Mystery Virus

[Swampster]

I have run into what I am fairly certain is a virus . . . but I can't seem to get any identification on it.

The symptoms are:

(1) Virus protection corrupted, and therefor not usable. It is, however, able to be uninstalled.

(2) It will allow you to surf the Internet, but once to a site it will not allow you to navigate to any section where you might get operating system updates, new definition files, or online virus scanning. For example, it will allow me to go to the Microsoft Update site, but when I click on the link to have it scan for needed updates it process it for about 2 seconds and then says there is nothing available in ANY catagory. Likewise, I can go to Symantec and get to their Security Response section, but it won't allow me to download updates or run their online scan.

(3) Mainline antivirus programs either will not install, or the installation is corrupted so as to make it non-functional when you finally do get it in there.

(4) I was able to get FreeAV (a free German AV program) downloaded and installed as well as updated, but it detects nothing as did scanning directly from the Norton AntiVirus 2004 CD.

Anybody got any ideas as to what this could be?

 

[mechBgon]

Start by confirming that your computer's time is set correctly (right month, right year). What I'd do next is

• set up another computer's antivirus software for full-tilt, shoot-first-ask-questions-later antivirus detection, both realtime and on-demand scanning, heuristics enabled, latest definitions, etc.
• now on the problem computer, disable System Restore and delete all the System Restore files, then shut down
• remove the drive from the possibly-infected computer, put it into the other computer as an additional drive, and run a full scan of the drive from the good computer. Have it clean or else delete whatever it finds that's infected, and take note of the virus types that it does find so you can use that info to...
• ...figure out how the virus might've gotten in the door in the first place, and take steps to keep it out in the future.

 

[Swampster]

Good suggestion . . . I will give it a try and let you know

 

[Cheetah8799]

Have you tried scanning for spyware? adaware and spybot can do this for you.

 

[monzie]

This doesn't sound like an AV or Virus problem to me...........it sounds more like a firewall, proxy (or ad blocker) or browser not allowing certain ports or browser controls access to the net. Have you installed anything new lately OR changed any settings..............don't forget a lot of firewall's DEFAULT settings are very secuity tight..... AND are still blocking ports even when NOT seen to be running (also true of things like the Proxomitron). Some software does more than one thing so the line between what's doing what becomes blurred.......eg Firewalls that block ads/pop ups.

Also try installing another browser (eg. Firefox) and see if that works.
Check IE6's Security Settings (in Security Custom Level).

Try doing an online security test like Shields Up or AuditMyPc.

 

[Swampster]

Tried the scan as a slave drive on another system . . . didn't find anything.

AdAware and SpyBot, both with latest updates were tried, and although they found many suspect items and dutifully removed them (I think), this didn't seem to make any difference to the main problem.

As for firewall or ad blocker software . . . that's a possibility. Let me check that out and report back.

 

[DalyTek]

reboot into safe mode and try to either run your AV software or install it from there.

 

[Hubris]

We were slammed by this at work today, if it's the virus I think it is. Try this: http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.RG

 

[Swampster]

Many thanks to Hubris!

He gets the official "ata boy" for today . . . even if it was sort of by the back door <G>.

In reading the post about the virus mentioned, I started to discard it as it only pertains to NT based operating systems, but decided to read it in its entirety just in case.

The solution was in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts file. It was redirecting things locally, which had the effect of making the links appear to be non-functional. I will have to put that on my list of places to check when browsers start doing weird things.

Again . . . many thanks all!!!

 

[Hubris]

You might also want to keep a copy of the Stinger utility on your computer. This thing is amazing, and one of the only good things McAfee has come up with. It kills a lot of hard-to-kill viruses, and it will clean out your Hosts file if it gets corrupted, as your was. Very handy to have.

http://vil.nai.com/vil/stinger/