Fake/Rogue AV causes Internet connection failure for infected prof
in [Windows Viruses]
|
Prev: Finding a Criminal Lawyer for Computer Crimes?
Next: Fake/Rogue AV causes Internet connection failure for infectedprof
From: E-Double on 3 Feb 2010 07:15 A machine recently was infected with that fake/rogue AV virus/spyware program. The machine has been cleaned manually and by using numerous AV and spyware programs including Avast, Symantec, Spybot S&D, SuperAntispyware, Malwarebytes, Ad-Aware, Windows Defender, etc... (most in Safe Mode as well when possible) and was also checked for rootkits. The machine runs great for other users/profiles, and all of the AV/spyware scans are coming-up clean. But when the user who was using the computer when it got infected logs on with their profile the machine is unable to make any connections to the Internet with any applications. It is not just WWW port 80 traffic but all Internet connect traffic including POP2, SMTP, etc... It appears as if some remnant of the virus is hijacking the Internet connections or something (not sure if it is just Internet traffic or all local traffic as well). Is there any way to solve this issue w/o deleting that user's profile and recreating it ? The reason I say that is that there have been similar problems with machines that are offsite so it is harder to either reinstall Windows or recreate the profiles for these machines. Cleaning the machine is the best (and sometimes only) option we have in these cases. TIA ... e.
From: David H. Lipman on 3 Feb 2010 15:51
From: "E-Double" <EDouble(a)discussions.microsoft.com> | A machine recently was infected with that fake/rogue AV virus/spyware | program. The machine has been cleaned manually and by using numerous AV and | spyware programs including Avast, Symantec, Spybot S&D, SuperAntispyware, | Malwarebytes, Ad-Aware, Windows Defender, etc... (most in Safe Mode as well | when possible) and was also checked for rootkits. The machine runs great for | other users/profiles, and all of the AV/spyware scans are coming-up clean. | But when the user who was using the computer when it got infected logs on | with their profile the machine is unable to make any connections to the | Internet with any applications. It is not just WWW port 80 traffic but all | Internet connect traffic including POP2, SMTP, etc... | It appears as if some remnant of the virus is hijacking the Internet | connections or something (not sure if it is just Internet traffic or all | local traffic as well). Is there any way to solve this issue w/o deleting | that user's profile and recreating it ? The reason I say that is that there | have been similar problems with machines that are offsite so it is harder to | either reinstall Windows or recreate the profiles for these machines. | Cleaning the machine is the best (and sometimes only) option we have in these | cases. TIA ... | e. Just that ONE person or any other person who logs onto that PC ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |