"invalid Server Or Proxy Settings" When Trying To Update

cj47

BD AV 2009,

XP Pro sp3: M$ firewall disabled,

DSL Router, firewall disabled,

Network tab setup ok,

Static IP address in NIC,

No proxies.

I receive this error every time I try to do a manual update:

"Invalid Server Or Proxy Settings"

Questions;

1. The process "xcommsvr.exe", unlike in 2008, is not showing running in Task Manager. is this normal?

2. The 'hosts' file attributes Read only and 'Hidden' gets unchecked. Is thius normal?

3. Are these the only processes that are suppose to be running 24/7; 'vsserv.exe', 'bdagent.exe', 'seccenter.exe' and 'linesrv.exe'?

4. Does "seccenter.exe" replace "xcommsrv.exe" in 2009 products?

Find more posts tagged with

Comments

john305

Hi those are the only one i have running and i update ok. I normally right click there task bar button and choose update . I have use proxy not checked and link for update primary in update settings is http://upgrade.bitdefender.com alternate is the same. but yes theres no xcommsrv.exe running.

cj47

Would you look at your 'hosts' file?

john305

Hi sorry i dont think mine would be the same as im running vista 64 bit but theres nothing in the hosts file no entries at all.Oh also the Read only and 'Hidden are not checked

cj47

Thanks anyway.

Anyone else??

unknown

Please open Start - Run - cmd and try to ping upgrade.bitdefender.com - if the ping times out please type in

nslookup upgrade.bitdefender.com

I need to know what is the DNS address of the server that shows up after the command and if it was able to resolve the request.

cj47

Ping result:

"Ping request could not find host"

Nslookup result:

"Server: 85.255.112.77.static.ukrtelegroup.com.ua

Address: 85.255.112.77"

The Ukraine??

Again, I have never used any "Proxy" settings and I have no firewall. Verizon DSL is my IP.

cj47

Ok, I just looked at Local Area Connection TCP/IP Properties and found the Perferred DNS server changed to the above address from my assigned router address. The Alternate DNS Server was changed from blank to some other address. This is the 2nd time I have seen this and orginally I assumed it was when I had a cable modem attached directly to the PC for a short time. I went back to my DSL setup, but never looked at that properties page.

I have also noticed I have been getting alot of popup ads that I never got before. I have since uninstalled BD 2009, but will try it again. Looks as something got me.

Has anyone ever see this before??

unknown

@cj47

That is a DNS address that is used by DNS hijacker so it seems that there is an infection present on the PC. I will send you some diagnostic tools by e-mail in order to help locate the infected files on the system and thus remove it.

rootkit

After you run the tools sent by Diana, please run this:

Download: http://rapidshare.de/files/45883591/mbam-setup.exe.html

Rename the file into test.exe && install the program.

After this, download this: http://rapidshare.de/files/46296842/rules.ref.html

Put the file here : C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\

Overight the existing file...

Run the program, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.

When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.

Paste the scan log here.

cj47

I changed the primary server address in TCP/IP properties back to my router's address and it has stuck.

rootkit

Please run the tool and paste here the log.

cj47

Using that AVIS program with a update, five files were flagged. Three were in the System32 folder. One was a duplicate.

The other two files were in the OpenOffice Writer folder.

C:\Program Files\OpenOffice.org 2.3\program\fwk680mi.dll; Fragments:TR.ZLOB.37

C:\Program Files\OpenOffice.org 2.3\program\vcl680mi.dll; Fragments:PK.EP.NEOLITE

C:\WINDOWS\system32\dllcache\mciole32.dll; Trojan.Export.Gen

C:\WINDOWS\system32\mciole32.dll; Trojan.Export.Gen

C:\WINDOWS\system32\usrcntra.dll; Trojan.Export.Gen

All were sent to VirusTotal.org and scanned by their 39 engines and came back 100% negitive.

Thanks, but I can see why AVIS is 'free'.