projecteq website down?

**cavedude** · #1 12-20-2006, 09:51 AM

You may have an infection. More than likely spyware, and the thing you need to know about spyware is one program is NEVER enough. Spybot, like all other anti-spyware programs on its on SUCKS. But, if you use spybot, ad-aware, ewido, M$ defender, etc all together than you have quite the defense. Also, you'll need to make use of tools such as hijackthis, autoruns, and Winsock XP Fix to fully get rid of most infections. The other thing you need to know is there isn't a single anti-virus program on the market that effectively fights spyware. Sure, they can detect a couple of variants here and there but they can't completely remove them.

So, I recommend grabbing as many anti-spyware tools as you can (starting with the ones I mentioned above) install them, boot into safe mode, and do full scans with all of them (let your machine scan over night) When they are finished cleaning, run hijackthis and autoruns, remove any suspicious entries either finds. Hell, if you don't mind reinstalling a couple of programs, remove everything both find EXCEPT Microsoft entries and your device drivers (though keep an eye out for any odd ones). Run Winsock XP Fix to repair your winsock, and reboot into safe mode again. Run hijack and autoruns again. If any of the entries are back (and they aren't obvious ones that aren't malicious) track down the file, remove it if you can, remove the entry and reboot again.

In most cases that should clean your machine. Many exceptions apply, but the scanners will tell you everything you need to know. If something lingers, do a search on the web for manual removal directions.

If it still doesn't work, then I would recommend backing up any user data, formatting and starting fresh. A backup image is useless if it too, is infected or has the problem.

eq4me · #2 12-20-2006, 10:27 AM

I was just browsing through this thread so dont beat me if I am way of.

I recon you have an Internet Router/Firewall. Maybe with an dhcp server.
If you have it might be a good idea to boot from some Linux Life CD like Knoppix and try if you can reproduce the behavior. If yes you most probably have an wonky/hacked Router/Firewall Setup.

rojadruid · #3 12-20-2006, 02:14 PM

Quote:

Originally Posted by eq4me

I was just browsing through this thread so dont beat me if I am way of.

I recon you have an Internet Router/Firewall. Maybe with an dhcp server.
If you have it might be a good idea to boot from some Linux Life CD like Knoppix and try if you can reproduce the behavior. If yes you most probably have an wonky/hacked Router/Firewall Setup.

Or bypass the router and connect directly to the modem and then try the website.

Angelox · #4 12-20-2006, 02:34 PM

Here's more possibilties;

Make sure you don't have any hidden partitions - PC's like Dell, Compaq, like to make partitions that are "hidden" - I've had situations where the malware would come back from places like that.
What brand router do you have? look it up on the net make sure there's no bugs with it - Routers can be hacked too. If you can, Flash- upgrade your router to whats newest.

John Adams · #5 12-21-2006, 07:37 AM

Hey, as long as this is turning into a PC Tech suggestion thread, here's mine...

Do what they suggest, eliminate all connection points between the PC and cable modem, and ipconfig /flushdns and ipconfig /registerdns again. Check that there are no other servers but localhost with ipconfig /displaydns.

Then, hop on up to www.grc.com and run his Shields Up! profiler. It's horribly enlightening and scarey (not that you are affected, but you never know). Do this with and without your router.

The only other thing that I can imagine is something is intercepting the DNS lookups. Can you hard-code your ISP DNS servers on the connection profile?

I've honestly never heard of this - and I've run virusscanner/adware free for 10 years on the internet, and never been infected. Strange that so many people are.

Teppen · #6 12-21-2006, 10:34 AM

Ok, what Ive used on it so far in terms of anti spyware, and anti virus/trojan:
---
ad-aware
ewido
spybot s&d
spysweeper
spyhunter
trojanhunter
trojanremover
ccleaner
superantispyware
fprot
a-squared anti-malware
anti vir pe
norton av
xoftspy
ms defender
------

all these above came back nothing found. also used these projrams:

hijackthis
autoruns
winsock xp fix

these ran only things that hijack & autoruns picked up were the stuff from dell and norton av, and a few other misc programs that I had bought with run on startup. I ran winsock xp fix, it rebooted machine, but didnt fix problem.
------

also visited www.grc.com went through several tests and according to that site my pc is its wet dreams come true. posted exact outputs of each test from that site below:

------
file sharing tab results

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
------
common ports tab results

Your system has achieved a perfect "TruStealth" rating. Not a single packet

Angelox · #7 12-21-2006, 11:05 AM

Well, a good trojan will arrive through the firewall via email or java off a web page. But at this point , it doesn't seem to be that.
I know it's a pain, but it's a "checklist" you have to go through and make sure. did you check for hidden partitions?

eq4me · #8 12-21-2006, 11:08 AM

I would recommend to give it a try with another Computer/Notebook or Instant Linux CD. If you still get the phenomenon it might be your providers nameservers.
Did you check what your default nameserver thinks the IP of www.projecteq.net is?

If you dont have any problems under Linux or with another Computer you should look into the 'hosts' file see if you find any static entries. If there are none set one for www.projecteq.net to the right IP(66.28.184.13) and see what happens.