Jump to content

XP Antivirus blocks AVG update and MalwareBytes websites


Recommended Posts

Ok I got infected with the malicious XP Antivirus malware (mine shows up like that, not "Antivirus XP").

Got the Malwarebytes anti-Malware to get rid of the annoying background page that in nailed to my desktop, and restored the

desktop tab to my Display settings dialog box. So far so good.

Here's the problem:

Every Google link I open pops up with a tab to a crummy adsearch website that always has .info in the URL. I can generally copy and paste the search result URL ino the address bar.

Whatever this thing is, it blocks anti-virus/malware/spyware websites and updates for anti-virus/malware/spyware software. Even after I used the proxy servers, the download links for AVG and MWBytes would interrupt, and my >5MB downloads would come in as corrupt 100k .exe files.

I had to download Malwarebytes and AVG on another computer, then install from a USB drive. The updates for these programs are blocked as well. This really sucks, since I cant get MWBytes or AVG to update through a proxy, as it seems like you can only update the databases through the software itself, and as far as I can tell, they have no proxy options.

I have to open Malwarebytes.org through a proxy server. too. My machine is now hanging a lot too. Usually I can prevent this by closing the malware's processes through task manager, but this feels like treading water. This is a huge headache. What next?? SpyBot? SpywareDoctor??

Link to post
Share on other sites

Yeah, I had the same problem. You have to get the Anti-Malware update to get rid of this aprt of the virus.

See my previous post: http://www.malwarebytes.org/forums/index.php?showtopic=5969

But you also need to run SpyBot first using the instructions provided in this forum:

http://www.malwarebytes.org/forums/index.php?showtopic=5940

You can update SpyBot manually, if necessary.

Dave

Link to post
Share on other sites

You can typically download the MBAM databases from http://malwarebytes.gt500.org/database.jsp

Maybe Marcin or another staff member can send you the latest version since the above URL is not working at the present time. Have you checked your hosts file for rogue entries? That's typically what malware authors do to block access to certain anti-malware sites. The only thing that really needs to be there is 127.0.0.1 localhost

FWIW you may try installing SUPERAntiSpyware and run the updater. If the updater fails then they have the definitions on the website. IMO the main reason this forum recommends Spybot is due to the fact that it's 100% freeware whereas SAS is a competitor. SAS is far superior to Spybot when it comes to detection and removal.

In any event there are other programs that you can run in Safe Mode that will clean your system, and afterwards you will be able to update MBAM, AVG, etc. If you feel like doing things yourself then there is a link in my profile that will give you all the necessary tools to disinfect your system. Otherwise if you want "guided" advice you should visit the MBAM HJT forum.

MBAM is a remarkable program, and I'd highly recommend purchasing it to add real-time protection and compliment AVG (or other AV).

Link to post
Share on other sites

Ok I got infected with the malicious XP Antivirus malware (mine shows up like that, not "Antivirus XP").

Got the Malwarebytes anti-Malware to get rid of the annoying background page that in nailed to my desktop, and restored the

desktop tab to my Display settings dialog box. So far so good.

Here's the problem:

Every Google link I open pops up with a tab to a crummy adsearch website that always has .info in the URL. I can generally copy and paste the search result URL ino the address bar.

Whatever this thing is, it blocks anti-virus/malware/spyware websites and updates for anti-virus/malware/spyware software. Even after I used the proxy servers, the download links for AVG and MWBytes would interrupt, and my >5MB downloads would come in as corrupt 100k .exe files.

I had to download Malwarebytes and AVG on another computer, then install from a USB drive. The updates for these programs are blocked as well. This really sucks, since I cant get MWBytes or AVG to update through a proxy, as it seems like you can only update the databases through the software itself, and as far as I can tell, they have no proxy options.

I have to open Malwarebytes.org through a proxy server. too. My machine is now hanging a lot too. Usually I can prevent this by closing the malware's processes through task manager, but this feels like treading water. This is a huge headache. What next?? SpyBot? SpywareDoctor??

I recovered from this extra nasty virus a few days ago. It turns out you CAN update (at least for me anyway) if you switch the update mirror to MalwareSupport.com. Try it!

Link to post
Share on other sites

  • 4 months later...

Ok. I've got a version of this virus on my desktop. It's not only stopping my antivirus programs from updating, it's blocking me from accessing antivirus and anti-malware related sites from my browser. This includes not only the official sites of any anti-virus software, but also ANY SITE OR FORUM DISCUSSING FIXES FOR ANTI-VIRUS SOFTWARE. That has included THIS SITE, as well as just about every other site that has appeared likely to offer any help for the damn thing. Any attempt to follow links or enter the URLs of these sites results in a page-load error.

I finally found this thread by linking through the cached Google files, but I couldn't post from there... don't know if I'd be able to anyway, but either way, it's error-page... oh damn, now I've said it they'll be able to fix that too, won't they? arg. Anyway, I'm typing this now from my laptop.

I've since been able to download the setups for HijackThis, Spybot S&D, avast, and malwarebytes from mirror sites. Of these, only Spybot and Avast were apparently allowed to install. However, Spybot does not run. I click on the program icon, and nothing happens. Avast has installed and has been running, apparently can update normally, and has found a handful of viruses and a couple trojans, but not whatever one is blocking my updates for other spyware programs, or whatever is blocking me from accessing anti-malware sites, or whatever is sending me to spam-links from Google search results.

When Avast ran its first scan after restarting the computer & before starting Windows, it said it found 1 infected file, but it could not move, delete or repair that file. It said it couldn't find the file name.

Attempts to install these programs from a burned CD also seem to have been blocked, but that may or may not be because I (or possibly my computer/s) am crap at anything involving burned CDs.

I'm sharing this with you mainly for your own information, because I thought you would like to know your forum and main site were being blocked. If there's any other information you might like from me, tell me what & how.

If anyone can still help me, that would be much appreciated, but my friends are now mostly telling me that it's a lost cause and that I should just backup my files and reformat my hard drive.

Thanks for your time.

Link to post
Share on other sites

Hello.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Please don't post your log in this topic or start another thread in this forum, but post them in the Malware Removal - HijackThis Logs forum linked to above. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.