Can't even browse to avast.com

I am new to any forum, much less avast. Sorry for you guys that are pros, I’m not. Have avast pro 4.8. Just in the last 2 days, I can’t go to certain websites - don’t know if it has anything to do with an update or if I have something incorrect. Ironically I can’t even type in www.avast.com and get to their own website - I get an error that says CONNECTION INTERRUPTED…THE NETWORK LINK WAS INTERRUPTED WHILE NEGOTIATING A CONNECTION. PLEASE TRY AGAIN.

This is very frustrating! I do not know how to fix this - any help out there for a novice???

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
Can you give some examples of the other sites ?
If you Terminate the Web Shield can you connect to these sites you are having trouble with ?
What is your firewall ?

If these sites are anything to do with security (obviously avast.com does) then it is possible that your HOSTS file has been hijacked.

Obviously I have no such problem in visiting avast.com, how are you able to connect to forum.avast.com as that too would be covered in any redirect by a hosts file hijack is in place ?

Maybe you should try using SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

Also, try full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

DavidR -

Avast is the only anti-virus, before that I had Norton, but removed it through the normal add/delete programs.
Can’t open site www.llessursevorg.com
I haven’t tried terminating the web shield, am using windows firewall.
I was able to get to forum.avast.com but not avast.com, then I found a post that said to type in the “number” address, I did that, then I could get to www.avast.com just like normal.

Tech,
Which would be the best anti-spyware for me to use? Would avast not take care of all of that for me???

Also, based on what DavidR said that a host file might be hijacked - how do I know and how do I fix it?

Being able to get to forum.avast.com means avast.com isn’t being redirected in the HOSTS file as sub-domains, the forums. bit would also be redirected. so it doesn’t look like hosts file hijack.

For general information see HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file

You can take a look in my signature there are two ant-spyware/malware programs listed ;D

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

There is a new means of blocking security sites that doesn’t require the use of the HOSTS file, so you could be infected with malware (DNS Hijack) that modifies the registry to do this, the MBAM #2 above is quite good at detecting that, for best results run both of the above programs from safe mode and report the findings.

DavidR

this is the screenshot of my host file:

Copyright (c) 1993-1999 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a ‘#’ symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

I do not know if anything is wrong with this or not—

Also I downloaded superantispyware, this is what it came up with and I quarantined all of this—
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/10/2008 at 10:10 AM

Application Version : 4.21.1004

Core Rules Database Version : 3629
Trace Rules Database Version: 1613

Scan type : Complete Scan
Total Scan Time : 00:26:34

Memory items scanned : 665
Memory threats detected : 0
Registry items scanned : 6702
Registry threats detected : 0
File items scanned : 25978
File threats detected : 98

Adware.Tracking Cookie
C:\Documents and Settings\LynDee\Cookies\lyndee@adrevolver[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@nextag[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@apmebf[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@bluestreak[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@indexstats[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@crackberry[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@richmedia.yahoo[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@trafficmp[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@sales.liveperson[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ads.pointroll[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@tacoda[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@fastclick[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@kontera[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@chefscatalog.122.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@chitika[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@thefind[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wdkykmajsgp.stats.esomniture[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[8].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@snagajob.122.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@247realmedia[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adtrack.voicestar[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adlegend[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@msnbc.112.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[11].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adserving.autotrader[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@specificclick[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[5].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@revsci[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@2o7[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@sales.liveperson[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@onlinerewardcenter[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@paypal.112.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@iacas.adbureau[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@silo.thefind[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@media.adrevolver[3].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@interclick[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@media.adrevolver[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@zedo[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[10].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@pathfinder[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@marketlive.122.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@bs.serving-sys[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@fs10.fusestats[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@tribalfusion[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adserver.adtechus[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@doubleclick[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[9].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@webreports.digitalinsight[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@bizrate[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adserver.texaspress[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wjk4egcpcao.stats.esomniture[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@questionmarket[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ad.m5prod[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wfkiqkazsao.stats.esomniture[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[4].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ad.yieldmanager[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@specificmedia[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@bzresults.122.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@hitbox[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adopt.euroclick[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@stats.paypal[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@imrworldwide[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@mediaplex[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wdmiumc5cko.stats.esomniture[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@serving-sys[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@atwola[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@atdmt[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@qnsr[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@overture[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@realmedia[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@dominionenterprises.112.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adopt.specificclick[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@advertising[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@casalemedia[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.burstnet[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@insightexpressai[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@a.websponsors[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[3].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wmkiggdpckp.stats.esomniture[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[6].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ads.bridgetrack[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@www.googleadservices[7].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@eyewonder[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ontarget.122.2o7[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@ads.monster[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@e-2dj6wmkygpc5who.stats.esomniture[2].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@sales.liveperson[4].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@l1.qsstats[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@adbrite[1].txt
C:\Documents and Settings\LynDee\Cookies\lyndee@burstnet[1].txt
But I still cannot get to the www.llessursevorg.com website, it says
Connection Interrupted
The connection to the server was reset while the page was loading.
The network link was interrupted while negotiating a connection. Please try again.

I will try running both from safe mode like you said and post the results.

Thank you!

DavidR-

I ran both of the programs you said, malware & superantispyware from safe mode, neither found anything infected!!!

What do you think I need to do now?

Please Help!

As I though there is nothing wrong with your hosts file, that is normal.

The cookies (tracking, etc.) are nothing to be concerned with, they are a very minor privacy issue but not really a security issue.

I have the tracking cookies part of the scan disabled in SAS, however depending on your browser (?) you should not accept third party cookies (not for the domain name of the site you are visiting) and periodically clear out your cookie cache.

I take it that there was just a negative report after the MBAM scan ?

What is your browser ?
I can connect to that site (just), using firefox 3.0.3. It is extremely slow as it uses flash and I’m on dial-up and the site is like watching paint dry and it is still loading after several minutes it is still loading. I really hate media rich sites like this with zero consideration for dial-up users.

Sorry it is simply taking too long to load this flash page (main.swf) and life is too short, but even if their server is slow as well the connections as slow as it is continues. No connection broken error, etc. So I don’t know what it might be causing the problem for you, I dare say if I was on broad band the page would have completed loading, but I simply can’t confirm that.

What is your connection method ?

Got zero findings of any virus on mbam browser is Firefox 3.0.3.

One other tidbit I just found - I have an apple macbook that I use at home, after not being able to load the site here at work on all 4 computers, when I got home last week, I tried loading it - it worked fine. I brought it here to the office, it is connecting wirelessly to my network and it WILL NOT LOAD the same site you tried. Could there be something with my wireless router that was changed?? Not by me of course, I don’t even know how!

I do know that a salesman stated last week that he used our internet access in the parking lot as it isn’t password protected! I don’t know how to password protect it either!

It certainly sounds like some local problem, unfortunately I have zero network of wireless experience. However, a few seconds with my friend google found a ton of stuff (not to self, don’t exaggerate ;D ), the first hit looks promising, http://www.google.co.uk/search?q=secure+wireless+network.

lmg, a HOSTS file will stop those tracking cookies:

I use hphosts and MVPS HOSTS files:
http://www.mvps.org/winhelp2002/hosts.htm <== good HOSTS file description as well

Managed with HostsMan and I use its HostsServer proxy to speed up browsing:
http://www.abelhadigital.com

I called the help line for my router and they had me put in a 43 in port triggering, then the website I was trying to get to worked fine. I have no idea why 2 weeks ago it worked as well as the avast.com site, but it wouldn’t without this port triggering number??? Anyway, all is well for now.
They stated if other websites wouldn’t work I might have to put in other port trigger numbers.

Thanks for the update, glad that everything is working now, I hate mysteries too.