-
March 31st, 2004, 11:26 PM
#1
Virus blocks access to anti virus websites.
I was given a computer today that was doing all sorts of strange things. I found that it was infected with the Blaster worm and had another virus called W32.HLLW.Geobot.gen.
However when I tried to open a website with a removal tool the site wouldn't open. At first I thought Symantecs site was down but then I tried trend Micro and Sophos and neither of the sites would open.
Has anyone seen a virus like this that can stop access to sites containing the removal tool?
All other websites opened with no problems.
-
March 31st, 2004, 11:44 PM
#2
Intel Mod
Yes, there are certainly nasties that try to block access to security sites. A disk-based solution is needed, or you may get away with accessing a little-known vendor who isn't on the block list, but maybe not...
-
March 31st, 2004, 11:56 PM
#3
Registered User
Yank the hard drive out of the computer and place it in another computer with up to date antivirus software. Scan the drive. Follow the instructions for removal of the virus(es). return the hard drive to the original computer, then scan with Spybot, and or Ad-Aware.
-
April 1st, 2004, 12:04 AM
#4
I simply downloaded the removal tools on another computer and copied them to disc. I was just curious to know if anyone had come across this befor.
-
April 1st, 2004, 02:01 AM
#5
i keep a recent copy of avg , symantic msblast removal tool , the microsoft patch , spybot and addware on my pendrive ,,,,
go in , turn off restore and go for it .
20 mins later , connect to the internet , update avg spybot and avg ,,,,quick run thru ,,,,and go home (not forgetting to turn restore back on) ,,
freddy
-
April 1st, 2004, 03:21 AM
#6
Well Freddy Im still here and havent gone home yet.
The removal tool didn't find anything but Im guessing thats because before I managed to get hold of it, I had already manually removed the infected file. I had also removed the bad reg entrys too.
I am currently scanning with Spybot now but don't expect to find anything else.
Problem is although Nortons doesn't detect the virus anymore I still can't open any AV websites such as symantec or Trend Micro and nortons Live update will not work either.
Is there a way to fix this?
-
April 1st, 2004, 05:11 AM
#7
Originally Posted by MobilePCPhysician
Yank the hard drive out of the computer and place it in another computer with up to date antivirus software. Scan the drive. Follow the instructions for removal of the virus(es). return the hard drive to the original computer, then scan with Spybot, and or Ad-Aware.
I tried this also but the computer wouldnt boot for some reason. My computer is running XP and so was the drive. I made sure I set the drive to slave and it showed as slave in the bios but on boot I kept getting an error screen about Windows not starting properly and being able to choose last know good config but it just kept looping back to that screen. Im guessing it was due to the two OS's but why would it do this if one is set to slave?
I have an IDE to USB hdd case so will use that but am still wondering what caused the above problems.
-
April 1st, 2004, 06:42 AM
#8
Okay I am starting to wonder about this drive. Its a Seagate Barracuda 40gb and its brand new.
When I first tried to set it up in the machine after ghosting it I couldn't get it to boot unless I set it as the slave even though its the only drive in the machine. When set as Master I would get a non system disc error.
Then wehn I tried to plug it into my own machine (As mentioned above) it wouldnt allow my computer to boot no matter what way I set it up.
Step 3 was to plug it into my IDE-USB case to access it from my machine but it wouldnt work plugged into this either no matter what I had the jumpers set at.
I tried another drive just to test the case and it worked fine.
What could be up with this drive??
-
April 1st, 2004, 08:21 AM
#9
Well I manged to get it to work the second time around setting the jumpers on CS. However I did a full virus scan and it didnt detect anything.
So Im still stuck with my original problem of not being able to update Nortons via Live update or able to view AV websites.
Any suggestions??
-
April 1st, 2004, 01:28 PM
#10
Driver Terrier
Sounds like this one has got into the boot record. For quickness I would be backing up what I can off the drive and then doing a zero fill or two.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
April 1st, 2004, 05:21 PM
#11
Well the original drive that I ghosted this one from although faulty still works most of the time. I suppose I could check to see if that has the virus and if not just re-clone. I'm almost certain he got the virus after putting this new drive in his machine.
The boot problem of the drives occured even before there was anything put onto this new drive. When I first connected it up I could see it in the BIOS but not in XP. (No matter what jumper setting I used.)
I booted with the ghost boot disc and could also see it there so just went ahead and copied it over. Would that indicate another problem and not a boot virus?? What do you think?
-
May 4th, 2004, 09:00 PM
#12
Originally Posted by riddellcomp
I was given a computer today that was doing all sorts of strange things. I found that it was infected with the Blaster worm and had another virus called W32.HLLW.Geobot.gen.
However when I tried to open a website with a removal tool the site wouldn't open. At first I thought Symantecs site was down but then I tried trend Micro and Sophos and neither of the sites would open.
Has anyone seen a virus like this that can stop access to sites containing the removal tool?
All other websites opened with no problems.
__________________________________________________ _________
Okay yeah i have seen this before with symantech it is a quick fix if you can't reach the symantec site it is due to the virus changing your host file in "C:\WINNT\system32\drivers\etc\host" you will have to open it with notepad and delete everything but 127.0.0.1 localhost. and boom your in your site and live updat should work!!
this is what your host file should look like.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
-
May 5th, 2004, 02:15 AM
#13
Driver Terrier
Welcome to Windrivers HECK!
Yes that is a good fix for some. Norton however seems to get into an altered state (I wonder why ) and you end up having to manually uninstall and reinstall it, not even the norton removal tool sets it straight again sometimes.
Ridell, I assume this is now a sorted problem?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
Similar Threads
-
By 70-240 in forum Certification
Replies: 14
Last Post: February 20th, 2012, 03:35 AM
-
By edhunter in forum Spyware & Antivirus - Security
Replies: 2
Last Post: May 30th, 2001, 08:40 PM
-
By BigPants in forum Tech-To-Tech
Replies: 5
Last Post: March 6th, 2001, 03:29 PM
-
By Bjorn in forum Windows NT/2000
Replies: 3
Last Post: February 17th, 2001, 12:58 PM
-
By Danrak in forum Tech-To-Tech
Replies: 21
Last Post: May 12th, 2000, 07:18 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks