Extrange behaviour of Windows XP.

Discussion in 'Virus Information' started by CENTRINO, Jun 23, 2010.

  1. CENTRINO

    CENTRINO Guest

    Hi.

    I am having a problem with Microsoft sites from a windows XP: I cannot ping
    them, hosts file is OK, DNS resolves OK but somehow I cannot access
    windowsupdate.microsoft.com an others from ping or Iexplorer.

    Another curious effect, is that if I do write on the Iexplorer, search box
    "windowsupdate", the explorer cannot access google, the default search
    engine.

    If I do start windows XP in restricted mode and network support (F8), I can
    access microsoft's sites, but windows update does not work.

    I have Used Spybot, Antivir, Clamwin, ccleaner, no infection found ... It
    seems some sort of rootkit, becouse I cannot see any extrange process with
    procexp.

    Any clue?

    Thanks in advance
     
    CENTRINO, Jun 23, 2010
    #1
    1. Advertisements

  2. From: "CENTRINO" <>

    | Hi.

    | I am having a problem with Microsoft sites from a windows XP: I cannot ping
    | them, hosts file is OK, DNS resolves OK but somehow I cannot access
    | windowsupdate.microsoft.com an others from ping or Iexplorer.

    | Another curious effect, is that if I do write on the Iexplorer, search box
    | "windowsupdate", the explorer cannot access google, the default search
    | engine.

    | If I do start windows XP in restricted mode and network support (F8), I can
    | access microsoft's sites, but windows update does not work.

    | I have Used Spybot, Antivir, Clamwin, ccleaner, no infection found ... It
    | seems some sort of rootkit, becouse I cannot see any extrange process with
    | procexp.

    | Any clue?

    | Thanks in advance


    CCleaner is not anti malware so that wouldn't help.

    Try Gmer. An anti rootkit utility.
    http://www.gmer.net/
     
    David H. Lipman, Jun 23, 2010
    #2
    1. Advertisements

  3. CENTRINO

    David Kaye Guest

    Microsoft does not run a ping server on that address. They also don't run one
    on microsoft .com either. If you want to ping Microsoft try: ping
    ping.microsoft.com -- their ping server uses the ping domain.
     
    David Kaye, Jun 23, 2010
    #3
  4. CENTRINO

    CENTRINO Guest

    Yes, it was 207.46.18.94

    C:\WINDOWS\system32\drivers\etc\hosts is empty

    Note, that when starting in fail safe mode with network support, browser
    can access windowsupdate.microsoft.com, but not in normal mode.
    I can also use the searchbox in IE wich returns google unswers.

    If in normal mode I place the word "windowsupdate" it does not find
    google site, but if I place "windowupdate" for example, it does.

    So, the supposed virus is intercepting what I write in IE input boxes
    and changing it.

    So, I think that some hidden process in normal mode, is redirecting or
    hiding MS website by substituting windowsupdate word. Any clue of what kind
    of virus I have and how to remove it?
     
    CENTRINO, Jun 24, 2010
    #4
  5. CENTRINO

    CENTRINO Guest

    I know I know CCleaner is just a crap cleaner, but sometimes it deletes
    temporary files that result to be viruses ... and yes, I tryed gmer with no
    results.
     
    CENTRINO, Jun 24, 2010
    #5
  6. CENTRINO

    CENTRINO Guest

    Ooops Another clue: automatic updates downloads remains 0%
     
    CENTRINO, Jun 24, 2010
    #6
  7. From: "CENTRINO" <>

    | I know I know CCleaner is just a crap cleaner, but sometimes it deletes
    | temporary files that result to be viruses ... and yes, I tryed gmer with no
    | results.


    All viruses are malware but not all malware are viruses.




    Download and execute HiJack This! (HJT)
    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    Then post the contents of the HJT log with a full explanation of your problem and what you
    have done to date in one of the below expert forums...

    { Please - Do NOT post the HJT Log here ! }

    Forums where you can get expert advice for HiJack This! (HJT) Logs.

    NOTE: Registration is REQUIRED in any of the below before posting a log

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://www.malwarebytes.org/forums/index.php?showforum=7

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/index.php?showforum=18
    http://aumha.net/viewforum.php?f=30
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13
     
    David H. Lipman, Jun 24, 2010
    #7
  8. Sometimes you have to scroll down.
    Does it happen when you run IE with no add-ons?
    Probably not a virus, have you tried the HiJackThis Forums?
     
    FromTheRafters, Jun 24, 2010
    #8
  9. CENTRINO

    David Kaye Guest

    I use CCleaner for just such purposes. I would not recommend any other
    "registry cleaner" software at all. But CCleaner appears to be fine.
     
    David Kaye, Jun 24, 2010
    #9
  10. CENTRINO

    peonyparker

    Joined:
    Dec 24, 2010
    Messages:
    3
    Likes Received:
    0
    I have some strange things in Windows XP mode. I did update my Norton anti-virus installed on the XP virtual machine. There is a problem, the update (it needs to restart and shut down the virtual machine, but it does not restart itself). So I started doing crafts, and face a pop-up uninstall Norton Antivirus.
     
    peonyparker, Dec 24, 2010
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.