Results 1 to 5 of 5
  1. #1
    3 Star Lounger baumgrenze's Avatar
    Join Date
    Feb 2001
    Location
    California, USA
    Posts
    262
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Some URLs Report as Not Found

    I am running XP-Pro SP3, fully patched as far as I know. Belarc found no missing hot fixes yesterday.

    I normally use Mozilla SeaMonkey, (Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110706 Firefox/5.0 SeaMonkey/2.2) as my browser. I do have IE 8.0.6001.18702 installed, but seldom use it. I also keep Google Chrome available and up to date and have version 13.0.782.107 m.

    I connect to the web via a SpeedStream 5360 DSL modem (060 5360 001 provided years ago by Earthlink. Two PCs are attached via Cat5e cable to a Netgear MR814v2.

    Everything has worked OK (if slowly - the outside plant to my central office is compromised with many bridge taps, but they do not compromise voice traffic so AT&T reports that they are in compliance) until recently. Now one computer, mine, is having difficulty reaching some URLs on the web, e.g., Yahoo.com, NOAA.gov, and Bing.com.

    I ran AdAware recently and it quarantined Win32.ToolbarZugo[1497] and Win32.ToolbarZugo. I noticed that when I attempt to load IE since the most recent update from MS it was attemping to reach

    http://www.bing.com/?pc=ZUGO&form=ZGAPH

    I poked around and managed to change the home page option to about:blank. IE no longer looks for bing. I can open Google, but not the above listed URLs. I can ping Yahoo at [209.191.122.70] with a delay of ~100 ms. When I try to reach NOAA.gov at [140.90.200.21] or bing at [65.55.175.254] all requests time out.

    Has anyone any insights into why I've been cut off from them?

    Thanks,

    baumgrenze
    Baumgrenze
    Hier sind wir tief eingewurzelt.

  2. #2
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    It sounds like you have a Browser Hijack infection.

    I'm not aware of the toolbar you mention, but it sounds suspiciously like an adware toolbar common a couple of years ago. I would run a full scan using Malwarebytes AntiMalware after first updating it. Clean up anything it finds. It may be necessary to run Malwarebytes in SafeMode to prevent any infection from loading first.

    Also check your hosts file in C:\Windows\System32\Drivers\etc\ Open the hosts file in notepad and verify there have been no changes to it. There should be no re-directions or urls other than your own 127.0.0.1 loopback IP.

  3. The Following User Says Thank You to Tinto Tech For This Useful Post:

    baumgrenze (2011-08-08)

  4. #3
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,796
    Thanks
    117
    Thanked 799 Times in 720 Posts
    After following Tinto's excellent advice, go to Control Panel > Internet Options> Connections tab and click on the Lan Settings button and make sure the box next to Use a proxy server.... is not checked.

    Jerry

  5. The Following User Says Thank You to jwitalka For This Useful Post:

    baumgrenze (2011-08-08)

  6. #4
    3 Star Lounger baumgrenze's Avatar
    Join Date
    Feb 2001
    Location
    California, USA
    Posts
    262
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Tinto and Jerry,

    Thank you for your advice. The Hosts file and the Lan Settings were both OK. I downloaded the free version of Malwarebytes Anti-Malware, updated it and ran a quick scan. Even after rebooting, my machine still fails to open my local NOAA.gov forecast and although it opens "https://login.yahoo.com/config/login_verify2?" and allows me to go through the login process, it fails to find Yahoo.com.

    During the scan, Avast reported blocking a Trojan Horse, Win32efmid [Trj] (that smiley is really a colon_D but I can't see how to turn it off) in dowloads\InstallSecurityCenter_329.exe and moved it to the chest. It spotted it during the Process:C:\Program Files\Malwarebytes'Anti-Malware\mbamexe, so I may have to disable my Avast to run the Malwarebytes software properly. Below is the full log.

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    f:\my documents\downloads\installsecuritycenter_329.exe (Trojan.FakeAlert.PGen) -> No action taken.
    f:\my documents\downloads\installsecuritycenter_885.exe (Trojan.FakeAlert.PGen) -> No action taken.

    I thought I asked the program to act on the items detected. I just reran it and came up with this log, so perhaps it did what I intended:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7413

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/8/2011 10:31:02 PM
    mbam-log-2011-08-08 (22-31-02).txt

    Scan type: Quick scan
    Objects scanned: 162423
    Time elapsed: 3 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Should I run a complete scan?

    Does anyone have a current website that is a good place to post a TrendMicro HijackThis log? I did some research on this today and found that of the two suggestions in CNET's 2008 review, one is completely shut down ('legitimate' malware creators threatened a community of volunteers with legal action) and the other was sold and is now owned by a 'legitimate' malware producer.
    Last edited by baumgrenze; 2011-08-09 at 01:45. Reason: Persistent Smiley - Unresolved
    Baumgrenze
    Hier sind wir tief eingewurzelt.

  7. #5
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    From your reply, it does seem that you have picked up a fake antivrus infection.

    Review and print out the process in this post.

    Implement that process step by step. In particular, pay attention to booting in SafeMode Without networking and returning to that mode after the re-boot from System Restore.

    When complete, you should be clear of the infection.

    ....and yes, it's always best when you have an indication of an infection to run a full scan rather than the quick scan.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •