these sites down?

[mark]

Picked up some spyware the other day and think I got some of it with the old definitions I had, but now if I try to update Spybot or SuperantiSpyware, I can't.

I've allowed the sites through the firewall as done updates before and even turn the firewall off but can't connect to http://www.spybot.info/ or http://www.superantispyware.com/ .

These sites should be okay as show as the sites home page and come up on google, but could someone try them. Not sure if being paranoid that whatever I got is blocking them or they're just down. There's still something as everytime I open a link in Firefox (default is in a new tab) a second window tries to start (http://sagipsul.com/...).

[Pescador]

They both worked fine for me with Safari Mark.

[Powertec]

Hi Mark

Im on firefox and they all open fine for me as we'll.

[midgetwaiter]

open the file c:\windows\system32\drivers\etc\hosts in notepad.

You should see this:

Code:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

The last line may be missing in XP, no biggie.

Some spyware will insert additional entries in the file. This file is used to maintain a list of hosts and their numerical addresses so your computer can figure out just who www.whatever.com is. With your internet connection this mapping is provided by your DNS servers but entries in this file will override that. It has become common for spyware to put something like

127.0.0.1 www.spybot.info

into this file so your computer can't find the site, just remove the line and save the file. That will get rid of it.

[mark]

Quote:

Originally Posted by midgetwaiter

open the file c:\windows\system32\drivers\etc\hosts in notepad.

You should see this:

Code:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

The last line may be missing in XP, no biggie.

Some spyware will insert additional entries in the file. This file is used to maintain a list of hosts and their numerical addresses so your computer can figure out just who www.whatever.com is. With your internet connection this mapping is provided by your DNS servers but entries in this file will override that. It has become common for spyware to put something like

127.0.0.1 www.spybot.info

into this file so your computer can't find the site, just remove the line and save the file. That will get rid of it.

Thanks, tried this and still no joy. Even thought I would try some other anti-spyware and places like Microsoft Download Ctr is blocked

[midgetwaiter]

open a command prompt and do this

nslookup (enter)

then type in www.spybot.info and hit enter again.

Your output should look like this:

Code:

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\ajs>nslookup
Default Server:  nsc1.ar.ed.shawcable.net
Address:  64.59.184.13

> www.spybot.info
Server:  nsc1.ar.ed.shawcable.net
Address:  64.59.184.13

Non-authoritative answer:
Name:    www.spybot.info
Address:  89.238.64.39

now try http://89.238.64.39 in the address bar of your browser.

[muck]

What ever you picked up Mark so do I... it seems to block all the anti-spyware/anti-virus sites that I can think of..

Not sure how to go about removing the infection.

[Snaz]

Update your Anti virus definitions if you can. It will probably fail. Then do a full computer scan in SAFE MODE:

1. Enter safe mode by tapping F8 as soon a the computer starts or restarts. You will get a menu to enter safe mode, try safe mode with networking as then you might be able update your AV definitions.

2. Do a full computer scan while in safe mode, delete or quarantine any nasties.

3. Reboot and do it all again, enter safe mode and do a full computer scan.

4. Reboot into normal mode. If the virus comes back then you will need to work harder to clean it up. Tools like Hijackthis will help but are not for the novice. Get a nerd buddy to help or otherwise backup your files, bookmarks etc and wipe the machine.

Good luck

[DanG]

You've got vundo, it's a really really nasty piece of spyware.

I've gotten rid of it on a friends laptop using Malware Bytes anti malware program.

www.malwarebytes.org

What are you running for antivirus?

[mark]

Using Superantispyware and Spybot (all freeware).

Thing with this is just tried the malwarebytes site and was blocked;

With Firefox get:

Failed to Connect

The connection was refused when attempting to contact www.malwarebytes.org.


Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.

* Are you unable to browse other sites? Check the computer's network connection.

* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.