Security Software Virus in PC - Not allowing to download AV software

raksrules

raksrules

Level N
Facing a virus issue in my Windows XP machine. I do not have any AV installed and my machine has been infected it seems. The way i got it to know is that when i tried to visit the AVG website to download the antivirus it did not allow me to load the site. Firefox always encounters "server not found" for any antivirus related website. Tried going to Norton, Mcafee, avast and all result in "server not found". Everything else opens fine.
Please suggest what i can do in such a situation.

PS: No formatting please :(
 
have you tried malwarebytes / spybot s-d ? if you can, use these OR

download a bootable antivirus program for CD/pen drive, boot from that and do a full scan.
 
go to ur

"C:\WINDOWS\system32\drivers\etc"

there will be a host file (hidden) without any extension

open it with notepad

it might have entries for the av websites as shown below

127.0.0.1 www.avast.com

127.0.0.1 ESET - Antivirus Software with Spyware and Malware Protection

etc just delete those entries and it should work

lame method to disable av downloads/updates

------------------------------------------------------------------------------------------------------------------------------------------------------------

method 2 : (only works if its an advance malware)

download rootkit unhooker and run it

it will show hooked mswsock or winsocks libs by some random mutex exe/dll unhook rename/delete those exe/dll reboot and try
 
Some more updates....

It does not allow me to install Avira. Just tried. Some stupid message in german (i guess) came.

I am not able to boot my machine in safe mode too.

What pen drive bootable antivirus do you suggest ?

I need to get this thing removed without formatting my machine :(
 
^^ Checking on it.

Currently i installed Nod32 (had setup in PC). Lets see how it goes.

It also does a "Dont show hidden files) checked and even after i change to "show system and hidden files", it immediately reverts back.

vFrom the symptoms, what virus does it seem to be ?
 
Get a NIS (Trial :))Setup From Ur Friend/Cyber Cafe,NIS Stops any malicious Services While installing,So Nothing Can Stop It from Being installed.Update and scan,Then revert Back To Ur Fvr8 AV :)
 
puns said:
have you tried malwarebytes / spybot s-d ? if you can, use these OR

download a bootable antivirus program for CD/pen drive, boot from that and do a full scan.
Click to expand...
+1 for MalwareBytes MBAM.

  • Just get it downloaded from some other machine
  • rename the setup to something else
  • copy it over
  • install to custom directory
  • run quick scan and apply the fixes it suggests.

Saying again, only quick scan. You will be on your way in 30 mins.
 
Use combofix. It will do the job of removing the virus/worm or any spy/malware.

Really speaking, i was exactly in your place some months back, i was not able to open any antivirus/MS/or such sites, but none of the things worked and finally had to format. :(

But hey whats harm in trying. Good luck.:)

Combofix

Bleeping Computer Downloads: ComboFix Download

After that see whether you are able to access the sites and view hidden files/folders. If not then download RRT tools

RRT Sergiwa Antiviral Toolkit Personal Download - Softpedia

Make the required changes, restart and see the difference. :hap2:
 
How about you Download SARDu and then DL all the definitions and make a bootable pen Drive out of it?

it will take you some time i agree

since it can DL multiple standalone virus scanners and definitions and compile them into a bootable pen drive

then you can boot your PC from the pen drive and scan and remove the specific viruses

Google the following

SARDU

Hiren's boot CD
 
get the latest nod32 release. if you are able to install that. it will fix your problems if its a virus attack :)

because it seems from your vitus attack it has disabled .exe files execution whreas nod32 setup is .msi
 
GuruGulabKhatri said:
Get a NIS (Trial :))Setup From Ur Friend/Cyber Cafe,NIS Stops any malicious Services While installing,So Nothing Can Stop It from Being installed.Update and scan,Then revert Back To Ur Fvr8 AV :)
Click to expand...
I did try Norton once, it helps!

And for Combofix, it's better not to use it. Combofix is an extremely powerful utility, used in a wrong way can make your PC unbootable.

Alternative:
As you have a laptop, you can try downloading a bootable disk and run the disk as your boot device in the infected machine.
Download FREE Bootable Rescue CDs from Kaspersky, BitDefender, Avira, F-Secure and Others - Tweaking with Vishal

Give it some time (it's a darn slow process), and most probably your problem will be fixed
 
ayanavish said:
I did try Norton once, it helps!

And for Combofix, it's better not to use it. Combofix is an extremely powerful utility, used in a wrong way can make your PC unbootable.

Alternative:

As you have a laptop, you can try downloading a bootable disk and run the disk as your boot device in the infected machine.

Download FREE Bootable Rescue CDs from Kaspersky, BitDefender, Avira, F-Secure and Others - Tweaking with Vishal

Give it some time (it's a darn slow process), and most probably your problem will be fixed
Click to expand...
Mine is a Netbook and have no optical drive. So even if i download this rescue disc, is there any way to boot from USB ??
 
OK

do one thing

i am going to redirect you for expert advice

Startseite - Avira Support Forum

this is the link for Avira Forums

register there and create a thread describing your entire problem

they will surely ask you to post your Hijackthis log

so download Trendmicro Hijackthis here

HijackThis - Trend Micro USA

Generate a log using administrator privileges

copy the log file text and keep it

The forum moderators at Avira Forums will guide you through the rest

Don't worry they are quite knowledgeable bunch though not very helpful at times
 
Back
Top