What infection might these "symptoms" indicate?

Discussion in 'Virus Information' started by Garret Swayne, Jul 6, 2004.

  1. I'm posting this in behalf of a friend of mine whose computer seems infected
    with a worm or virus of some sort. Here are the "symptoms":

    1. Somehow her Internet Exporer is prevented from visiting the Norton or
    McAfee websites for help. Whenever she navigates to one of these anti-virus
    sites, she gets a "This page cannot be displayed" error. She can visit
    other sites on the web, but not these anti-virus sites. We haven't tried
    them all, just the two primary ones I know of--Symantec (Norton) and Network
    Associates (McAfee). And the sites are not just "down". I check with my
    non-infected computer, and those websites display fine. But she can't from

    2. I got her a copy of Norton Anti-Virus 2004 and installed it on her
    machine (a Sony Vaio lapton running Windows XP home edition). Supposedly,
    it installed fine. But whenever we'd try to execute the AntiVirus program
    or the Live Update program, it would open a window and start executing, but
    then the window would unexpectedly and inexplicably close. Like the program
    was being internally terminated by something.

    3. She's noticed some other odd behaviors but can't exactly describe them.
    But outside of what's mentioned above, her computer seems to function fairly
    normally. She can get her email, she can surf the web, just not the sites
    mentioned above. But she's scared to do any of that because she doesn't
    have any functioning AV protection.

    Do any of you AV experts out there know what kind of infection might cause
    symptoms like these? We installed Norton Anti-virus software, but the
    apparent infection is not allowing it to execute! What shall we do? I
    presume the first step is to identify and get rid of the current infection
    which seems to prevent the AV software from running. Is there a way to
    maybe boot up her computer in DOS and run the AV program from DOS? But if
    this infection is a very recent one, the AV program running under DOS
    wouldn't be able to detect or fix it unless the program could first obtain
    the most recent file updates. And there's no easy way to get the computer
    to go online and do that under DOS, correct?

    Anybody have a solution? Or can you point us to where we might be able to
    find a solution? Any help or advice would be most appreciated.

    Garret Swayne

    Garret Swayne, Jul 6, 2004
    1. Advertisements

  2. Try to download the McAfee Stinger program, which can be downloaded from
    this site: http://vil.nai.com/vil/stinger/

    It'smost likely the "hosts" file blocking her from visiting any
    anti-virus software websites. More information about "hosts" file at
    this website:
    Jurren Bouman, Jul 6, 2004
    1. Advertisements

  3. Garret Swayne

    Brian Guest

    1. Try connecting to http://housecall.antivirus.com/housecall/start_corp.asp
    where, if it will connect, you can run an online virus check.
    2. Make sure there is no firewall on her machine that needs to be configured
    for the blocked sites.
    3. Run Windows in 'Safe Mode' (by pumping F8 during bootup and then
    selecting Safe Mode from the list) and then run the anti virus software.

    Brian, Jul 6, 2004
  4. Garret Swayne

    Tom R Guest

    This is my standard answer to people that ask me what to
    do about an infected computer, they don't have to be done
    in this order but I've found it works best.

    Install Zone Alarm "Free"

    Here is a link to the Zone Alarm home page so you can read some more about

    I would download and run Ad-Aware, (free) be sure to update it after you
    install it. http://www.lavasoftusa.com/software/adaware/

    You should also run Spybot Search and Destroy, (free)
    Run both Ad-Aware, and Spybot at least once a week if you do a lot of
    They both need to be updated every once in awhile. They do the same thing,
    one of them will find stuff that the other one don't

    This is just to be sure that nothing got by Norton's, I don't think
    any anti-virus program will catch everthing, there are too many
    new virus's for any one company to keep up.

    Then run at least one of these free online virus scan programs,

    RAV http://www.ravantivirus.com/scan/

    Panda: http://www.pandasoftware.com/activescan/

    BitDefender http://www.bitdefender.com/scan/license.php

    After you are sure the machine is clean, download and install
    SpywareBlaster(free) to help keep it that way,
    be sure and click the "Update" button after you install it.
    You should be able to do this now, while the computer is new.


    Good Luck, Tom
    Tom R, Jul 6, 2004
  5. Just a thought: if these are the only 2 site you can't get to try for google
    and get to them through google.
    Bullwinkel J. Moose, Jul 6, 2004
  6. Garret Swayne

    Vladesch Guest

    Search for a file(s) cales HOSTS
    Delete all but localmachine
    Its terminating Nortons.
    Try running in safe mode (hit f8 on startup), or disable the virus in
    startup with msconfig.
    Sometimes they are hard to spot. They use names like WINMGR or MSRUN etc etc
    to try and fool you.
    This is pretty standard for many worms.
    Run the latest patches, turn on the firewall.
    Vladesch, Jul 6, 2004
  7. www.grisoft.com has AVG which should fix the problem provided she has
    a firewall program as well. She probably has the Padabot.P virus along
    with qhosts, Sasser and some others. If she is that infected you
    should get at least two of the spyware removal programs that are
    available for free.

    I had the exact same problems and with the latest AVG I was able to
    get rid of it and with the help of Spy Sweeper get rid of some
    suspicious residuals.

    9th Commandment, Jul 7, 2004
  8. Garret Swayne

    Cliff Wragg Guest

    Yes....I have a friend with exactly the same problem.

    Eventually, we found that he had 4 trojans on board (BOClean was the
    only program that could catch them). They were: wserv32, pornkey,
    keylogger and netsky.

    One or all of them shut down all the protection such as ZoneAlarm and
    Norton and AVG.

    After many attempts to cure the problem, we had to reformat the drive
    and reinstall XP. The damage was too great. Even then, I had to do it
    twice because first time I reimported the rogue emails when I restored
    his data. (I needed to scan the back-up CD and avoid the culprits)

    Good luck

    Cliff Wragg, Jul 7, 2004
  9. On Wed, 7 Jul 2004 18:22:26 +0000 (UTC), Cliff Wragg
    I'd re-phrase that as: XP's maintainability was too useless. Unless
    you're talking about payload damage?
    This highlights the importance of clean, pure data backups.

    You have to dance around:
    - email apps that hide attachments in mailboxes (most of them)
    - MS duhfaults that use "My Documents" for IE, MSN etc.

    No, perfection is not an entrance requirement.
    We'll settle for integrity and humility
    cquirke (MVP Win9x), Jul 11, 2004
  10. Garret Swayne

    a. chalupa Guest

    I'm battling the same exact issue. One thing to consider is using a
    program call HiJaak This it's a spyware application. There are some
    notes on what to do at www.spywareinfo.com which is a great spyware
    resource. Go into the forums area and do a search on Qhosts you'll
    find a few articles on where to go and what to remove when using the
    hijaak program. BTW hijaak is a very small app and should be used
    cautiosly as not all it reports is necessarily bad but very thourough
    in telling you whats loading on your computer.

    Like you I have repeatedly loaded NAV 2004 and only get one good run
    out of it until a reboot then everything goes south and quits working.
    Refer to the above webstite and search out the details you should get
    the tips you need.

    Im going to try tonight to finally rid the computer of it and will
    post my findings.
    a. chalupa, Jul 27, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.