hello, having a problem with xp mce box, all popular AV sites redirected,windowsupdate blocked, spybot will not install or run under its original name, definitions will not download. I have installed spybot and symantec AV and manualy updated the def's . found problems and spybot fixed them, still cannot update windows and av sites still redirected. any help would be appreciated
--mark

This sounds like a Zlob infection. Don't worry a malware fighter will help you get cleaned up.
--
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
--

thanks, finaly got it fixed I used combofix

I 'd recommend a full scan with an updated AV
FOR A SECOND OPION I'd run an F-Protect scan
F-Protect is one of the few not blocked by a current baddie

and a boot time scan with an updated Spybot with today's Beta definitions
quarantine any hits- do not remove/delete

If you can't get spybot to run or would like a second opinion try Malware Bytes Anti Malware and/or Rogue Remover- it has been effective on some of the current baddies

post up a hjt anyway- let's make sure you are clean
read all the stickies in the Malware removal forum first
link back to this thread

as you may have noticed combo-fix sometimes has to be run again with a text file as input
BVVC

@wyrmrider, not sure if this might apply :clown:
--
http://forums.spybot.info/showpost.php?p=16905&postcount=2
--
Don't be mad if I'm saying this (above).

sparkness, I wouldn't suggest running Comobofix without supervision. You have not started a thread yet.

Of course it applies
OP ran Combo fix on his own
I recommended a follow up HJT in the malware removal forum where he could get the appropriate supervision
I hope he does not have other baddies hiding in his system- but would not put money on it

...I'd run an F-Protect scan
F-Protect is one of the few not blocked by a current baddie

If you can't get spybot to run or would like a second opinion try Malware Bytes Anti Malware and/or Rogue Remover- it has been effective on some of the current baddies...

Okay. No further questions. I read in another thread... a Malware Fighter in the Malware Forums will instruct them for a HiJack log or Combofix Log. The instructions are all in the 'Before You Post' link, right? :alien:

you can read the stickies in the malware removal thread and I obviously need to re-read them
I've always run ccleaner and a couple of AV scans and a safe mode spybot scan prior to malware removal and HJT posting
may or may not be the right thing to do

I think that running combo-fix prior to first post/hjt is discouraged
the helper may want to run something else prior to combo fix
but then there is always the poster who runs everything including an automated HJT FIX
good luck removing any missteps
The other big problem is posters replying to their own first post in Malware Removal- they will be overlooked

Again, please read the stickies, that way no one has to guess. ;)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)

http://forums.spybot.info/showpost.php?p=16905&postcount=2

thanks, machine is good and clean. ran several scans with sav and spybot with up to date defs, will check out the progies mentioned
I apologize for posting in the wrong forum
--mark

spark
thanks for checking in
the infection you had
you may have removed the symptoms and still have a disease floating around
do read the stickies and post up that HJT in the malware removal forum if you want to know for sure
incidentally
do not run CCleaner or similar (or any more FIXES) till told to by the helper
It can remove logs useful to the helper
we all learned something from your experience
keep in touch
wyrmrider