|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
 Posted: Mon May 24, 2004 1:46 pm Post subject: Virus restricting access to symantec and hotmail. pls help! |
|
|
Hi.
recently i was hit by some nasty spyware programs, which resulted in the loss of my norton antivirus. when prompted to re-install missing components thru the symantec website, something called "internet optimizer" stops the page from loading. i used hijackthis to kill off the optimizer adware, but i still cant get to the symantec site. also, cant login to msn6 and i cant check my hotmail account. when i try to access any of these pages i get a "page not found" error.  |
|
| Back to top |
|
 |
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Mon May 24, 2004 2:19 pm Post subject: |
|
|
The last part of your problem may be due to the Akamai server problem. Might want to take a look at the Handler's Diary at http://www.incidents.org for further information. (No guarantee, just a possibility.)
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
| Back to top |
|
|
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
| Posted: Mon May 24, 2004 5:26 pm Post subject: |
|
|
| thanks for the tip. |
|
| Back to top |
|
|
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
| Posted: Tue May 25, 2004 9:16 am Post subject: |
|
|
| my problem may be deeper than the akamai mixup, i'm afraid. apparently akamai is up and running again, but i'm still suffering the same problems. any suggestions? thanks in advance. |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Tue May 25, 2004 10:08 am Post subject: |
|
|
Okay, use Find | Files ... to locate your Hosts file and then open it with Notepad. Check to see if it contains entries for Symantec, MSN, and HotMail. If so, copy and paste those lines in a response.
Some of the recent gremlins were rather fond of adding a number of firewall, anti-virus, anti-Trojan, and anti-spyware vendors to the Hosts file in such a manner as to make it impossible for you to subsequently reach those websites.
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
| Back to top |
|
|
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
| Posted: Tue May 25, 2004 6:38 pm Post subject: |
|
|
here's the hosts list...
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
as for hotmail and msn, i came up with nothing on the hosts list. |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Tue May 25, 2004 6:58 pm Post subject: |
|
|
Yep, as I suspected.
Remove all of those entries from the hosts file.
What they are doing is looping back any of your queries to any of the Symantec websites to your OWN machine; they're not going anywhere.
Now, depending on how those entries got there, they may re-appear. Time for you to run AdAware, SpyBot S&D and after cleaning out garbage from both of those, you might as well go ahead and do a HJT analysis and post whatever may be left over to the HJT people (I'm not a HJT guy, myself). I gather from a recent post from Calamity Jane that there's something REALLY nasty out there that seems to once again be in love with the Hosts file.
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
| Back to top |
|
|
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
| Posted: Tue May 25, 2004 7:01 pm Post subject: |
|
|
| thanks again for the help. now for some uprooting... |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Tue May 25, 2004 7:38 pm Post subject: |
|
|
| infected_user wrote: |
| thanks again for the help. now for some uprooting... |
I must admit I was unaware as to just how bad the situation was! I just went over and looked at the Spyware -- HiJackThis Forum here at Computer Cops and I got back four pages and still hadn't got past the beginning of today!
Do you have any idea how this stuff got on you box? It's much easier to prevent it happening again than have you constantly going through the same process over and over again (and there seems to be a lot of that over there).
HJT is a tool for when things get out of hand; it's much better to prevent getting to this point in the first place. Old epigram: "Give a man a fish and you feed him for one day; teach him to fish and you feed him for life".
First, do you have whichever version of Windows you're running fully updated via Windows Update? (Certainly all critical updates.) What about other Internet-enabled applications that you may use? These may be MS OFFICE apps or even third-party browsers, e-mail clients, or NNTP newsreaders (to name only a few).
Second, stay completely off warez, porn, and blackhat websites. They'll kill you. Shut down any P2P apps and probably most IM apps that you may be using unless you've got them fully secured. Next thing to start dumping is IRC CHAT clients (but that mostly depends on what you use it for). No more random file downloads from anything other than fully trusted download sites. And, even then, you should be running a memory-resident antivirus app full-time and it needs to be regularly updated. Even once a week may not suffice any more.
Third, you never mentioned a firewall (hardware or software) or a NAT router (again, hardware or software, like Microsoft's ICS). If you're not using one, get one, install it, understand how it works and lock it down like it was a chastity belt -- because it is. If you're not familiar with firewalls, at least get the free version of Zone Alarm and give no applications Internet server rights. If you're running NIS or NPF (which I would assume you are, since you posted in the General Symantec forum), it's time to go back and make sure all the rules are properly configured (not to mention that the firewall itself is still active).
Next, get one of the Anti-Trojan products. Sure, some of the AV products cover some Trojans, but none of them cover as much as the dedicated products. Again, I would recommend that you get one that runs memory-resident, run it all the time, and update it frequently. (I think BOClean, Trojan Hunter, and The Cleaner all fall in this category.) TDS-3 is an even better product, but I don't believe it necessarily runs memory-resident.
After that, there's AdAware and SpyBot S&D (new version 1.3, has a memory-resident utility, earlier versions may have had).
Next, a registry monitor that runs real-time. At the moment, I use TCActive! (a component of The Cleaner) and also TeaTimer (a component of Spybot S&D 1.3). There are even more exotic real-time registry monitors, but they cost money.
There's more; but that's enough for now.
Now look, if I can run all this stuff on a 6-year old PII @ 350 MHz with a 100 MHz front-end bus under Win 98 SE and only 128 MB of RAM (on a dial-up connection, no less!), without having my world come to a halt, well, you probably can, too! You've probably spent far more time in the past week trying to unscrew your machine from whatever the hell hit it than I've spent keeping all this stuff running in the past six months.
Do it.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
infected_user
Cadet
Joined: May 23, 2004
Posts: 7
Location: USA
|
| Posted: Wed May 26, 2004 12:13 pm Post subject: |
|
|
| apparently i've got a lot of homework ahead of me with virus killing and computer upkeeping. as for now, your advice has helped a lot, as i can access hotmail, msn6, and symantec. i ran spybot, spyblaster, ad-aware, norton antivirus, and hijackthis, just for good measure, but apparently "tip of the iceberg" is a pretty good term to use in my case. the only malignant problem is a registry exploit that spybot encountered called "DSO Exploit" |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
