PDA

View Full Version : Spybot & MS Malicious Software Removal Tool won't run



jeth32
2009-04-22, 00:43
I have a similar problem to version one reported by another user.

Although my CA Security Suite appears to run OK, as well as AdAware, Spybot and the MS Malicious Software Removal tool do not.

When I tried to run Spybot, nd tried to get the most recent signature definitions, I got a message that I couldn't connect to the server. I tried uninstalling Spybot and downloaded a fresh copy. But when I tried to install it again, I got the same message during the installation process that it couldn't connect to the server.

The MS Malicious Software Removal Tool fails in this fashion: After downloading the most recent version, when I try t run it, I see the popup that it is extracting something. But the status bar doesn't complete and the popup disappears and then nothing else happens.

So it looks like something is intercepting my attempts to access at least these two sites.

Thanks.....

pskelley
2009-04-23, 20:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.
It's been a while since you posted last, one thing that has not changed is the need to read and follow the directions, then post a HijackThis log. I can not begin to tell if I can help without that being done.

If Spybot will not run, let us know, if you were trying to run Microsoft® Windows® Malicious Software Removal Tool, possible malware is blocking tools. Look at this test for Conflicker and let me know the results:
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Thanks

jeth32
2009-04-23, 22:47
Thanks for response......I have actually been contacted by email three times as well.

I apologize for not including the HiJackThis file the first time, but two copies are in the problem stream now

Here's what has transpired so far:

BTW, I had already run the Conflicker eye chart and all six images were displayed properly.

I am unable to access most of the safer-networking sites although I did get the separate updates file.

I tried uninstalling and then a fresh install of Spybot but that failed trying to access the web site. One of the responses suggested I unheck the option to download updates during installation. That allowed the installation to complete, and then I ran the separate updates file OK.

However, Spybot causes a Windows error popup; the full set of error popups have been forwarded via email to the helper who provided the installation fix.

When I ran HiJackThis the first time, I noticed a number of references to the Ask and Google toolbars. I uninstalled both, but some portion of Google stuff still remains. Then, Firefox stopped giving me random redirects when trying to access safer-networking.org, and just returned the page not found like the other browsers.

I reran HiJackThis and submitted that in the last email response.

One suggestion was to get a Root Analyzer, but that link to the spybot site also returns a page not found. I found other reviews of that tool, but they all had the same links to the spybot site, and failed as well. I asked the last helper if the file could be attached to an email instead.

My current AV program is the CA Security Suite. I previously had used Avast and then switched to Zone Alarm (free, then paid) for a couple of years. Two years ago when I coudn't find ZA locally, I purchased the CA suite, and this year used the same suite which is provided free from Optimum Online.

I downloaded Avast again, and right now it is doing a scan at boot time.
Hopefully, it will complete later today. :sad:

It does appear that there is something that is blocking access to some security sites similar to Conflicker, but the simplified eye chart test didn't fail.

Thanks,
Joe (work from laptop while failing machine is running Avast)

pskelley
2009-04-24, 00:04
I tried to read everything you said. It is very unlikely that you have Conflicker but there are rootkit infections that are blocking malware removal tools and I am not surprised they got around to MSRT. I appreciate that you are receiving other information, and would prefer to let who ever is helping you continue. I would be glad to close this thread for you, just let me know.

Thanks

jeth32
2009-04-24, 04:30
Thanks for followup response,

As you suggest, since I have also received several emails on this matter (Ticket: 972116178), you can probably close this thread in the forum.

The other ticket specifically related to the inability to do a fresh install because I am still unable to access the SpyBot site. But unchecking the option to download updates during the install and then installing them separately worked.

I still can't access the site, but after uninstalling both the Ask and Google toolbars, Firefox doesn't get random redirects, and it reports the page not found as the other browsers did.

While waiting for a response about another way to get the RootAlyzer, I tried going back to an old friend, Avast, and let it run it's checks. It's odd that the first time it ran it found 12 infected files, and the second time another 10 even though no changes were made to the system between runs.

There are some very strange files listed, with long cryptic filenames in the Windows/System32/drivers directory. According to Avast, they have been moved out of harm's way, but I still can't access www.safer-networking.org.

I'll pass this information along when I get the next response to the email thread.

Thanks again for your response,
Joe

04/23/2009 13:56
Scan of all local drives

File D:\autorun.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
File D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1402\A0525995.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
File N:\Autorun.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
File C:\autorun.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
File C:\Documents and Settings\Administrator\Desktop\Flash drive utilities\SonyPortable\PortableApps\PuTTYPortable\App\putty\putty.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\MyApps\Play at Joe's\The Sudoku Challenge Collection\Update The Sudoku Challenge Collection.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File L:\autorun.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
File L:\MP3com\PCDJ\pcdj.exe is infected by Win32:Spyware-gen [Trj], Moved to chest
File L:\MP3com\Tools\Pcdj\pcdj.exe is infected by Win32:Spyware-gen [Trj], Moved to chest
File L:\MP3com\Tools\Pcdj\phatfull.exe is infected by Win32:Timesink [Trj], Moved to chest
File L:\MyApps\SendMail\SendMail.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File M:\autorun.inf is infected by BV:AutoRun-T [Wrm], Moved to chest
Number of searched folders: 30995
Number of tested files: 374057
Number of infected files: 12

----------------------------------------
04/23/2009 18:29
Scan of all local drives

File C:\WINDOWS\system32\drivers\gxvxcadmlaboyidqcmyrixnalkyjkdsboykxj.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcirvmpiukhbmtlwlnqrxfqpgclqpsxwba.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcjewsqrxfmltxjxbodrudomppkrduybir.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcjynkctvxunaoexyfdxisfnmtblfdekxx.sys is infected by Win32:Alureon-W [Trj], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcmnwoeyodvwpyeqsjkkyltaitfnsdoucb.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcmuirkcxejbgomhltowqowxlofmloavqs.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcqmcnrvkftpxnxoipjynapjyuhhbguvtx.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcxjgwkrxdqesbpjnaoyrgdlkmkkydtyky.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcyvvrobhocdlfmikmpsxmlisoibnvjwpr.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
File C:\WINDOWS\system32\drivers\gxvxcyxbwqjbavtgoboevmrqmoiqpwrmhcvnm.sys is infected by Win32:Alureon-R [Rtk], Moved to chest
Number of searched folders: 29340
Number of tested files: 360467
Number of infected files: 10

pskelley
2009-04-24, 13:46
As you suggest, since I have also received several emails on this matter (Ticket: 972116178), you can probably close this thread in the forum.

Thread is closed, if you find you need the Malware Removal forum, start a New Thread here:
http://forums.spybot.info/forumdisplay.php?f=22
Please make sure you follow the "Before you Post" instructions if you post.

Thanks