Problem solve Get help with specific problems with your technologies, process and projects.

Virus may be blocking access to antivirus sites

I used to be able to surf the Internet fine after booting my WinXP Home. But recently, I've been getting the "cannot find server" error on MSIE6sp1 on every site I try to visit. When running netstat-a, I find a syn_sent on those sites. Rebooting would enable me to visit any site once again, but not for long as it would happen again after a few minutes of use. This never happened before. I first suspected a DoS affect of the MyDoom worm, but my antivirus and standalone fixes available from several virus sites say negative infection on my machine. However, the ports the syn_sent happens seems to be within the range the Trend Micro said it would: 3127 to 3198. What do I do? My OS and antivirus software are all updated.
You may need to inspect your system and manually remove the virus yourself. It can be blocking access to antivirus sites. Here's how:

1. Search for the file ctfmon.dll. If this file is found, the computer is infected. (ctfmon.dll is the proxy server it can be used to allow attackers to use the computer for a spam forwarder. )

2. You can also look on your network for traffic to specific ports on a computer that shouldn't be receiving traffic on that port. The virus attempts to download and execute files. It uses TCP port 80, 1080, 8080, 10080 and 3128.

3. Look for the file explorer.exe in the %system%. by default or winnt\system32 folder. (explorer.exe in the %windir% or windows folder is a legitimate file.).

4. Look for the value "(default)" = "%system%\ctfmon.dll in the registry key HKEY_CLASSES_ROOT\CLSID\(E6Fb5220-DE35-11CF-987-00AA005127ED)\InProcServer32, look for the value "Explorer" = "%system%\explore.exe" in the registry keys:
HKEY_CURRENT_USER\Software\Windows\CurrentVersion\Run and

According to Microsoft.com, if you can't get to the antivirus site and need to disinfect the computer (Windows XP, Windows 2000 or Windows Server 2003) you need to enter the following commands at a command prompt:

del /F %systemroot%\system32\drivers\etc\hosts

echo # Temporary HOSTS file > %systemroot%\system32\drivers\etc\hosts

attrib +R %systemroot%\system32\drivers\etc\hosts

ipconfig /flushdns

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.