Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Dec 2014
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Internet access issues after malware removal

    I worked on a relatives laptop recently. This person wasn't careful reading the "small print" when they downloaded and installed games from the "net" so ended up with all sorts of malware on it. One of the irritating ones was was the browser search/homepage hijacking of Firefox and IE (Chrome not installed). I removed the URL addition to Firefox and IE's .exe but they were overwritten with it next time the were opened. I removed and re-installed Firefox and it still occurred so then installed Chrome but it suffered the same fate.


    Time to remove the various malwares so I ran Microsoft's Malicious Software Removal Tool, then Malwarebytes Anti-Malware followed by Spybot. Each of them found and removed malware but I still had one (who's name escapes me at the moment) running. I then tried SpyHunter 4 which found and removed it plus quite a few more that the previous 3 didn't find (in fact, it found so many that I was willing to pay for it rather than manually remove them).


    I then uninstalled Malwarebytes and Spybot and disabled SpyHunter from auto starting (to provide it's protection) as the laptop uses Kaspersky 2013 for firewall and antivirus protection


    All looked great, all 3 browsers worked well, no unnecessary programs (updater's, etc) running in background so back to owner.


    I then got a call to say that only IE could access the internet and that Skype and web based games wouldn't run (I didn't check them)!!! Why no longer working?


    I got the laptop back and sure enough it appears that something was blocking internet access to all but IE and Kaspersky (it can get AV updates). I ensured that Windows Firewall was still disabled (could not work out how to disable the Domain part or if this is used) and disabled Kaspersky (even re-installed it). I can ping the wide world, do DNS lookups etc, IE can download files. Occurs on both LAN and wireless connections.


    In case it was Windows related I ran Windows Repair (All In One) from Tweaking.com (http://www.tweaking.com/content/page...ll_in_one.html)


    I cannot find what is causing this issue and would appreciate any assistance before I resort to a re-install


    Note: I ran SpyHunter4 to check for malwares on two other laptops and a PC (all of which only had malware cookies) and they don't have an issue (as per the laptop with the issue, SH4 has been left to be run manually). There were some interesting comments in closed thread (SpyHunter 4: Good or bad?) about how good this product was with for's and against's as a malware removal tool (but nothing about my issue)

  2. #2
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,764
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Have you run sfc /scannow?
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  3. #3
    New Lounger
    Join Date
    Dec 2014
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry, I forgot to mention I did that before I ran Windows Repair (All In One)

  4. #4
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,656
    Thanks
    38
    Thanked 161 Times in 139 Posts
    The malware may have set a proxy address, this link shows how to fix that.

  5. #5
    New Lounger
    Join Date
    Dec 2014
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I had checked the Network Proxy setting via the Control Panel but wasn't aware of the registry setting so will look at.

    If it is proxy related, I understood that unless configured otherwise Chrome and Firefox (which they aren't) use the Network Proxy setting.

    What puzzles me is why do IE and Kaspersky updates work but all other programs are blocked. What is also puzzling is that before we shutdown for return to the owner, Firefox and Chrome worked (as I demo'ed them to the owner to show that the URL hijack was fixed)

    Ahh, the joys of working on Windows

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    Infections can leave bad bits in the Hosts File but that would have affected IE as well.

    As all browsers were okay before sending the machine back, it's possible the current problem could be down to something the customer has done since.

    Having run WR you will have already performed a clean boot, but does the same problem occur in Safe Mode with Networking ?

    To check if anything malicious is running on the computer, download Process Explorer. http://technet.microsoft.com/en-gb/s.../bb896653.aspx

    Click on Options and ensure Verify Signature is checked then hover over VirusTotal.com and ensure VirusTotal is checked.

    Anything suspect will have a VirusTotal in red with a highish value/~50.

    If there are any items you are unsure of then you can check their validity at http://www.bleepingcomputer.com/startups/
    Last edited by Sudo15; 2015-01-09 at 03:52.

  7. #7
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,798
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Try a clean boot:
    http://support.microsoft.com/KB/929135

    Jerry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •