Questions

AVG, Spybot, Ad-aware, CounterSpy all unable to update !

+
0 Votes
Locked

AVG, Spybot, Ad-aware, CounterSpy all unable to update !

missfluffy_
Hi there all,
Hope you can help.
Recently I've been having major issues with my pc. I'll outline them and then list what i've done to try and solve the problem. I'm running XP on a Dell dimension 5100, and using SKY broadband with router (not wireless).

Issues:
- on startup my internet connect seems to have issues aquiring network key (?) and to get the internet to work I have to disable then enable it again. (Or click 'repair').

- Also sometimes on startup it completely hangs at the stage of getting the net on, and avg running an update. I can't even cntrl/alt/del and have to power down at the switch. Doesn't happen all the time though.

- when I've fixed the net connection temporarily, the IE brower's being buggy. Sometimes it crashes completely when I first load the browser window, and other times my links are occasionally hijacked. I've run all my spyware programmes in their out of date status and only really found simple tracking stuff. Ran a Hijackthis and got rid of some more mostly simple stuff (after analyzing the log) and one potentially bad threat. Also tried CWShredder thing and nothing found. Did find a browser hijacker a few days ago, but removed it then and the problem persists. Have also deleted all cookies/temp folders/cache etc.

- my avg, counterspy, ad-aware, spybot s&d can't seem to 'see' the net for updates even though I've got access. I've tried uninstalling avg (and others) and reinstalling but no effect.

At the moment I'm using firefox as it seems slightly more stable that IE, however it did go to a wrong hijacked link only ten minutes ago, so isn't totally 'right'. I'm debating a complete wipe of the system (advised by my brother), but would rather solve the problem, not start from scratch.
Hope someone out there has experienced this and can help?
I looked up the W32Bagel that I found as a suggestion on this site, but as system date is obv after 28 jan 2004 then it would seem to not apply.
Am currently scanning my system with TREND MICRO housecall 6.5 online scanner as I type, hoping in the vain hope that it might come up with the goods.
  • +
    0 Votes

    try

    Wizard-09

    Starting the system in safe mode, disbale system restore, then boot into safe mode then run spy bot and avg and the like once you find something and cleaned it out do this over and over to you find nothing

    Keep us informed as to your progress if you require further assistance.

    If you think that any of the posts that have been made by all TR Members, have solved or contributed to solving the problem, please Mark them as Helpful so that others may benefit from the outcome.

    +
    0 Votes
    missfluffy_

    Hey thanks for the replies..
    I'd like to ask, why in safe mode? Is it purely if I delete something I shouldn't? Or does it delete stuff on a more permanant level? I've been running all my cleanup malware software stuff in normal mode.

    +
    0 Votes
    IC-IT

    not all drivers, services, and startup items load. So basically it gives you more of a chance to delete any files while they are not in use.

    You may also want to locate your HOST file. Open it with Notepad to see if any of the anti-virus ip's are being routed back to your 127.0.0.1 address.
    If you change anything, don't forget to saveas - any file rather than a txt file HOST has no extension.
    Path to find HOST;

    C:\WINDOWS\system32\drivers\etc

    +
    0 Votes
    missfluffy_

    Hey at least I've one part of my pc that seems good

    +
    0 Votes
    Snuffy09

    Download/Install malware bytes (change the name when you install it, some nasties will not let you install if they pick up on the name) - run in safe mode. I have noticed that this program has found a lot of crap that the others do not.

    Smitfraudfix was a good tool to use for getting rid of viruses like "Antivirus2009" make sure you rename this app to.

    Also try to get your hands on the 3.22 version of the ultimate boot cd. its a great way to clean up your computer because it boots on its own Operating system & 100mb Partition from cd

    +
    0 Votes
    missfluffy_

    I've already tried malwarebytes - running it again just to make sure.
    I'll look into that other one now.
    Thanks for the tip!

    +
    0 Votes
    Jacky Howe

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Click Start, Run type msconfig and press Enter.

    Now if you have the Configuration Utility open.
    Configure selective startup options
    In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
    Click to clear the Process SYSTEM.INI File check box.
    Click to clear the Process WIN.INI File check box.
    Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
    Click the Services tab.
    Click to select the Hide All Microsoft Services check box.
    Click Disable All, and then click OK.
    When you are prompted, save the settings and restart the PC.
    When the System is disinfected re-run the Configuration Utility and in the System Configuration Utility dialog box, click the General tab, and then click Normal Startup.

    Download Malwarebytes Anti-Malware, install it and update it.

    Click this link<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>malwarebytes</u></a>


    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.

    Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.

    Click this link <a href="http://www.bitdefender.com/scan8/ie.html" target="_blank"><u>bitdefender</u></a>

    If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.

    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    Also run this Rootkit Revealer GMer

    Click this <a href="http://www.gmer.net/index.php" target="_blank"><u>gmer</u></a>

    FAQ

    Click this <a href="http://www.gmer.net/faq.php" target="_blank"><u>link</u></a>

    BleepingComputer
    Click this <a href="http://www.bleepingcomputer.com/malware-removal/" target="_blank"><u>bleepingcomputer</u></a>

    Update your Antivirus software.
    </br>

    +
    0 Votes
    missfluffy_

    Thanks for all this info.
    I'm still working on the problems.
    That was a genius idea to download an updated version of spybot on another pc.. am doing it as i type! Will post further when I've tried more.
    Thanks again everyone

    +
    0 Votes

    You intentions are good but it will take you forever to correct them. The best option is to completely wipe your drive, and when i mean wipe it means wipe.
    Killdisk is what you want to use because of your problems. This way it will be faster and cleaner for you.
    Download here:
    http://www.killdisk.com/

    This will take up to at least four hours to do. Save any photo's and any data that you will need. Burn killdisk to cd and re-boot your computer. When done wiping, load on your operating system and then motherboard drivers, next your AVG, and keep this up to date.
    Hope all goes well.

    +
    0 Votes
    missfluffy_

    I think we are coming to the 'kill the whole thing' point. Which I would have done sooner perhaps if I had all my OS disks etc to hand. Trouble is I've got a preloaded Dell, so it's going to be a bit of a mare getting all the disks.
    SIGH

    +
    0 Votes
    NormH3

    Sometimes these things make changes to the HOSTS file. It could be a reason you aren't getting updates. look for entries similar to this

    127.0.0.1 www.symantec.com

    To find HOSTS browse to \Windows\system32\drivers\etc

    You can peek at it with wordpad.

    +
    0 Votes
    tstreich

    Just wanted to let you know that I've had the best result clearing up infected pcs with Avast Anti Virus. During the install it will ask you if you want to schedule a boot time scan. I usually tell it no at that time and let it finish the install process, then do all the updates, THEN schedule the boot time scan (can take up to 1 1/2 hours) and everything is Peachy in Margaritaville. You should probably go ahead and just accept the defaults and let it scan before trying to update since your other AV/antispyware programs don't want to update either. I would definitely try this before wiping the hard drive and dealing with those hassles.

    Good Luck!!!!!

    +
    0 Votes
    DHCDBD

    The Conflicktr worm exhibits this behavior. All AV asserts that they catch this worm, most catch one variety or the other, but none that I know of catch all six variants that are currently known. The latest variants are the most difficult to remove. You can be infected via drive by payloads from infected sites. There is a Cert advisory.

    You have two options:
    One, DL Malwarebytes, install and run from safe mode with networking off the first time and networking on the second time.

    Two, complete OS reload.

    Which is more time consuming depends on what you have on you computer. If you do an OS reload, back up the files you want to save in documents and settings, but not the entire document and settings folder because this is one of the places it hides. If you back up to a USB drive scan it before restoring your saved files.

    +
    0 Votes
    pella.sp

    I have the exact same problem. None of avg, spybot or ad-aware will update but now my browser seems hijacked as well. I can only access very few sites and everything else seems to redirect to dodgy sites. I cannot even access malwarebytes.org to get the software, and when I try to run safe mode my arrow keys won't move to even select it!

    i am at my wits' end...

    +
    0 Votes
    Jacky Howe

    any of the instructions that have been provided in the other posts.

    +
    0 Votes
    pella.sp

    .. but they all suggest going to safe mode for all of these. As I mentioned, my arrow keys seemed to freeze and refuse to work in order to even select safe mode. I tried doing a system restore to a week prior but when I select the date and hit "NexT" nothing happens.

    +
    0 Votes
    Jacky Howe

    You could add the Drive as a Slave to a PC or a USB enclosure and run your AV scans, if that isn't working then copy off the Data. Another alternative is to use a Linux CD to burn the Data to or to copy it elsewhere.

    http://www.pclinuxos.com/index.php?option=com_ionfiles&Itemid=28


    You will have to determine the Hard Drives physical size and data connectors before purchasing a USB Enclosure. If it is from a Notebook then it will be 2.5" and if it's from a Desktop it would normally be 3.5".
    The Data connectors can be either IDE 40 pin or Sata. IDE is a wide/flat ribbon cable with either 40 or 80 wires where Sata is a thin plastic cable with thin connectors.
    Check this when you remove the drive.

    When you have all of your Data rebuild the OperatingSystem.

    Edit: format

  • +
    0 Votes

    try

    Wizard-09

    Starting the system in safe mode, disbale system restore, then boot into safe mode then run spy bot and avg and the like once you find something and cleaned it out do this over and over to you find nothing

    Keep us informed as to your progress if you require further assistance.

    If you think that any of the posts that have been made by all TR Members, have solved or contributed to solving the problem, please Mark them as Helpful so that others may benefit from the outcome.

    +
    0 Votes
    missfluffy_

    Hey thanks for the replies..
    I'd like to ask, why in safe mode? Is it purely if I delete something I shouldn't? Or does it delete stuff on a more permanant level? I've been running all my cleanup malware software stuff in normal mode.

    +
    0 Votes
    IC-IT

    not all drivers, services, and startup items load. So basically it gives you more of a chance to delete any files while they are not in use.

    You may also want to locate your HOST file. Open it with Notepad to see if any of the anti-virus ip's are being routed back to your 127.0.0.1 address.
    If you change anything, don't forget to saveas - any file rather than a txt file HOST has no extension.
    Path to find HOST;

    C:\WINDOWS\system32\drivers\etc

    +
    0 Votes
    missfluffy_

    Hey at least I've one part of my pc that seems good

    +
    0 Votes
    Snuffy09

    Download/Install malware bytes (change the name when you install it, some nasties will not let you install if they pick up on the name) - run in safe mode. I have noticed that this program has found a lot of crap that the others do not.

    Smitfraudfix was a good tool to use for getting rid of viruses like "Antivirus2009" make sure you rename this app to.

    Also try to get your hands on the 3.22 version of the ultimate boot cd. its a great way to clean up your computer because it boots on its own Operating system & 100mb Partition from cd

    +
    0 Votes
    missfluffy_

    I've already tried malwarebytes - running it again just to make sure.
    I'll look into that other one now.
    Thanks for the tip!

    +
    0 Votes
    Jacky Howe

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Click Start, Run type msconfig and press Enter.

    Now if you have the Configuration Utility open.
    Configure selective startup options
    In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
    Click to clear the Process SYSTEM.INI File check box.
    Click to clear the Process WIN.INI File check box.
    Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
    Click the Services tab.
    Click to select the Hide All Microsoft Services check box.
    Click Disable All, and then click OK.
    When you are prompted, save the settings and restart the PC.
    When the System is disinfected re-run the Configuration Utility and in the System Configuration Utility dialog box, click the General tab, and then click Normal Startup.

    Download Malwarebytes Anti-Malware, install it and update it.

    Click this link<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>malwarebytes</u></a>


    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.

    Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.

    Click this link <a href="http://www.bitdefender.com/scan8/ie.html" target="_blank"><u>bitdefender</u></a>

    If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.

    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    Also run this Rootkit Revealer GMer

    Click this <a href="http://www.gmer.net/index.php" target="_blank"><u>gmer</u></a>

    FAQ

    Click this <a href="http://www.gmer.net/faq.php" target="_blank"><u>link</u></a>

    BleepingComputer
    Click this <a href="http://www.bleepingcomputer.com/malware-removal/" target="_blank"><u>bleepingcomputer</u></a>

    Update your Antivirus software.
    </br>

    +
    0 Votes
    missfluffy_

    Thanks for all this info.
    I'm still working on the problems.
    That was a genius idea to download an updated version of spybot on another pc.. am doing it as i type! Will post further when I've tried more.
    Thanks again everyone

    +
    0 Votes

    You intentions are good but it will take you forever to correct them. The best option is to completely wipe your drive, and when i mean wipe it means wipe.
    Killdisk is what you want to use because of your problems. This way it will be faster and cleaner for you.
    Download here:
    http://www.killdisk.com/

    This will take up to at least four hours to do. Save any photo's and any data that you will need. Burn killdisk to cd and re-boot your computer. When done wiping, load on your operating system and then motherboard drivers, next your AVG, and keep this up to date.
    Hope all goes well.

    +
    0 Votes
    missfluffy_

    I think we are coming to the 'kill the whole thing' point. Which I would have done sooner perhaps if I had all my OS disks etc to hand. Trouble is I've got a preloaded Dell, so it's going to be a bit of a mare getting all the disks.
    SIGH

    +
    0 Votes
    NormH3

    Sometimes these things make changes to the HOSTS file. It could be a reason you aren't getting updates. look for entries similar to this

    127.0.0.1 www.symantec.com

    To find HOSTS browse to \Windows\system32\drivers\etc

    You can peek at it with wordpad.

    +
    0 Votes
    tstreich

    Just wanted to let you know that I've had the best result clearing up infected pcs with Avast Anti Virus. During the install it will ask you if you want to schedule a boot time scan. I usually tell it no at that time and let it finish the install process, then do all the updates, THEN schedule the boot time scan (can take up to 1 1/2 hours) and everything is Peachy in Margaritaville. You should probably go ahead and just accept the defaults and let it scan before trying to update since your other AV/antispyware programs don't want to update either. I would definitely try this before wiping the hard drive and dealing with those hassles.

    Good Luck!!!!!

    +
    0 Votes
    DHCDBD

    The Conflicktr worm exhibits this behavior. All AV asserts that they catch this worm, most catch one variety or the other, but none that I know of catch all six variants that are currently known. The latest variants are the most difficult to remove. You can be infected via drive by payloads from infected sites. There is a Cert advisory.

    You have two options:
    One, DL Malwarebytes, install and run from safe mode with networking off the first time and networking on the second time.

    Two, complete OS reload.

    Which is more time consuming depends on what you have on you computer. If you do an OS reload, back up the files you want to save in documents and settings, but not the entire document and settings folder because this is one of the places it hides. If you back up to a USB drive scan it before restoring your saved files.

    +
    0 Votes
    pella.sp

    I have the exact same problem. None of avg, spybot or ad-aware will update but now my browser seems hijacked as well. I can only access very few sites and everything else seems to redirect to dodgy sites. I cannot even access malwarebytes.org to get the software, and when I try to run safe mode my arrow keys won't move to even select it!

    i am at my wits' end...

    +
    0 Votes
    Jacky Howe

    any of the instructions that have been provided in the other posts.

    +
    0 Votes
    pella.sp

    .. but they all suggest going to safe mode for all of these. As I mentioned, my arrow keys seemed to freeze and refuse to work in order to even select safe mode. I tried doing a system restore to a week prior but when I select the date and hit "NexT" nothing happens.

    +
    0 Votes
    Jacky Howe

    You could add the Drive as a Slave to a PC or a USB enclosure and run your AV scans, if that isn't working then copy off the Data. Another alternative is to use a Linux CD to burn the Data to or to copy it elsewhere.

    http://www.pclinuxos.com/index.php?option=com_ionfiles&Itemid=28


    You will have to determine the Hard Drives physical size and data connectors before purchasing a USB Enclosure. If it is from a Notebook then it will be 2.5" and if it's from a Desktop it would normally be 3.5".
    The Data connectors can be either IDE 40 pin or Sata. IDE is a wide/flat ribbon cable with either 40 or 80 wires where Sata is a thin plastic cable with thin connectors.
    Check this when you remove the drive.

    When you have all of your Data rebuild the OperatingSystem.

    Edit: format