Results 1 to 8 of 8

Thread: Some help.

  1. #1

    Some help.

    I have suspicions about my Windows XP.

    Well I no longer seem to be able to download anymore, even AV updates. I could at one point and got some, doing a scan now but still unsure whats going on.

    There is also a reg entry I found in CodeStuff Starter that is completly blank with nothing at al that I can stop but I dont kno what it is.

    I am just suspicios as I also cant start my firewall anyway and cant download one.

    Any theories/

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    407
    try booting in safe mode, then downloading a firewall, updates for your AV and whatever else. do a full system scan, i sugest at least 2 AV, you can use Trend micro's online scan . see if that turns up anything....

    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    The Mydoom.B virus will overwrite the systems hosts file as per the following:

    Overwrites the local host file to prevent users from accessing the following sites. This action occurs at each instance the worm runs. If the local system date falls within the date range of the www.microsoft.com DoS, the reference to www.microsoft.com is not written to the hosts file.

    ad.doubleclick.net
    ad.fastclick.net
    ads.fastclick.net
    ar.atwola.com
    atdmt.com
    avp.ch
    avp.com
    avp.ru
    awaps.net
    banner.fastclick.net
    banners.fastclick.net
    ca.com
    click.atdmt.com
    clicks.atdmt.com
    dispatch.mcafee.com
    download.mcafee.com
    download.microsoft.com
    downloads.microsoft.com
    engine.awaps.net
    fastclick.net
    f-secure.com
    ftp.f-secure.com
    ftp.sophos.com
    go.microsoft.com
    liveupdate.symantec.com
    mast.mcafee.com
    mcafee.com
    media.fastclick.net
    msdn.microsoft.com
    my-etrust.com
    nai.com
    networkassociates.com
    office.microsoft.com
    phx.corporate-ir.net
    secure.nai.com
    securityresponse.symantec.com
    service1.symantec.com
    sophos.com
    spd.atdmt.com
    support.microsoft.com
    symantec.com
    update.symantec.com
    updates.symantec.com
    us.mcafee.com
    vil.nai.com
    viruslist.ru
    windowsupdate.microsoft.com
    www.avp.ch
    www.avp.com
    www.avp.ru
    www.awaps.net
    www.ca.com
    www.fastclick.net
    www.f-secure.com
    www.kaspersky.ru
    www.mcafee.com
    www.microsoft.com
    www.my-etrust.com
    www.nai.com
    www.networkassociates.com
    www.sophos.com
    www.symantec.com
    www.trendmicro.com
    www.viruslist.ru
    www3.ca.com
    This will result in you not being able to contact any of the listed sites. You may want to check to see if your hosts file has been tampered with.

    Cheers:
    DjM

  4. #4
    My hosts file has not been tampered with, I can access the sites. I dont seem to have MyDoom.

    Has anybody any more suggestions, it is quite dangerous I think that I cant download as it means I have no firewall and cannot update AV subscriptions etc.

    Did a scan with Avast and nothing turned up, trying Trend Micro online scan now.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    My hosts file has been tampered with,{...}
    Try nuking the hosts file. The only thing you'll need in there is:
    Code:
    127.0.0.1 localhost
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    I meant to say it hasnt been tampered with sorry.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Ah. Did you tweak your security settings?

    Check (in IE) Tools -> Internet Options -> Security -> Internet -> Custom Level.

    Browse down to Downloads:
    Make sure File Download is enabled.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    First, run netstat (preferably netstat -an or if you're connected through ethernet netstat -e) to see what connections you have open. If you see anything suspicious, that might be it.

    Also, take a look at your running processes. Ctrl+Alt+Delete will open up the task manager. Click on processes, and start scrolling down. If you see anything weird, that also might be it. If you're pretty sure that it is, try closing it down (end-task.) That might fix it for you.

    You can check on your services by either loading up Services or msconfig (both through start>run>(name of prog) msconfig will have a tab called services, where you can enable or disable them. It will also have a list of whether the processes are running or not.

    ....One other thing just occured to me. When you try to download, are you using any download accelerator program, like DAP, or kontiki (SP) If they've crashed, they may still try to take over the download, but be unable to because they don't work. If that's the case, just try re-installing one of them.

    Aside from that....check for adware. Adware and malware can love to interfere with where you go online.

    Let us know how it turns out!
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •