RE: Can't access any webs sites that contain anti virus fixes





"Volfandt" wrote:

XP Pro w/rev 6 explorer. I recently discovered that I couldn't access any web
sites that contain antivirus/spyware updates or fixes. This includes AVG,
SpyBot, Adaware, Malware and/or even trying to manually run Windows update.
Instead of getting the download page (where one chooses to eoither save or
run the download, I get a webpage stateing page not found"). Microsofts
Malicious Software tool didn;t find any problems but AVG ran and found
problems and fixed it but when I run the Microsoft download scanner it finds
problems but can't fix them. Other than not being able to update XP, AVG and
my other virus/spyware app's the system seems to work fine. Also, I cannot
run Spybot nor Malwares app. I deleted Spybot and reinstalled it and it will
not run.
I'm guessing the virus that got me has gotten into my registry.
Any thoughts and/or fixes?
Thanks

This can be one of two:
1- A restrictions been put in place by the Viral infection
Or
2- A Corrupt profile

Open run then type in:
regedit click [OK]
Locate this keys and see if the entries placed to restrict you from having
control on your machine and remove them if they are there!

Restriction for Programs to run:
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Explorer = remove this entry in the right pane/window:
DisallowRun

Restriction for Registry Editor:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System
= remove this entry in the right pane/window
DisableRegistryTools

Restriction for Command Prompt:
[-]HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System = remove
this entry in the right pane/window
DisableCMD

<Q from MauriceN at castlecops.com>
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from
here:
http://cid-6aaab341ce47c5c2.skydrive.live.com/self.aspx/Public/FixPolicies.exe

* Double-click FixPolicies.exe.
* Click the "Install" button on the bottom toolbar of the box that will
open.
* The program will create a new Folder called FixPolicies.
* Double-click to Open the new Folder, and then double-click the file
within: Fix_Policies.cmd.
* A black box will briefly appear and then close.
* This fix may prove temporary. Active malware may revert these changes
at your next startup. You can safely run the utility again.

Now, logoff and restart the system, and advise and confirm for me that you
can login to Normal mode.
</Q>

Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Download and Update both SuperAntispyware and Malwarebytes then run a
complete scan - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim

# For the second option:
How to Identify a Damaged User Profile and Create a New Profile
http://support.microsoft.com/kb/811151
HTH,
nass
---
http://www.nasstec.co.uk
.



Relevant Pages

  • Re: about: blank
    ... Spybot and Adaware were finding malware and possible ... Turned off RESTORE. ... >Download, UPDATE before running, and run: ...
    (microsoft.public.security.virus)
  • Re: mysearchnow.com hijacking my IE
    ... CoolWebSearch (if not, then see AdAware, SpyBot, and HijackThis, below). ... Restore and then reboot your system in order to clear the malware garbage ... Be sure that you also download and install hotfix Q816093, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Search help
    ... Sounds like this might be a variant of some malware called CoolWebSearch (if ... not, then see AdAware, SpyBot, and HijackThis, below). ... Download, UPDATE before running, and run: ... Another excellent program for this purpose is SpyBot Search and Destroy ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Intellifind bug in IE?
    ... Sounds like this might be a variant of some malware called CoolWebSearch (if ... then you can disable and then re-enable System Restore. ... Be sure that you also download and install hotfix Q816093, ... Another excellent program for this purpose is SpyBot Search and Destroy ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: adware/spyware
    ... > system restore, deleted items in the registry and run Spysweeper, Adware 6 ... the makers of Spybot will soon fix this bug. ... The process of removing certain malware may kill your internet ... Download, UPDATE before running, and run: ...
    (microsoft.public.security.virus)