Can't Download combofix and others

[evilfantasy]

http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=

[hnic]

It says windows has incountered a problem once again.

[evilfantasy]

Try the second one first.

[hnic]

Can't get to the second link says can't establish connection to that site...

[evilfantasy]

Try from here.

http://www.filedropper.com/hostsxpert

http://www.filedropper.com/fixpolicies

[hnic]

Downloaded both to desktop neither would open is again says Windows has incountered a problem and needs to close.... This infection is insane.

[evilfantasy]

See if you can boot into safe mode and run them. Also try ComboFix from Safe Mode.

[hnic]

Tried it in safe mode same problems...

[evilfantasy]

Download random's system information tool (RSIT) by random/random from here and save it to your Desktop.
 

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[hnic]

can't establish connection to that link.

[evilfantasy]

Try doing a system restore to before this happened.

[evilfantasy]

Did you say you have Smitfraudfix installed? I need some sort of log.

You may want print out these instructions or copy and paste them to Notepad then save the Notepad file to the Desktop as you will not be able to see this page while in Safe Mode

• Please reboot your computer in Safe Mode by tapping the F8 key just before Windows starts to load and selecting Safe Mode.
  
• Open the SmitfraudFix Folder on your Desktop, then double-click smitfraudfix.cmd file to start the tool.
• Select option #2 - Clean by typing 2 and press Enter.
  
• The program will start cleaning your computer and go through a series of cleanup processes. Wait for the tool to complete and disk cleanup to finish.
• This process can take some time depending on your computer, so please be patient.
• When it is complete, it will close automatically and you should continue with next step.
• You will be prompted: "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
  
• The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file.
  
• Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.
  

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Warning: Running option #2 on a non infected computer will remove your Desktop background.

Suggested Step:

• To restore Trusted and Restricted site zone, select 3 and hit Enter.

• You will be prompted: Restore Trusted Zone? answer Y (yes) and hit Enter to delete trusted zone.

• Now reboot into normal mode and post this new rapport.txt in the next post.

• WARNING[/COLOR] Running this option on a non infected computer will remove the desktop background. So only run it once!

[hnic]

My Internet went down sorry for the delay.

SmitFraudFix Log

Code: [Select]

SmitFraudFix v2.329

Scan done at 18:49:10.11, Sun 08/31/2008
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{643CBB29-DC7F-43A0-BB46-95F76804F727}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{643CBB29-DC7F-43A0-BB46-95F76804F727}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{643CBB29-DC7F-43A0-BB46-95F76804F727}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



[evilfantasy]

Did you do the Suggested Step: To restore Trusted and Restricted site zone, select 3 and hit Enter? And did that help with downloading anything?

[evilfantasy]

Do you have another user account you can try to download and use these tools from, specifically ComboFix. If not can you create one and try.