vundofix program from Atribune on my site and send you a link.

was able to get Vundofix v7.0.6 fr Softpedia.com.

It didn't find anything.

Can the BHO be unloaded from within IE? If not, can dll or ocx be renamed before launching IE?

If it is a Browser Helper Object(BHO) that is doing the redirect then Hijackthis should clean that up.
http://www.download.com/Trend-Micro-...-10227353.html

Close all other programs, install HJT and then click "Do System Scan and Save a Log file"

It will list all kinds of switches and programs that determine how your computer behaves. As a start, select all BHO and click "FIXED CHECKED". Becareful with the other items HJT finds as some of them are needed for your computer to run. Removing all BHO should not an issue but yahoo toolbars etc will be missiing but you can always install them again as needed. The object today is to get you browser to goto your AV home to update definitions. If your current AV does not fix it try AVG Free AV at:

http://grisoft.com and search there site for "FREE" and try the free version, very nice.

If that does not work and you have the time, try the HJT upload service, it may take you further.

Keith

See if you can get it from http://www.download.com/Malwarebytes...=dl&tag=button

Looks like I got it with Malwarebytes.

A big thanks to all.

Ip-address
 

In the First page they show the Ip-address..You can also check out the Ip-address of any site using the ip-address..

Try this site it owned by symantec, Quorterdeck software use to own it about 10 years ago. So when ever I come arcost a persons computer that will not let them go to a anti-virus site try this one www.qdeck.com. I don't know about now but Norton use to have a free live scan app on the site. This site has never been blocked before as it is use a mirror site now you get redirected to symantec's home site through this site. It is like anominous serfing. If you can not get to a site through normal meens try using a surch engine and use the link provided.

Bill