The virus is not letting me go to websites like microsoft update or malwarebytes.org. It automatically routes me to an advertisement. I can go to other websites though. What can be done?
I did. I am not able to go to the microsoft website to update. I think some of my files are corrupt and that is messing everything up. I can not find any of the CDs that came when I bought the laptop... I think I got rid of most of whatever I got but it will not let me do a restore in either normal or safe mode.
Are you able to run a McAfee scan and if so did it find anything?
If you can't go to any websites then I would suggest you get a USB stick or pen drive and use a relatives pc or your neighbors and try to download Malwarebytes www.malwarebytes.org and SuperAntispyware www.superantispyware.com both programs are free and catches a lot of stuff.
You should rename the download to something you can easily remember and when you go to install it do the same for the install folder. When you get these programs installed on your computer, run them and let them clean anything they find. Reboot your computer and try connecting to the internet again.
Yes, I was able to do that. Initially it was a doctor malware issue and then it was a rootkit.agent. I was able to scan through McAfee but it did not detect anything. Malwarebytes detected and removed most of it. I still have some ads popping but mostly when I go to the microsoft update website. The problem now is the corrupt files. When I go to the microsoft site a message says I can not update, something about ActiveX. The message appears for a quick second and then disappears.Message was edited by: litagain on 5/6/10 7:27:13 PM CDT
Ensure both those programs and mcafee are updated to current date updates and retry. Also did you run the suggested stinger program on high sensitivity and report only to see if it detects anything. Sometimes a combination of programs are needed as malware are updating themselves daily as well.
Yes, I tried all that. Apparently the rootkit.agent somehow came back eventhough malwarebytes said it was removed. I tried to do a system restore again but it won't let me.
Remove it from quarantine in MWB and delete all temp files and internet temp files. Good idea to consider to delete restore files as some hide there as well.
Did you run stinger with the settings mentioned? If it finds anything send the file to Mcafee labs as mentioned in the Document.
I ran stinger and it didn't find anything. Maybe I didn't know what I was doing. I also tried hijackThis. I was finally able to make it to the microsoft update website and it scanned for viruses and showed nothing. I then tried to download defender but that download did not work. There was an error 0x80072efe. All of a sudden a popup came up that looked like a microsoft warning and I knew another virus infected the computer. I am running malware and McAfee now again and it's showing a lot more infections...
You might want to check the host file to see if it's been modified via the typical location of C:\windows\system32\drivers\etc\ then file 'hosts'. Typically malware will try to block users from accessing certain sites by changing this host file to block access.
Edit the "hosts" file with the Notepad application to see if there are any additional entries beyond the standard template like below:
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 188.8.131.52 rhino.acme.com # source server
# 184.108.40.206 x.acme.com # x client host