NOD32 or SS vers 3.0, malware blocking update

[ForgeMaster]

Client computer running XPhome, SP2,
Brought to me with porn popups and slow performance, locking up etc.
Uninstalled all AV-it was not working anyway. He has 5-10 kinds of spam/ad/popup stopping programs that he downloaded over time. Computer is on network connection and can get web pages, but cannot modify the dns server. It goes back to its default every time. Allows me to get some web pages but not others most of the time. See no patterns here except that I cannot get any site that is AV related. Cannot get ESET updates with either NOD32 or SS. Running ver3.0.672 of SS. I thought that maybe the SS would help with the ad problem. Pages popping up with advertising and porn.
Can surf most sites OK, but always refuses ESET, Symantec, etc. Always refuses updates.
I am at work now and have downloaded LookIntoMyPC and will run it tonight on that machine, but I think it odd that malware is so good that it can provent ESET from any internet connection, but allow other sites.
I did run hijackthis last night. We use it at work. It has a couple of active trojans on it. Will need to remove them.

[CivilTaz]

Maybe it's a DNS problem, take a look here, maybe it can help u
http://www.wilderssecurity.com/showt...=225681&page=2

[ForgeMaster]

Quote:

Originally Posted by CivilTaz

Maybe it's a DNS problem, take a look here, maybe it can help u
http://www.wilderssecurity.com/showt...=225681&page=2

This thread does not epxlain why I can get to some web pages, but not others. I can go to 10 other web sites, but then try ESET and it says there is no connection available as if the network connection is cut off. Then I try another web page and it is OK. I think the malware has a clever block to AV sites, including update sites.

FM

[CivilTaz]

Did u read the part about the hosts file? I have seen that problem in some computers, and it's because some virus add entries to that file, so u can't surf some pages, especially webpages about security programs.

Might sound stupid but have you checked the hosts file ?

[ForgeMaster]

Quote:

Originally Posted by HiTech_boy

Might sound stupid but have you checked the hosts file ?

HTBoy,
Yes, I need to check that. Sometimes when I get to looking at stuff, I overlook the obvious!
I brought my memory stick to work with the hijack this log on it to do a search. The stick was loaded with infection. I just have to get the computer at home to a point where I can update ESET and scan the stupid thing.
Thank you for jogging my sense back!!

FM

[ForgeMaster]

Update: the hosts file looks clean. Nothing there but a loopback to the computer and the rest commented out just like it should be.

FM
11/22
Could not get ESET access from this computer and no updates. So I installed Symantec and Spybot and did updates and scans. Good God, was there a lot of crap! The reason the DNS always changed was a ZLOB.DNSChanger trojan and another Win32.DNSChanger.axi trojan. Learning more as I go. So far, over 400 threats detected. I think there is more malware than operating system and programs at this point!
Can open the ESET page now with DNS trojans and other web blockers gone. Continuing to scan with Symantec and Spybot till they stop saying to restart and scan again. Much of what I did was manally delete files and change registry entries.
****
Uninstalled the two other programs and then installed ESET-SS home. It found 11 threats that were missed by multiple scans by Symantec and Spybot. Those are gone and I am scanning again.
This has been an interesting study in the difference between ESET, Symantec and Spybot. Spybot picked up a LOT that was missed by Symantec. Neither of the other programs could get many of the threats without my manually editing and deleting. The only reason I used them was because the threat blocked ESET from internet access. Why did they block ESET and still let Symantec and Spybot through Was it a coincidence?

Quote:

Originally Posted by ForgeMaster

Why did they block ESET and still let Symantec and Spybot through Was it a coincidence?

Although I can't answer your question , one is sure - ESET is getting more popular every day and the future is clear that ESET products will be more than ever targeted by malware writers .

[ForgeMaster]

Quote:

Originally Posted by HiTech_boy

Although I can't answer your question , one is sure - ESET is getting more popular every day and the future is clear that ESET products will be more than ever targeted by malware writers .

HTB,
This is right and it seemed that the malware on that computer did target ESET. When it controls DNS and also blocked sites, then that is scary. It is also something that needs to be known by users/sellers/installers of ESET. I had to use Symantec (*!#+$$!wasted time**!!@#) and SpyBot to clear the trash out of the room just because the malware writer did not block those. I guess he/she did not consider them as big a threat!
Even after I had cleared out 432 threats with the Sym/Spy combination run 3 times each and it found no more threats, I installed ESET and it found 11 more threats. If that is not proof that the dishwashing soap does not cut the grease, I don't know what is.
I have only had one person turn down my offer of ESET and he did that after reading a lot on the internet and getting one particular article. I have seen ample proof that ESET performs where others fail.

Keep up the good work, HTB

FM

[Waterfox]

Quote:

Originally Posted by ForgeMaster

I had to use Symantec (*!#+$$!wasted time**!!@#) and SpyBot to clear the trash out of the room just because the malware writer did not block those. I guess he/she did not consider them as big a threat!
Even after I had cleared out 432 threats with the Sym/Spy combination run 3 times each and it found no more threats, I installed ESET and it found 11 more threats.

I would recommend you to run MBAM or SAS scan (both free software) just in case if something is left over.
MBAM = Malwarebytes' Anti-Malware
SAS = SuperantiSpyware

Cheers

[ForgeMaster]

Quote:

Originally Posted by Waterfox

I would recommend you to run MBAM or SAS scan (both free software) just in case if something is left over.
MBAM = Malwarebytes' Anti-Malware
SAS = SuperantiSpyware

Cheers

Does this conflict with ESET? Are you running them both together? Sounds like Malwarebytes is much like ESET in that is looks for processes, not signatures.

[Doodler]

Quote:

Originally Posted by ForgeMaster

Does this conflict with ESET? Are you running them both together? Sounds like Malwarebytes is much like ESET in that is looks for processes, not signatures.

SAS does not conflict with Eset. I use both. Can't speak about Malwarebytes.