Jump to content

unable to connect to update server 3.0.6.1469-10103


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

I believe you meant netstat not netsh, but overall it's very common to have many connections in and out of the box as you visit sites, and have applications that run in the background that have Internet access. Then you have ads from web pages that also connect that you have no idea of where or what they are. Just a normal process of using Windows. Why firewall, and security apps are used to keep things in check.

Is this computer part of a business network or was it ever part of a business?

What is this domain shown in the logs?   domain.actdsltmp

 

Link to post
Share on other sites

I can see my modem's web activity log now and a steady stream of sites are coming up, some of which were in my private bookmarks. Sites that I haven't visited for years. some that don't even exist anymore. I see sites like elasticbeanstalk.com

my computer was part of a business network or never part of a business but I have mastered webites with it in the past.

 DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . : domain.actdsltmp

        Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base-T Controller

        Physical Address. . . . . . . . . : 00-1E-8C-6A-22-88

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.7

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Monday, May 01, 2017 7:33:05 PM

        Lease Expires . . . . . . . . . . : Monday, May 08, 2017 7:33:05 PM

Server:  
Address:  192.168.1.1

Edited by Fosdick
Link to post
Share on other sites

  • Root Admin

Can you open the Network and Sharing Center. Then on the left click on "Change Adapter settings"

Then on the following connection.

 

Ethernet adapter Local Area Connection 3:

 

Right click and choose Properties.

Scroll down to the Internet Protocol Version 4 and double-click to open or select properties.

Click Advanced

DNS

Then that entry should show. Remove it and set it back to default

DNS_IP4_Setup.jpg

 

Then click OK and restart the computer.

Then after the restart, download the following beta and install it and reboot again, even if not asked to.

NEW BETA!  Malwarebytes 3.1.0.1716
https://forums.malwarebytes.com/topic/200230-new-beta-malwarebytes-3101716/

Then on the restart see if it is able to connect now or not and let me know.

Thanks

 

 

 

Link to post
Share on other sites

I checked the setup and it is correct. I downloaded and installed the new malware bytes but I get the exact same results as Sami1953, the same version numbers. It still wont update. It cant connect to the update server. Plus now when I click my account it cannot connect to license server.

If I view the modem activity log, I see a steady stream of sites in my bookmarks page that I haven't accessed in days or even years coming up. Some domains that I owned that do not exist anymore. The domain.actdsltmp is the actiontec dsl modem.

I do not see these sites coming up in the log when I am connected with my W7 computer with MWB3 installed updated and working correctly.

Example:

modem.jpg

Edited by Fosdick
Link to post
Share on other sites

I would like to ad that when this infection started, I could not see any activity at all coming from my computer even though I could see activity from another computer on the network and my Dish TV receiver. After all the fixes above were run, I can now see my activity, much of which is not coming from my browser activity and appears to be fishy.

Link to post
Share on other sites

I did a hard reset on the actiontec DSL modem by pushing the recessed reset button on the back because that was the only way I could find reset the password. I think that was when I could view my activity in the modem activity log.

Link to post
Share on other sites

  • Root Admin

The other logs do not indicate there is any infection but we'll run a couple other tools.

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.


When that one is done, attach the logs. Then run this other Kaspersky tool as well.

 

Please download and run the following tool to remove any found threats

Kaspersky Virus Removal Tool

Link to post
Share on other sites

I installed 3.1.1.1722 which did not help.

I ran TTDSS killer which found a few things.

I ran KVR which found a few things but I still can't update.

I no longer get the "unable to contact update server" error message but I still get the "unable to  contact to license server" error.

I no longer get the steady stream of activity related to my personal internal bookmarks page on my modem activity log which seems to be  showing normal activity now.

Link to post
Share on other sites

26 minutes ago, Fosdick said:

I installed 3.1.1.1722 which did not help.

I ran TTDSS killer which found a few things.

I ran KVR which found a few things but I still can't update.

I no longer get the "unable to contact update server" error message but I still get the "unable to  contact to license server" error.

I no longer get the steady stream of activity related to my personal internal bookmarks page on my modem activity log which seems to be  showing normal activity now.

In order to help you one on one, its best to start your own topic, and post the requested logs below...

Let's try this first....

  1. Please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt)


Please let us know how it goes.

Thank You,
Firefox

Link to post
Share on other sites

I installed 3.1.1.1722 which did not help.

I ran TTDSS killer which found a few things.

I ran KVR which found a few things but I still can't update.

I no longer get the "unable to contact update server" error message but I still get the "unable to  contact to license server" error.

I no longer get the steady stream of activity related to my personal internal bookmarks page on my modem activity log which seems to be  showing normal activity now.

Link to post
Share on other sites

  • Root Admin

Okay, something very odd going on here. Part of the logs shows that Malwarebytes is not installed. Let's do a bit more clean up and then see if we can determine what's going on with the networking.

Something is stopping the computer from reaching our License Server which in turn stops the installation Token from being generated. Without the token validation, you cannot run updates.

Let's go ahead and remove a few other items from the computer.

Please go into your Control Panel, Add/Remove and uninstall the following.

Java 7 Update 25

Sophos Virus Removal Tool

Then download the following AVG Removal Tool to remove any left over elements of AVG from previous installations.

AVG_Remover.exe

Then restart the computer.

Next, let's try setting your network to use the Google Public DNS - please read the following information and setup DNS to use Google Public DNS

https://developers.google.com/speed/public-dns/

Next, run the following.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

NEXT:

Let's temporarily disable your firewall. Go into Administrator tools and run SERVICES or from Start - Run you can type in SERVICES.MSC and press the Enter key and it will load it.
Go down to the Windows Firewall and set the startup type to DISABLED. Then restart the computer.

Then download the following version of Malwarebytes and install it over the top of your current version of Malwarebytes and restart the computer.

https://forums.malwarebytes.com/topic/200230-malwarebytes-version-311-beta-available-for-download/

Now see if you're able to activate Malwarebytes or not and get updates and let me know.

Once that's done, then go back into the Services and set the Firewall back to Automatic and restart the computer again.

Thanks

 

 

Edited by AdvancedSetup
Link to post
Share on other sites

My computer is back to autonomously visiting links in my private links page on my desktop. A html page with href links to everything I usually visit, like a bookmarks page. There are some links to sites that don't exist any more that I have not deleted. I can see them appearing in the web activity log in my modem,

I can log on to the modem and view the activity log with my smart phone. That way I can see it with no browser loaded

Domains show up in that log that look like gibberish such as qiqeopdp.domain.acdlstmp, d2tpbry8f62bv9.cloudfront.net.acdtdsltmp and d2tpbry8f62bv0.cloudfront.net

I made a html links page with bogus domains such as biteme.gov. When I open it with firefox they start showing up in the web activity log, in order, immediately even though I have not clicked them.

This does not happen when I open that bogus links page with chrome but I still get random google domains.

Even with no browser open, I see domains showing up like login.live.com. I have never been there and I don't know what that is.

Doing a hard reset on the modem did not help.

 

 

 

Edited by Fosdick
Link to post
Share on other sites

The autonomous activity whenever a browser was open was the browser prefetching the DNS for all of the links in the current page.

My Windows 7 computer is working correctly with malwarebytes 3 installed. It updates and contacts the license server.

I still can't update on my XP computer. I am waiting for a new beta version.

 

Edited by Fosdick
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.