Cannot Connect To Website / Updater Will Not Work

bh999

Hello,

I have two problems I believe are related to a nasty combination of a bunch of viruses and rootkits I was able to delete this morning (thanks to BD!)

Trojan.Patched.CK

Trojan.Fakealert.ANN

Trojan.Downloader.FakeAV.J

Backdoor.Agent.ZWW

The problem is Firefox 3 is unable to establish a connection to the server when I try to go to www.bitdefender.com and Internet Security 8 is unable to connect to the update server.

Things I have tried:

Checked Hosts file (good)

Repaired installation of Internet Security 8

Changed update servers to Update, Upgrade1, Upgrade2 and Upgrade3

Checked firewall settings of LIVESRV.EXE (good)

Checked startup processes

I really don't know what to do or if another hidden rootkit is possibly causing this. I ended up dowloading the latest update onto a flashdisk and transferred over. Luckily I have another computer to use or I wouldn't be able to use this forum either. Any help?

bh999

UPDATE:

I am unable to connect to any anti-virus websites I have tried, including F-Secure, Mcafee, Norton, or Lavasoft, as well as BitDefender, which I tried on a hunch. What is causing this??? Every other kind of site I have tried I have no problems accessing.

Niels

Hello bh999,

How did you verified that you hosts file is good? Did you verified that there are not any references in your hosts file to http://upgrade.bitdefender.com or any of the other update servers in this topic. And that also refers to other vendor websites.

Try this press the windows button together with r now type this: ipconfig /flushdns press enter.

Afterwards download winsockfix from here. Run that tool and press on fix. Reboot afterwards.

If you still are getting redirected. Please download combofix you will find it here. Print the following instructions. and read them carefully. Please post the output of the scan into your next post.

Kind regards,

Niels

bh999

Well it's been an interesting 28 hours, which is when I first started to deal with the problems I was having. I am happy to report success, at least it appears to be. This is all apparently a result of BRASTK.EXE, ANTI-VIRUS 2009 (rogue spyware) and a rootkit Bit-Defender is calling Rootkit.TDSS.G.

Combofix was able to destroy the rootkit finally, or at least the part that was apparently causing the real-time protection to be down, that blocked access to all virus protection websites, that re-directed web searches to unrelated websites, and which prevented certain malware programs (the ones which were apparently effective against it) from installing or running (such as Hijackthis, Malwarebytes Anti-Malware and Combofix). I could not get the first two programs to work when I renamed them, although after a few tried I finally got Combofix to work (bombofix did not work FYI) after renaming it zxevcz.exe. Apparently the creator was reacting to certain forums which advocated using the previous programs, because they worked fine at first. However, even after Combofix ran I installed Malwarebytes Anti-Malware and ran that to be safe. As it ran, BD found 2 backdoor agents and a TDSS rootkit in real-time protection. Then Anti-Malware found 5 more TDSS (trojan or rootkits not sure) hiding in the System Restore files and another TDSS sitting in windows/system32 directory. Is the nightmare over?? I hope so.

Thanks for directing me to Combofix Niels, although I had already decided it was going to be my last hope before I re-formatted. I would add use Malwarebytes Anti-Malware as well, beforehand if you can. I am very happy BD was able to catch a lot of the problems, and quickly (which was important) but was a bit disappointed I had to find outside programs to finish the job. In this case though, it appears ALL Anti-virus programs were in the same boat. I saw forum posts on many different vendors talking about this and the answer was always to use Malwarebytes Anti-Malware and especially Combofix. Since I don't have virus problems more than once a year, it makes me wonder if I hit the motherlode of malware or if this is a somewhat common occurence...

bh999

This is all apparently a result of BRASTK.EXE, ANTI-VIRUS 2009 (rogue spyware) and a rootkit Bit-Defender is calling Rootkit.TDSS.G...

Correction instead of ANTI VIRUS 2009 I meant ANTI-SPYWARE 2009, but I never did download that. I instead only had the Fake.Alert created I think by Karna.dat

bh999

Update: Everything appears fine, except when I log on I get a little bubble from Windows Security on the task bar that says Bit-Defender Anti-Virus is turned off. Yet Bit Defender itself tells me there are no issues. Any ideas?

rootkit

Please open Bitdefender's Advanced Settings and look by yourself if the shield it's on

Run a manual update after