A common complaint heard from the victims of a malware attack is one of the following or its variations: Cannot visit antivirus sites – Cannot download antivirus software – Cannot update antivirus/antispyware definitions or updates.
One of the symptoms of a malware infection is the inability to visit security related websites, presumably to gather information about a threat or to download a malware cleaning software. The malware may also block network access to your resident antivirus/antimalware program to update its virus definitions.
An example would be the notorious Conficker worm infection which restricts access to security related Websites from a infected computer. Variants of Conficker is known to block the Websites of many antivirus software vendors including AVG, F-secure, McAfee, Symantec etc., thus preventing access to security related applications and services.
The malware authors restrict access to such sites so that the user is prevented from downloading or updating security software that may be used to remove the malware.
The recommended solution in this situation is to use an uninfected computer to download any appropriate updates or tools and then transfer these to the infected computer using a removable drive like CD, DVD or USB flash drive.
If you do not have access to a clean computer immediately, try the following:
Use an Alternate Browser
Try in Safe Mode with Networking
In Windows safe mode, the PC starts only with core files and drivers that are required to run Windows. Most malware processes do not run in safe mode, thus might allow access to those Websites blocked in normal mode. Unable to start in Windows safe mode?
Check alternate download sites
The malware is most likely to be blocking access to security software and information related Websites only. In that case you may freely access software download Websites, where it is possible to download most of the security applications. It is also possible to download only the latest definition updates for your software from these sites. I use and recommend MajorGeeks.com , FileHippo.com and Softpedia.
Online Anti-virus Scanners
See if you can access and complete a scan with any Online Anti-virus Scanners.
Turn off DNS Caching
Make sure that malware does not intercept and redirect your DNS queries. Stop the client side DNS cache service from a command prompt and then try to browse to the blocked Website. In Windows XP:
- Click Start, Run
- Type cmd and then click OK
- Type net stop dnscache and press Enter
- You will see the message “The DNS Client service was stopped successfully“.
- Type Exit and press Enter
In Windows Vista and Windows 7: You need to perform the task from an account with administrative privileges. To open a command prompt window with administrative rights:
- Click Start and type cmd in the search box.
- Right click on cmd and then click on “Run as administrator“
- Click Continue in the User Account Control prompt
At the command prompt, continue with the same procedure outlined above for Windows XP.
This will disable DNS caching until the next reboot.
Check for hosts file hijacking
Malware might have altered or replaced your hosts file so that security related websites are made inaccessible by redirecting such addresses to a black hole or to a scam site.
Generally in modern 32 bit Microsoft operating systems the hosts file resides in the Windows\System32\drivers\etc folder. You may need to temporarily enable “show hidden files and folders” and uncheck “hide protected operating system files” in Folder Options Control Panel to view the hosts file.
If you have not customized your hosts file, any entry without a # symbol at the start apart from the default “127.0.0.1 localhost” and “::1 localhost” (Windows Vista and 7) should be viewed with suspicion.
How to restore the default hosts file?
Microsoft provides an automated tool and a manual method to restore the default hosts file in the article How do I reset the hosts file back to the default?.
In a number of cases, Malware when modifying the contents of the hosts file also changes the file permissions making it difficult to restore the default file. In such a scenario, I recommend using a free software HostXpert (345 KB), you don’t need to install it.
Download and run HostsXpert.exe. Click OK to remove the restrictions and then click “Restore MS Hosts file” on the left menu. Click “OK” to confirm. This will restore the default HOSTS file pertaining to your Windows OS.
Still unable to access security related Websites? Ask for help in one of the recommended forums for malware help.