I found using my PC that I cannot connect to any Avast! site links that have ‘Avast’ in the html. ie. www.avast.com, etc. BUT - I can connect to any that have www.asw.cz in them!
Not weird, your HOSTS file might have been hijacked. This is a common trick to stop you getting help to remove malware and there may well be other security sites blocked.
HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file
If you can get to avast.com using this link http://75.125.223.2/ it is likely that the HOSTS file or possible DNS has been hijacked. This is one of the IP addresses so it is much harder to block IP addresses than domain names.
Thanks, I found the HOSTS file, and here it is below. It does not appear to block Avast… Also downloaded def. file on this PC and USB thumbed it to the problem PC, and installed it that way. It found 2 problems that are in the vault at present.
Now that Grisoft AVG 8 anti-virus Free version has BECOME a virus I tried out several AV programs before finding Avast!
Ensure that you have fully removed AVG from your system, first using add remove programs and reboot.
AVG Remover, download tool from here, http://www.grisoft.com/ww.download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one. Run it and reboot.
Since I downloaded the 18 MB update for the latest download of the program I downloaded and transferred it to my Avast.com problem PC, the auto update has started working - ONE PROBLEM SOLVED.
Windows Firewall → allow Avast was always selected.
So, the downloaded huge update file seems to have fixed AUTO UPDATES. Don’t ask … ???
But, anything with ‘Avast’ in the name still won’t show. Blank browser page below is Avast forum - home page is blank also, I’m here now with the other PC.
*I’m thinking I may have got hit with this, in between changing anti-virus programs. (Had to remove AVG as it kept looping and popping up a notice that every file was infected, incl. AVG.) Even though I am using Vista SP1.
ntispyware 2008 XP a.k.a. Antispyware2008XP or AntispywareXP2008, is a vicious rogue anti-spyware program which is known to be installed undetected at times from a Trojan infection such as Vundo or Zlob. Antispyware 2008 XP was found to target Italian speaking areas of the world but can be installed on any computer that is connected to the internet. http://forum.avast.com/index.php?topic=38157.0
Turning off auto backups may have helped… Plus now I’ve run every well known anti-spyware program. That Zlob sounds familiar in removal.
PS. I just downloaded that AVG removal tool and ran it … thanks.
Still no Avast site pages though…
Well this could be some other form of DNS attack/redirect.
You didn’t mention those anti-spyware apps you had used so here are a few;
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
Thanks. I’m going to download what you listed now. I’m really weighted down now. ;D
Been using - up until the attack
Vista Windows Defender
Microsoft Malicious Software Removal Tool
antivirus and Windows Firewall.
Then added Avast! - from download site not advast.com which I am unable to get.
and the usual suspect…
AdAware
Spybot Search & Destroy
RootkitRevealer
Spyware Blaster
Hijack this
I’m pretty sure it came from a tiny ‘popup’ that I could not kill, with Task Manager or Autoruns and clicking OK to remove ofcourse launched the ‘get antispyware program’ or something that was closed immediately - but the damage must have been done!
I cleared all browser caches, ran CCleaner with unticked ‘leave temp files 48 hrs’, ran reg cleaners and download all antivirus software and ran, etc. Then after I turned off auto backup so nothing was replaced on reboot. (Probably should has ran a system restore!!!)
Think I have got rid of it (or most of it) just the puzzling ‘cannot access any avast.com name sites’.
I was using Firefox 3.0.3 (the latest) at the time also.
Well thank you very much DavidR, you fixed my problem!
Those programs you recommended are great. The one that caught the crap was Malwarebytes.
Now I am logged into the Avast forum with my main PC, the one that could not get any Avast sites. Not only that, but when I installed the 3 programs (+ one other you listed - maybe DOS) I found I could not update the def. files. Even though I added them manually to Windows Firewall.
So, I scanned with what I downloaded and Malwarebytes still pick up the crap - after rebooting I was able to update all the programs - and connect to the Avast site and forum. The direct dns link worked by the way, I can’t remember it, something like http:/123.456.78.987 - probably because it did not have avast in the name. So this crap must be blocking anti-virus & anti-malware sites.
Yes this is a common tactic by malware stop you getting to the sites to get help in removing their c*** so it isn’t just avast’s site that would be blocked. This used to be done by hacking the hosts file, but that is to easy to detect and remove that they have improved how they intercept secutiy site domain requests.
Malwarebytes is one of the leading anti-malware programs and is a fine companion for avast I do a weekly update, followed by a scan with MBAM as part of my regular weekly system maintenance.
I take it that having selected all those in your image you clicked the remove Selected button and they are now history.
For some unfathomable reason, the Avast! forum requires that you make 20 posts before you can have an avatar and change setting like get rid of you e-mail display … ???
I don’t know about the other two things you mention, but the 20 posts is part of the anti spamming. This came about by a spam attack on forum members via PMs.
The 20 posts is so that new forum members can not spam through the use of personal messages. Spammers usually will not post 20 times so that they can spam other users by using PMs … especially if it is automated posting. The same would be true for an avatar that might be “in bad taste.”
You can see your email and so can the moderators but the rest of us do not see your email. Click the image below to enlarge it and see what we see.
No it means those that haven’t got 20 posts, can’t use the PM function to spam any forum members.
The same for denied access to the Profile settings stops signature link spamming, the practice of promoting objectionable, commercial, sites, etc.
There are measures to stop bots signing up (Captcha) but it doesn’t stop drive by sign ups (or very smart bots) to the forums to try and use these methods and that is a measure to stop that, unfortunately it hits the legitimate forum member until they have 20 posts an no longer a Newbie but a Jr Member.