none
Virus has prevented access to windows update and large array of Anti-virus update servers.

    Question

  • Hi I have been infected by a virus (due to the activity of a young guest in my home) with a very unplesant and persistant virus.

    Among other things it has done the following:

    1) It has prevented acess to Windows Update service by blocking acess to all Microsoft Update Servers.
    The update service still reports itself to be fully functioning - but it can not download any updates.

    2) It has blocked access to a large array of virus and spyware protection vendors signature update sites, so that no signature updates for the majority of most popular virus and spyware protection software can be downloaded. So no updates for Windows Defender, Mcafee Total protection 2009, AVG Free, Norton AV, Tend Micro, Hijackthis, Adaware, Spyware Doctor etc...

    3) It has removed access to system restore, so that the option is no longer available to enable/disable this feature via Control Panel\System\system protection. (The tab for this simply no longer exists. It is not geyed out, there are no checkboxes to check or uncheck, it simply does not exist).

    4) It has hijacked my browser (Firefox) so that now perhaps 50% of the web pages I visit are misdirected to advertisment sites.

    While it seems evident - although hugely (hugely) frustrating that my only viable option may be a reinstall of Vista and while I am aware of all of the standard advice about running a virus scan/spyware clean up in safe mode, etc what I'm most interested in is how this virus has achieved this feat?

    I looked at my hosts file in C:\Windows\System32\Drivers\etc and I can't see anything there at all that would block access to microsoft update and also to virus protection update vendor's servers.

    My impression is however that my entire internet connection may have been compromised, so that all of my activity is now being routed through some kind of proxy. (This is just a suspicion though, as there is now a distinct delay of a few seconds between each web page I visit).

    To be clear there is no point simply saying 'install the latest spyware removal software (such as ad aware, spybot search and destroy, spyware doctor, hijackthis and so on) and then run a scan, as acess to the update servers for all of these applications has been completely blocked, so no new signatures/definitions can be obtained. I would prefer to defeat this virus if I can and save what has been months of work in configuring my system just the way I want it, which is why I would like first to work out how it is blocking acess to these update servers?

    When I figure that out and fix it, then maybe I can run a bunch of scans.

    Can anyone help?


    Saturday, March 21, 2009 11:41 AM

Answers

All replies

  • Hi,
    To answer you first question, there are a lot of ways a piece of malware can take over your system. Be it by a adding a simple registry key, installing a driver, launching several processes, installing an NT service, modifying the HOSTS file, corrupting the LSP stack, redirecting all dns requests to rogue servers - just to name a few.

    Since from  your description this sounds like a format-reinstall scenario, you should give MBAM a try. It's an excellent tool that has chances to still work on your infected computer and it's good at removing persistent malware. Download it, install it, update and run a full system scan. Post the log in your next reply.
    Victor Constantinescu - MVP Security, MCTS
    Sunday, March 22, 2009 8:33 AM
  • Hi raid517, for virus infection related issues, I suggest you first try a free online virus scan on the following site:

    http://safety.live.com

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    For support outside the United States and Canada, visit the Product Support Services Web page (http://support.microsoft.com/?pr=SecurityHome  ).

    Hope this helps!
    --------------------------------------------------------------------------------
    Sean Zhu - MSFT

    Monday, March 23, 2009 7:27 AM
    Moderator
  • I've got the same problem. Got a clean bill of health when I ran Windows Live online but the problems persist. Virus blocks access to MBAM. Any other suggestions?
    Friday, April 30, 2010 11:45 PM
  • I had the same problem once and after doing the things I am going to list here, I haven't had even the slightest sign of a virus since on any of my computers; and its been two years. 

    First of all, all of those virus programs you listed never catch the most serious infections.  Go to the site Malwarebytes and download their free malware detector.   I actually was given this site by someone at microsoft.  Do a full scan and select remove all infections.  If you can't use the internet on your computer, use another computer and when you hit download and it gives you the option of where to save it, save it on a flashdrive.  Insert that flashdrive into your infected computer and install that way.  Then get Avast, it is the only virus program I've had that actually catches and cleans everything.  Malware though is different from what I understand, so the malwarebytes covers you there.

    Monday, May 17, 2010 9:04 AM
  • Yeah i got the same problem here with a Win Xp machine. I tried malware bytes, the most recent one. and still nothing, I also changed the dns servers and checked the hosts file and did a trace route, i found out it's actually redirecting my internet instead, therefore blocking all updates of windows and antivirus of any kind. I usually hear that malware bytes will get rid of it. But this time it didn't so i was wondering what else i could do? Usually i would reformat and start over, but this time. i wonder if there's a real solution. 
    Saturday, November 06, 2010 5:50 AM
  • I learned to download a fresh copy of spybot s&d, rename the .exe install file to something else before installing and do the same for Malware Bytes.  The key is by renaming the install.exe file, it bypasses the configuration that disable these popular anti-malware removal tools. Re-boot in safemode (restart and tap f8), Try to launch spybot s&d or malware bytes before the virus process starts running in the background. This has worked for me on several occasions. Good luck!

     

    Thursday, December 16, 2010 12:16 PM