I’m over at a friends house this holiday weekend attempting to install anti-virus on his home computer. He has gone out and bought himself a copy of Kaspersky AV 2009. Ok, installation is fairly easy…until I get to the part of either registering the product or downloading new definitions. At that point I’m getting the error that the web site for registration AND for the new definitions (as well as their home page) is down.
Weird. No way to get a hold of tech support right now of course, so I figure I’ll just download AVG (the freeware version) until I can call these folks up next week and see if they are even still in business (I assume they are…my friend just bought the software from Best Buy this week). I google up AVG’s free download web site and get…page could not be displayed. WTF? I try their home page and the same thing. I tried Sophos too…and got a similar run around. The only one I could think of off the top of my head besides what I tried is Norton 2009 from Symantec…and that seems to work, though it’s not my first (or second or third) choice for AV software.
My question is…what’s going on here? Have a bunch of AV companies gone out of business or something? I know my friends internet connection is sound (I’m writing this from it after all), so it’s not that. I haven’t been paying that much attention lately so I might have missed several companies going down (or maybe merging or something)…is that the case?
I’m probably going to have to break down and load Norton’s on my friends computer unless I can find something better to put on it.
I’ve heard this a few times, but I’ve just removed a trial version of Norton that was pre-installed on my laptop, and swapped it for PC Guard( don’t know how good that is!) without a flicker of conflict.
I seem to recall there were some viruses or worms blocking access to the major AV vendor websites/servers a while back. Although, if that was the case here, it is hard to imagine they wouldn’t block Norton.
I’m thinking the OP is clean…
Perhaps the AV authors realize, like I do, that neither Norton nor Mcafee seem to actually prevent malware, so they’re not wasting their time.
First thing I checked. He’s got a pretty much default Linksys setup…no blocking on either the firewall or the PC.
Nope, not able to connect. Getting a page load error in Firefox when I attempt to use your link. It’s strange…even if I google AVG and use the links there I get the same thing.
That was my thought as well. Though since Fear can get to AVG it’s probably something on my friends side. I’m just at a loss as to what I can do about it since I can’t even load an AV package from CD and clean this up (I can load it but the definitions are out of date…and the one’s that shipped with the thing aren’t finding anything at all). It’s VERY strange that I can’t even connect to the vendors home page.
Out of curiosity, can anyone hit www.kaspersky.com? That’s the vendors home page supposedly.
I can’t get to Norton’s 2009 AV web page from google, but I can get there from Symantec’s main page. I’m just not a big fan of Norton (or Symantec) so I’m reluctant to put that on this system.
They often block the ftp side or redirect/block the specific download url’s. We see tons of this in the shop here. We just use another machine to manually DL the updates.
It sounds an awful lot like some sort of virus or malware. Why not download the program from another computer, load it on a USB drive and install it on your friend’s computer that way?
On his comp, you might want to boot into Safe Mode prior to the installation so that the virus, if it is indeed a virus, isn’t running while you try to install the program.
As for the vendors’ websites, the Kaspersky, AVG, and Avast ones all work fine for me. You might try accessing them through proxies (but there’s no reason to do that instead of using a USB drive). If you’re insistent, try: http://www.kaspersky.com.nyud.net/
or
I’m almost positive your friend has a virus that we’ve discussed a bit here lately, and as drachillix says is being seen a lot. I’ve had to work on 3 machines myself and I’m not even a pro.
The sites aren’t down, but as others have said the machine is not able to get to them because of the virus. It’s damn hard to clean. Easiest way will be to get the stuff manually from some other machine and load in from an outside source like a disk or USB drive.
Yeah, it was definitely a virus. I managed to get a hold of a laptop and put it on his network and could get to the sites no problem. What I’m going to do is basically build out the OS on a separate drive (I happen to have a SATA drive in my car), install his AV software on that, then put his old drive on as a secondary drive, clean it, then put it back in as his primary drive and reinstall his AV software there. Should work fine. I’ve tried to bring down the definitions to the install of the AV software but I think the virus itself is preventing the program from running correctly, as well as doing a redirect of any attempts to get to AV websites out there.
It’s really quite clever if you think about it. It takes over any AV program installed on the primary drive (seemingly…I only tried AVG and Kasperski), then it redirects any attempts to access AV vendors websites or update sites. Gods know what else it’s doing (I told my friend to really check his credit card and banking statements, since he does both online). If anyone is interested I’ll list whatever the virus is tomorrow…assuming the AV software actually finds it when I put the old drive on as a secondary and run a scan with the updated definitions.
At any rate, thanks for the help and suggestions. Appreciated. I don’t normally do much with the systems side of things, so I’m a bit out of date as far as how things are progressing there.
Thanks for the update.
My professional recommendation is that your friend needs to immediately change any and all passwords he has used in the last 6 months.
All of these virus’s resided in the Windows\System32 directory except one which was in the Windows root directory in a hidden folder and had infected the Dxuduvekan.dll file. The system has been disinfected and I’m planning to run a second sweep before I attempt to reboot his original hard drive as the primary drive to see how things are going. Right now though all the AV website are accessible via both IE and FireFox, so I’m pretty sure it’s working well. BTW, when I booted the new hard drive and OS along with the old drive as the secondary it looks like the virus attempted to corrupt the new drive (not sure how as the other Windows OS would not have been operative)…fortunately I had set up the new drive with the AV software first and it detected the attempt.
Yeah…in fact, that’s what he used exclusively until it completely stopped working for him. I loaded FireFox on his PC and it worked to a certain extent, but it was doing the redirection thing I described earlier.
I’m still getting an error on reboot about failure load Dxuduvekan.dll. Other than that everything seems to be working fine now.
