Malware Blocking internet access?

[Chiefcrowe]

I was looking at a friend's computer and wanted some advice.

It seemed to have some malware (homepage was redirected to a strange site) and other strange slowness. Also had 2 internet security suites. So i removed one and am trying to figure out what's going on. Now it does not access the internet anymore and other computers can with no problem.

I was going to try to run a scan from a boot cd Kaspersky first but i'm not sure what other tools to run from the OS.

any ideas? thanks!

 

[seepy83]

I'd probably start with TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip), and ComboFix (http://www.bleepingcomputer.com/download/anti-virus/combofix). They've both proved useful for removing some recent infections that my friends/family have gotten.

 

[MadScientist]

I've had limited success with AV boot CDs.
I'd run Rkill first, then TDSSkiller, next Malawarebytes Anti-malware, Combofix, and then finish up with HijackThis. The HJT analyzer works ok. http://www.hijackthis.de/
You can run them in any order, but run Rkill first, re-run it if you have to reboot.
To uninstall Combofix open a Command Prompt (cmd), point it to the Combofix.exe directory, i.e., cd c:\temp, and type combofix /uninstall

Try these steps if after cleaning the computer you still do not have internet access. I have found that it's usually #1 or #5.
1. In Internet Explorer under Internet Option – Connections –LAN settings make sure either nothing is checked or only Automatically Detect Settings is checked.
2. Under Network, right click on your Connection and click on Diagnose or Repair. While you’re there click on Properties, TCP/IPv4, Properties; Obtain an IP address Auto and Obtain a DNS Server Address Auto should be ticked. Click on the Advanced tab, under IP Address it should read DHCP Enabled.
3. Download and run Winsock XP Fix V1.2, reboot. http://www.snapfiles.com/get/winsockxpfix.html
4. Run the Microsoft Fixit tool or follow their instructions for the manual method, reboot. http://support.microsoft.com/?kbid=299357
5. Open up Services and check that the DNS Client, DHCP Client, and the Remote Procedure Call (RCP) services are started.

 

[Chiefcrowe]

Thank you, i will try these and report back. I think it sucks that microsoft doesn't make it that easy for the average user to set up their PC so that their normal account is a limited access non admin account. That probably would have helped a lot!

 

[boochi]

Thank you, i will try these and report back. I think it sucks that microsoft doesn't make it that easy for the average user to set up their PC so that their normal account is a limited access non admin account. That probably would have helped a lot!

They do make it easy. Control Panel, User accounts, change your type.

 

[Chiefcrowe]

What I meant was that they should make that the default set up when someone first sets up their new computer.

 

[xSauronx]

What I meant was that they should make that the default set up when someone first sets up their new computer.

the issue with that is that the first account HAS to be the admin account, if you set up windows with no admin account, youre going to have a hell of a time installing new software and hardware and blah blah blah.

what they COULD do is have you set up the admin account, then "now we will set up your every day user account" that is a non admin.

alternatively, people could stop sucking at using computers. its unbelievable to me sometimes how much people will click click click on damn near anything. my company has a couple of regular customers who need issues like what are described in the OP cleaned every couple of months.

 

[Chiefcrowe]

totally agree there.. yeah they should set up the first account and then the every day account right after that.
i just had someone click on a pop up today.. argh!!!

 

[blackangst1]

the issue with that is that the first account HAS to be the admin account, if you set up windows with no admin account, youre going to have a hell of a time installing new software and hardware and blah blah blah.

what they COULD do is have you set up the admin account, then "now we will set up your every day user account" that is a non admin.

alternatively, people could stop sucking at using computers. its unbelievable to me sometimes how much people will click click click on damn near anything. my company has a couple of regular customers who need issues like what are described in the OP cleaned every couple of months.

FYI...some viruses are installed via scripts. Its not always because you click click click. Im sure you know that though

 

[SecurityTheatre]

As a security person, I think the concept of "cleaning" this type of thing is INSANE.

Back up the data and re-install the OS fresh.

It will make the computer seem so much faster, even if you didn't have a virus in the first place. Trying to clean a persistent malware infection is just a recipe for headache and failure. It takes less than 3 hours to rebuild a system from scratch and you will be certain your bank account or porn stash are safe from prying eyes.