these sites down?

[Powertec]

Mark did you try to get to that site in Safemode?
I had an issue the other day which makes me wonder if i had the same problem but i went in with safemode with networking and managed to get whatever it was off.

[mark]

still blocked in safemode

[KrazyKuch]

Can you get to this website???
http://vundofix.atribune.org/

that should get ride of the trojan

[mark]

Quote:

Originally Posted by KrazyKuch

Can you get to this website???
http://vundofix.atribune.org/

that should get ride of the trojan

blocked in both IE and Firefox.

At least Canreef is still here.

[midgetwaiter]

Mark sent me a PM with a screenshot of what is going on when he tries to update spybot and I think you guys are right it is this vundo thing. I checked it out, it's a bastard.

For the techie types that may be interested, it works by using a Browser Help Object to snag requests to anti spyware sites and redirect them to localhost. This is especially evil because any spyware definition update that use a dll from the standard microsoft network package seem to be also redirected by the BHO.

Hijack This! is probably the best tool for getting rid of this kind of thing but like Snaz says it isn't exactly simple to use.

Mark, I'll put the Vundofix program from Atribune on my site and send you a link.

[mark]

was able to get Vundofix v7.0.6 fr Softpedia.com.

It didn't find anything.

[Aquattro]

Can the BHO be unloaded from within IE? If not, can dll or ocx be renamed before launching IE?

[Snaz]

If it is a Browser Helper Object(BHO) that is doing the redirect then Hijackthis should clean that up.
http://www.download.com/Trend-Micro-...-10227353.html

Close all other programs, install HJT and then click "Do System Scan and Save a Log file"

It will list all kinds of switches and programs that determine how your computer behaves. As a start, select all BHO and click "FIXED CHECKED". Becareful with the other items HJT finds as some of them are needed for your computer to run. Removing all BHO should not an issue but yahoo toolbars etc will be missiing but you can always install them again as needed. The object today is to get you browser to goto your AV home to update definitions. If your current AV does not fix it try AVG Free AV at:

http://grisoft.com and search there site for "FREE" and try the free version, very nice.

If that does not work and you have the time, try the HJT upload service, it may take you further.

Keith

[DanG]

Quote:

Originally Posted by mark

Using Superantispyware and Spybot (all freeware).

Thing with this is just tried the malwarebytes site and was blocked;

With Firefox get:

Failed to Connect

The connection was refused when attempting to contact www.malwarebytes.org.


Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.

* Are you unable to browse other sites? Check the computer's network connection.

* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

See if you can get it from http://www.download.com/Malwarebytes...=dl&tag=button

[mark]

Quote:

Originally Posted by DanG

See if you can get it from http://www.download.com/Malwarebytes...=dl&tag=button

Looks like I got it with Malwarebytes.

A big thanks to all.