Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware: Internet access blocked, many exe files "infected"


  • Please log in to reply

#1
Puppyaddict

Puppyaddict

    New Member

  • Member
  • Pip
  • 1 posts
Forgive short typing. On iPhone.

Got "security alert" and mistakenly clicked on one of them. Got fake security software offer I believe. Didn't download.

Apparently already infected tho. Now can't get on Internet to update superspyware or download your fixes.

Running in safe mode w. networking.

Tried other fix with winsock, reset log commands. No help.

Now get msg on IE8 either:
ADDRESS NOT VALID
or
Internet explorer cannot display...
Appears you are connected, but might want to try to reconnect.

Hard line and wireless both won't work. Word works but excel and many others get error msg that ______.exe is infected.

Please help! I have grad work due tomorrow, arrgh!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting.

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Another common malware practice is to hijack your DNS or your hosts file. Normally when you type in the URL your PC has to request the IP address from the DNS server. If the DNS server belongs to the malware people then it can send you to fake sites and block your access to antimalware sites.

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 4.2.2.1 in the Preferred DNS server.

5. Click "OK"

Reboot.

Before going to the DNS server the PC looks in the hosts file
C:\windows\system32\drivers\etc\hosts
If it finds a match then it doesn't have to go to the DNS server which saves it some time. This file can be opened in notepad tho you may need to enable viewing of hidden and system files. The first non comment line (comments have a # in front) should be 127.0.0.1 localhost. All lines below that can be deleted and the file Saved.

Reboot.

Any better? If so follow the guidelines in the top post of the Malware Removal forum
http://www.geekstogo...uide-t2852.html
and post your logs. If not let me know and we will try a few other things.



Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP