Greetings,

Was asked to work on a Dell system, running Windows XP. System had a number of spyware and viruses running rampant. System would not even get to the Desktop. Did discover the Login/Logout Loop issue and resovled that. Not able to put onto direct Internet connection so transferred over many tools to start cleaning. Was able to load AVG 8.5 and Ad-Aware and manual updates, but unable to even load Spybot, Avast, and many other utilities.

After a week of cleaning, am taking chance to get on line. However, even though system will get on line and can browse web pages, it is unable to find and connect to MS's update site, AVG and Ad-Aware will also not connect to their update links.

Would like any suggestions short of completely restoring system. I'm sure I've missed something.

Barry

I always boot into safemode and run the scans. 9 out of 10 times this fixes most of the problems.

I also manually check all of the start-up programs that are configured.
Start>Run>msconfig

I agree with booting in safe mode. If it doesn't fix the problem, you'll probably have to re-image the box.

sounds like you got some form of conficker.

http://en.wikipedia.org/wiki/Conficker


It adds entry's to the hosts file to prevent you from contacting all of those sites you mentioned.

From wikipedia
The hosts file is located in different locations in different operating systems and even in different Windows versions:

* Windows NT/2000/XP/2003/Vista/7: %SystemRoot%\system32\drivers\etc\ is the default location, which may be changed. The actual directory is determined by the Registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Tcpip\Parameters\DataBasePath.

open it up and see if there are entries for the sties you mentioned. If there are delete them. This is assuming you can get to other parts of the internet just not the ones you mentioned.

A neat little tool for identifying conficker is this "Eye Chart (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html)"

Greetings again,

Thanks for all the suggestions. Not a Conficker issue. All those updates and preventions were previously installed. Been through Safe Mode many times attempting to run any virus or spyware removal program with no success. I was doing some additional research today and found this reference on Malwarebytes forum. Being unable to load Malwarebytes (referred by the Login/Logout Loop issue), I was lead to a link for RootPeal. Using this program allowed me to find a rootkit file with the name of TDSSspax.sys. The program indicated to do a wipe and then a immediate reboot, load Malwarebytes and then do a quick scan. The progam identified 68 further infections, was able to remove them. Another reboot then allowed me to actually load SpyBot, update and its scan found another 17 infections. Ad-Aware found another 36. Loaded SUPERAntispyware and its scan found 23 more TDSServ infections.
Now the system is able to actually get to the respective sites for updating.
User reports grandson was using system while user was away. One of the icons on the screen is for FrostWire, where I found several infected files. User will not be happy with the report he is getting. But the system is now going back with some additional instructions on what needs to be running and what does NOT get turned off or unloaded. Gotta love PC's to keep me busy. Thanks again for all your suggestions. They are going into my handy-dandy reference book. I consider this thread closed.