Unable to Access Online Scanners

August 3, 2009 at 00:35:42
Specs: Windows XP, 1.25GB
I am not sure if this is a firewall problem or a virus problem but I cannot seem to access any online scanners such as trendmicro or eset. The mcafee site and microsoft sites are also inacessible. I managed to recently get a win32 virus; maybe that has something to do with it? Other sites such as facebook, google, yahoo and non-computer related sites seem to work. Can anybody help?

See More: Unable to Access Online Scanners

Report •


#1
August 3, 2009 at 06:37:51

Report •

#2
August 3, 2009 at 21:27:33
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

8/3/2009 7:12:48 AM
mbam-log-2009-08-03 (07-12-48).txt

Scan type: Full Scan (C:\|H:\|L:\|S:\|)
Objects scanned: 224092
Time elapsed: 42 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\FileNet\IDM\FileNet40.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\FileNet\IDM\FileNetRegConfig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\VRT504.tmp (Malware.Tool) -> Quarantined and deleted successfully.
c:\WINDOWS\temporary internet files\Content.IE5\KNLNUYJ5\152[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Thanks so much!


Report •

#3
August 3, 2009 at 21:33:24
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] HijackThis Log

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
August 3, 2009 at 21:54:35
I cant acess the page :S. Is there an alternative download link?

Report •

#5
Report •

#6
August 4, 2009 at 15:09:04
Ok thanks so much.

The link for the hijackthis log is:

http://rapidshare.com/files/2637816...

The link for the AVZ log is:

http://rapidshare.com/files/2637823...


Report •

#7
August 4, 2009 at 16:28:02
I just checked again but even after all that the online scanners are still inaccessible..

Report •

#8
August 4, 2009 at 17:00:12
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\System32\cscript.exe','');
 QuarantineFile('C:\WINDOWS\System32\wscript.exe','');
 QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
 QuarantineFile('C:\WINDOWS\System32\reader_s.exe','');
 QuarantineFile('C:\WINDOWS\system32\config\systemprofile\systemprofile.exe','');
 QuarantineFile('C:\WINDOWS\system32\config\systemprofile\reader_s.exe','');
 QuarantineFile('C:\WINDOWS\system32\config\systemprofile\Application Data\pridl\pridl.exe','');
 QuarantineFile('C:\AutoProtect\DrvMonitor.exe','');
 QuarantineFile('C:\Documents and Settings\mehtahj\reader_s.exe','');
 QuarantineFile('C:\Documents and Settings\mehtahj\mehtahj.exe','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\Ntfs.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\csco21p.sys','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\NDIS.sys','');
 QuarantineFile('c:\windows\system32\tnsnames_service.exe','');
 QuarantineFile('c:\documents and settings\mehtahj\reader_s.exe','');
 QuarantineFile('c:\windows\system32\reader_s.exe','');
 QuarantineFile('c:\program files\ipass\ipassconnect bp\downloader\ipccheck.exe','');
 QuarantineFile('c:\windows\system32\lgnserv.exe','');
 QuarantineFile('c:\program files\ipass\ipassconnect bp\ipcagent.exe','');
 QuarantineFile('c:\windows\system32\ibmpmsvc.exe','');
 QuarantineFile('c:\program files\enableproxy\enableproxy.exe','');
 QuarantineFile('c:\windows\system32\ccs.exe','');
 QuarantineFile('c:\insight\tools\aiclient.exe','');
 QuarantineFile('C:\WINDOWS\system32\AMINIT.dll','');
 DeleteFile('C:\WINDOWS\system32\Drivers\NDIS.sys');
 DeleteFile('protect.sys');
 BC_DeleteSvc('protect');
 BC_DeleteSvc('NDIS');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

3) Start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Upload virusinfo_syscheck.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

In your next reply, please include download links to the following:
[*] virusinfo_syscheck.zip

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question