windows update blocked

[aspenjim]

I have just cleaned up a trojan infected PC that has windows update, symantec, etc blocked by 127.0.0.1.

I looked at the host file and it just has 127.0.0.1 localhost

I've reset all zones to default.

Ive checked the gp settings and they are unconfigured for windows update.

Where else can update sites like windows update, etc. get blocked?

Edited July 17, 2008 by aspenjim

[uid0]

Have you checked the dns server address?

If the router had a default password there is even malware that will mess with the router's dns, but that's probably pretty rare.

[aspenjim]

This is a dell laptop that has xp Pro on it. It isn't connected to a domain and i've thought of that by doing ipconfig /flushdns though.

It has to be in the registry I think

[timelord1984]

Hi,

have you had any luck getting that problem sorted? I've been looking at a computer with the exact same issue.

Thanks

Matt

[TheReasonIFail]

Trying getting to those sites by IP. Then it's possible that the PC may still have some spyware that's redirecting those requests.

Also, try running Hijack This! and posting the log.

Edited August 31, 2008 by TheReasonIFail

[fldavem]

I just got finished with the same issue. It was a problem for a month.

It started with the AntiVirusXP2008 and a picture on the desktop. I'm sure if I clicked it I would have been much worse off.

The solution was:

1. Run SuperAntiSpyware

2. Run SpyBot

3. Run HiJackThis (but I don't think we did anything with it)

4 - FINALLY FIXED IT USING the ComboFix from here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You may not be able to get that last one - it may be blocked. Have someone email the ComboFix. That's the one that finally worked for me. I doubt the 1st 3 steps helped me, but they didn't hurt. If I had to do it again, I'd start with ComboFix.

[Tarun]

Combofix is well known for breaking computers. Malwarebytes Anti-Malware can remove AntiVirusXP2008 and many other variants.