Again, my computer would not download this program. The actual message was The connection was refused when attempting to contact devbuilds.kaspersky-labs.com
Previously the Kaspersky pack found, and I removed, these:
deleted: Trojan program Exploit.Java.Gimsh.a File: C:\Documents and Settings\James\Application Data\Sun\Java\Deployment\cache\6.0\62\70a93cfe-4f4000da
deleted: Trojan program Trojan.Win32.KillWin.iy File: C:\Program Files\EasyBits\KidsReady\Setup.exe
deleted: new threat not-a-virus:FraudTool.Win32.SpywareStop.gd File: F:\AntiSpyware BOT\setupxv.exe//AntispywareBot/SpyCleaner.dll
deleted: adware not-a-virus:AdWare.Win32.BiSpy.d File: F:\VCatch Basic\vcsetup.exe//WISE0027.BIN
deleted: adware not-a-virus:AdWare.Win32.IGetNet.a File: F:\VCatch Basic\vcsetup.exe//WISE0029.BIN
deleted: adware not-a-virus:AdWare.Win32.Ucmore.c File: F:\VCatch Basic\vcsetup.exe//WISE0030.BIN/UCMIE.DLL
deleted: adware not-a-virus:AdWare.Win32.Ucmore File: F:\VCatch Basic\vcsetup.exe//WISE0030.BIN/IUCMORE.DLL
but I’m still being denied access to some sites, redirected away from others, and cannot run restore, my (free) AVG, or my recently-installed Avast!
Thanks.
I suspect this is a trojan that has changed your DNS server settings.
The AVZ log has identified a few areas of concern but nothing concrete.
Can you post a combofix log as per these instructions please? :)
please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause your antivirus until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please upload it somewhere for me to review it. Then you can reenable your antivirus software.
Can you please change your DNS settings as shown in the article below:
https://www.opendns.com/smb/start/device/windows-xp
This will switch from the (probably comprimised) entries that the virus has left, to reliable DNS servers (which act as a map for your computer, when it wants to get to a website, give it dodgy servers and it can’t find where it needs to go)
Reboot after changing the settings and see if you can access Kaspersky.com and other security sites.
The combofix log would still be handy :)
It may not be that simple. This machine (a laptop) is one of three, all sharing the same domestic network controlled by one of the other machines. The laptop is the only one affected by this "virus": both the other machines are operating normally, including trouble-free internet access.
I’ll try to get you a CombiFix report, after which I’ll run a ‘solution’ now received from the laptop manufacturer.
Hello Baz
Here is my ComboFix report:
http://rapidshare.com/files/169510402/log.txt
Whatever else it did it seems to have restored Internet access, including allowing AVG to update and Restore to function again.
I am now about to run Deldisk from HP which will apparently let me use the recovery disks I made earlier.
I’ll get back to you later
