projecteq website down?

[rojadruid]

Quote:

Originally Posted by Teppen

ok,

tried what cavedude and rojadruid said and here is the outcome.

1) ping info

C:\>ping 66.28.184.13

Pinging 66.28.184.13 with 32 bytes of data:

Reply from 66.28.184.13: bytes=32 time=1114ms TTL=46
Reply from 66.28.184.13: bytes=32 time=1015ms TTL=46

C:\>tracert 66.28.184.13

Tracing route to 66.28.184.13 over a maximum of 30 hops

1 * 1156 ms 187 ms 65.194.128.1

These two pings and the 1st hop on the tracert tell me you have spyware on the computer.

can you copy and paste a "netstat -a" into the message do it right after a reboot and after the computer has sat for a few minutes.

[Angelox]

Let me try again;
http://www.superantispyware.com - free
http://www.ccleaner.com - free
http://www.weebroot.com (Spy Sweeper) gives you one free month

get all three, install/run them in detail - each has its unique features.

[Teppen]

spybot always updated and norton av always updated, ran both including clamav from my linux box to check out my windows machine and everything came back with nothing found..

I dont know what my problem actually was, but I have fixed this by using the Acronis True Image backup I made when bought my windows pc. I can logon and post on peq forums now. Sorry about my previous posts inwhich I thought I was ip banned. Ive reposted under my last post there, stating I will remain as active on the peq quest team, after reading a post by Cavedude, which sounded promising.

[Angelox]

Quote:

Originally Posted by Teppen

spybot always updated and norton av always updated, ran both including clamav from my linux box to check out my windows machine and everything came back with nothing found..

I dont know what my problem actually was, but I have fixed this by using the Acronis True Image backup I made when bought my windows pc. I can logon and post on peq forums now. Sorry about my previous posts inwhich I thought I was ip banned. Ive reposted under my last post there, stating I will remain as active on the peq quest team, after reading a post by Cavedude, which sounded promising.

I had a malware problem like this with a friend , Spybot, Ad-Aware didn't work, don't know about Norton, but Bitdefender and Fprot didn't see it either.
Spy Sweeper would spot it, delete it , but it kept coming back. The other two cleaned it out for good, with other crap that was in there too. If you use programs like "Bearshare" they screw you good with malware , although they say they don't. There's a lot of real nasty stuff out there, very well cloaked, and very hard to flush out one you have it.

[John Adams]

Teppen, glad to see your issues are worked out. Your problem is a very scarey one, though. Sounds like you had all the technical savvy to attempt to troubleshoot, yet something still was clinging in there. Welcome back!

[GeorgeS]

Acronis True Image backup is very valuable. I bought my copy a few months ago, and is leagues better than norton ghost.

GeorgeS

[Teppen]

after i used the Acronis True Image backup and reverted to factory install, patched to current windows updates, patched up to current norton av version, ran full norton av check which came back nothing wrong, I installed and ran the three programs listed by Angelox, all came back nothing wrong. also ran latest spybot s&d, nothing returned.

if i type in 66.28.184.13 page loads. but if i try to login takes to same error page i was getting and doesnt log me in. also if i try googling projecteq and clicking or www.projecteq.net in address bar returns with same error.

also if i try 66.28.184.13/quests
or 66.28.184.13/edit
or 66.28.184.13/quests/submit
or 66.28.184.13/quick_recipe.php

all redirect to www.projecteq.net and then loads same error page i was getting. so im still stuck.

only sites i visited was:

updates for windows
updates for norton av
those 3 sites listed by Angelox
google search for projecteq

so i didnt wander far but still got hit by this nasty thing again. any ideas?

[cavedude]

You may have an infection. More than likely spyware, and the thing you need to know about spyware is one program is NEVER enough. Spybot, like all other anti-spyware programs on its on SUCKS. But, if you use spybot, ad-aware, ewido, M$ defender, etc all together than you have quite the defense. Also, you'll need to make use of tools such as hijackthis, autoruns, and Winsock XP Fix to fully get rid of most infections. The other thing you need to know is there isn't a single anti-virus program on the market that effectively fights spyware. Sure, they can detect a couple of variants here and there but they can't completely remove them.

So, I recommend grabbing as many anti-spyware tools as you can (starting with the ones I mentioned above) install them, boot into safe mode, and do full scans with all of them (let your machine scan over night) When they are finished cleaning, run hijackthis and autoruns, remove any suspicious entries either finds. Hell, if you don't mind reinstalling a couple of programs, remove everything both find EXCEPT Microsoft entries and your device drivers (though keep an eye out for any odd ones). Run Winsock XP Fix to repair your winsock, and reboot into safe mode again. Run hijack and autoruns again. If any of the entries are back (and they aren't obvious ones that aren't malicious) track down the file, remove it if you can, remove the entry and reboot again.

In most cases that should clean your machine. Many exceptions apply, but the scanners will tell you everything you need to know. If something lingers, do a search on the web for manual removal directions.

If it still doesn't work, then I would recommend backing up any user data, formatting and starting fresh. A backup image is useless if it too, is infected or has the problem.

[eq4me]

I was just browsing through this thread so dont beat me if I am way of.

I recon you have an Internet Router/Firewall. Maybe with an dhcp server.
If you have it might be a good idea to boot from some Linux Life CD like Knoppix and try if you can reproduce the behavior. If yes you most probably have an wonky/hacked Router/Firewall Setup.

[rojadruid]

Quote:

Originally Posted by eq4me

I was just browsing through this thread so dont beat me if I am way of.

I recon you have an Internet Router/Firewall. Maybe with an dhcp server.
If you have it might be a good idea to boot from some Linux Life CD like Knoppix and try if you can reproduce the behavior. If yes you most probably have an wonky/hacked Router/Firewall Setup.

Or bypass the router and connect directly to the modem and then try the website.

[Angelox]

Here's more possibilties;

Make sure you don't have any hidden partitions - PC's like Dell, Compaq, like to make partitions that are "hidden" - I've had situations where the malware would come back from places like that.
What brand router do you have? look it up on the net make sure there's no bugs with it - Routers can be hacked too. If you can, Flash- upgrade your router to whats newest.

[John Adams]

Hey, as long as this is turning into a PC Tech suggestion thread, here's mine...

Do what they suggest, eliminate all connection points between the PC and cable modem, and ipconfig /flushdns and ipconfig /registerdns again. Check that there are no other servers but localhost with ipconfig /displaydns.

Then, hop on up to www.grc.com and run his Shields Up! profiler. It's horribly enlightening and scarey (not that you are affected, but you never know). Do this with and without your router.

The only other thing that I can imagine is something is intercepting the DNS lookups. Can you hard-code your ISP DNS servers on the connection profile?

I've honestly never heard of this - and I've run virusscanner/adware free for 10 years on the internet, and never been infected. Strange that so many people are.

[Teppen]

Ok, what Ive used on it so far in terms of anti spyware, and anti virus/trojan:
---
ad-aware
ewido
spybot s&d
spysweeper
spyhunter
trojanhunter
trojanremover
ccleaner
superantispyware
fprot
a-squared anti-malware
anti vir pe
norton av
xoftspy
ms defender
------

all these above came back nothing found. also used these projrams:

hijackthis
autoruns
winsock xp fix

these ran only things that hijack & autoruns picked up were the stuff from dell and norton av, and a few other misc programs that I had bought with run on startup. I ran winsock xp fix, it rebooted machine, but didnt fix problem.
------

also visited www.grc.com went through several tests and according to that site my pc is its wet dreams come true. posted exact outputs of each test from that site below:

------
file sharing tab results

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
------
common ports tab results

Your system has achieved a perfect "TruStealth" rating. Not a single packet

[Angelox]

Well, a good trojan will arrive through the firewall via email or java off a web page. But at this point , it doesn't seem to be that.
I know it's a pain, but it's a "checklist" you have to go through and make sure. did you check for hidden partitions?

[eq4me]

I would recommend to give it a try with another Computer/Notebook or Instant Linux CD. If you still get the phenomenon it might be your providers nameservers.
Did you check what your default nameserver thinks the IP of www.projecteq.net is?

If you dont have any problems under Linux or with another Computer you should look into the 'hosts' file see if you find any static entries. If there are none set one for www.projecteq.net to the right IP(66.28.184.13) and see what happens.