Jump to content

Another instance of www.malwarebytes.org not being found


Recommended Posts

I am having the same problem with browsers being prevented from going to www.malwarebytes.org and other sites. Two similar posts I found are http://www.malwarebytes.org/forums/index.php?showtopic=6956 and http://www.malwarebytes.org/forums/index.php?showtopic=9707.

In short, while researching a solution to a Linux printing problem I managed to follow a Google link that resulted in various browser hijackers and other viruses getting installed on my machine. I noticed it immediately and took corrective action, and with the help of Malwarebytes (excellent product, BTW) was able to remove everything. Or so I thought.

The one symptom that seems to remain is that certain websites (such as www.malwarebytes.org) are either blocked or misdirected by the browser. I have verified that it is not a router issue, as I have other machines on my LAN that can get to these sites no problem. Also, nslookup does give me the correct IP address for alpha.malwarebytes.org (69.162.79.74). I tried to get there from the browser via IP address but receved a Forbidden response, probably due to your server using name-based virtual host mapping (or something similar). Running tracert also shows that it ends up at alpha.malwarebytes.org.

Being technically savvy I have been working on this for a while now but am finally running out of ideas. Like others, steps that I've taken include:

  • Doing a full Malwarebytes scan
  • Running Hijackthis and removing suspicious entries
  • Removing non-critical software from the system
  • Running netsh int ip reset and ipconfig /flushdns multiple times
  • Starting up in safe mode with no services other than networking
  • Resetting Internet Explorer settings to default values
  • Completely removing and reinstalling Firefox

I've attached the latest Malwarebytes and Hijackthis logs for reference. I have been tempted to run ComboFix, but as a power user I have not been able to find enough information on what this tool actually does to satisfy my need to know what the actual problem is. Any help would be greatly appreciated.

Thanks,

Kevin

mbam_log_2009_01_17__15_23_41_.txt

hijackthis_17_jan_2009.txt

mbam_log_2009_01_17__15_23_41_.txt

hijackthis_17_jan_2009.txt

Link to post
Share on other sites

Your version of mbam is WAYYYY out of date. The hjt application you are using is also way out of date. Try the Update tab on the mbam to see if it works. If not, try to manually download them from here

and just double-click on mbam-rules.exe to install.

Next, please click HERE to download HijackThis.

Click the Download button then select the link to Download HijackThis Installer.

Double click on the HJTInstall.exe then click "Install". It will be installed by default here:

C:\Program Files\Trend Micro\HijackThis

...and A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double click the icon that was placed on the Desktop to run subsequent hijackthis scans or you can use the icon inside the folder.

The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click Do a system scan and save a logfile. Copy and paste the contents of that log in your next reply. Thanks!

Link to post
Share on other sites

Thanks for the response. I was rather surprised to hear the version of Malwarebytes and HijackThis I had were "way" out of date, considering I downloaded them just prior to Christmas. In the world of trojans and viruses, however, I guess 4 weeks is an eternity :-)

At any rate it was of course a good suggestion, as the latest version of Malwarebytes did in fact find the culprits - logfiles are attached - and I'm now able to send this post from the formerly infected machine. Sneaky little devils for sure; I'm almost impressed at how well-disguised they were.

Which leads me to say, I definitely am impressed with both Malwarebytes and HijackThis as tools to combat malware. Many thanks to everyone involved in creating and maintaining these products, as well as to those who take the time to respond in these forums.

Best regards,

Kevin

mbam_log_2009_01_18__11_00_33_.txt

hijackthis_18_jan_2009.txt

mbam_log_2009_01_18__11_00_33_.txt

hijackthis_18_jan_2009.txt

Link to post
Share on other sites

I was rather surprised to hear the version of Malwarebytes and HijackThis I had were "way" out of date, considering I downloaded them just prior to Christmas.

Malwarebytes' Anti-Malware 1.31 was released on December 3 (last month) and the HijackThis version you had is nearly two years outdated. Merijn Bellekom sold HijackThis to Trend Micro then, and shortly after came the revision.

I'd like to see another mbam log after you reboot. Please run another quick scan and post THAT log along with a fresh HijackThis log. Thanks!

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.31 was released on December 3 (last month) and the HijackThis version you had is nearly two years outdated. Merijn Bellekom sold HijackThis to Trend Micro then, and shortly after came the revision.

Hmm, I guess I chose the wrong one when I downloaded HijackThis. It was available from multiple sites so I tried to pick the one that seemed the "safest". Thanks again for pointing this out.

The latest logs are attached. Everything looks good except for the last service entry (LiveShare). I had removed Roxio during my cleanup process but for some reason this entry stayed. Strangely enough, selecting "Fix" in HijackThis doesn't actually remove the entry - it's still there when I do another scan. Irritating but probably benign.

Regards,

Kevin

mbam_log_2009_01_20__19_20_08_.txt

hijackthis_20_jan_2009.txt

mbam_log_2009_01_20__19_20_08_.txt

hijackthis_20_jan_2009.txt

Link to post
Share on other sites

Copy and paste the following into a blank NotePad:

sc stop RoxLiveShare9

sc delete RoxLiveShare9

Click File-->Save as and name the file delservice.bat

Under "Save as type" Select "all files" and save it to your Desktop.

Double-click the delservice.bat file on your Desktop. When the batch completes, delete the .bat file and Reboot the system.

Run HijackThis again and check the box next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Close all windows (including this browser window). Having only the HijackThis application's window open, click the Fix Checked button.

Reboot the computer and post back a fresh HijackThis log. Thanks!

Link to post
Share on other sites

Copy and paste the following into a blank NotePad:

sc stop RoxLiveShare9

sc delete RoxLiveShare9

[...]

Run HijackThis again and check the box next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Close all windows (including this browser window). Having only the HijackThis application's window open, click the Fix Checked button.

Reboot the computer and post back a fresh HijackThis log. Thanks!

Finally got a chance to do this - sorry for the delay.

The stop command reported that the service had not been started but the delete command worked. That did the trick, HijackThis no longer reports this entry.

Trying to fix the two other entries that you mention doesn't seem to have any effect - they just show up again. I'm going to change the default IE settings to not automatically search anyway, so I'm not worried about these. Latest logfile is attached (note that I may have reinstalled a couple of items since last run).

Thanks again for all your help - everything seems good. Now that I've trimmed this machine down to the barebones I'm going to upgrade to Windows 7 Beta and see how that goes :)

Cheers,

Kevin

hijackthis_24_jan_2009.txt

hijackthis_24_jan_2009.txt

Link to post
Share on other sites

This issue appears resolved and the thread is closed to prevent others from posting here.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.