I have a computer that had been infected with various spyware and virus. Now, it seems that everything has been cleaned up, but there is still a problem. I cannot go to windowsupdate.microsoft.com. IE8 says it cannot display the web page. I can resolve the name to an IP if I ping, (Windows Update doesn't return pings), and nslookup on that machine finds the IP address for the A record. Other web sites work fine.

Any thoughts would be greatly appreciated.

Jeff Peterson

Hello jeffpeterson,

I have a computer that had been infected with various spyware and virus.
Do you recall the infections? Please let us know the operating system and which tools were used in the cleanup.

Best regards. :)

XP/SP3 Had lots of trouble with this one. I am a computer professional, and this is my friends niece's computer which had no AV at all. Here is what I have done so far:

1. Turn off System Restore.

2. Install McAfee Enterprise 8.5.0i from work. Yes it is a violation, but I will deal with that later. I was able to update to latest DAT. Scan found several copies of FakeAlert-MK and deleted them. I ran the scan with the network disconnected.

3. Installed Spybot from USB, and was able to update. Found Fraud.sysGuard, Gamevance.PlaySushi. Fixed all.

4. System still running funny, so I DL and installed SP3 again. Upon reboot, McAfee fiound one more virus attached to the io controller, and I can't find it in the logs.

5. Ran Spybot again, came up clean, but still cannot go to Windows Update. Trying to backdoor into Microsoft Update yields 0x80072eff error.

6. Downloaded AdAware, but the download failed very quickly. Installed it off of USB, and it was able to update. It ran and found not-so-nefarious stuff.

7. Pulled more hair out.

8. Posted here.

Hello jeffpeterson,

Please follow the instructions in this link to post a preliminary HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) copy paste the log into it and include the information that you gave here.

Helpers should know that system restore was turned off. Also about the McAfee (http://forums.spybot.info/vbglossar.php?do=showentry&item=McAfee) Enterprise, else they won't know this is a personal computer and not one in the workplace. :)

If HJT won't run please start a new topic anyway, make note of the situation and a volunteer analyst will advise you when available.

Best regards.