Guest Øyvind Granberg Posted November 13, 2008 Posted November 13, 2008 Hi... As a continuance of the thread "Do I have a virus?" Well it's back. The Trojan.DNSChanger virus has really never left the building. I have downloaded and paid for software called Malwarebytes and it finds six instances of this virus. I choose to remove them, and the software wants to restart my computer. After reboot, a rerun of Malwarebytes shows that my system is clean. Then IE8 is started. All of a sudden I cannot connect to any website, not even google A new run of Malwarebytes reveals yet another six instances of the same virus. A checkup on all other computers in the household tells a tale of a massive outburst. I've got my ISP to reset the ADSL router, much against his beliefs, but no fix. I am running, amongst others, a self built Windows Vista Ultimate based pc, with all updates, and all security measures running. AVG 8 Windows Defender A weekly run of Spybot and Adaware I reckon if I can clean this computer I can easily fix the others. What am I doing wrong here? Is this Malwarebyte a hoax? -- Vennlig hilsen Øyvind Granberg tresfjording@live.no www.tresfjording.com Quote
Guest FromTheRafters Posted November 13, 2008 Posted November 13, 2008 "Øyvind Granberg" <tresfjording@live.no> wrote in message news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:blue"> > Hi... > > As a continuance of the thread "Do I have a virus?" > > Well it's back. The Trojan.DNSChanger virus has really never left the > building. > I have downloaded and paid for software called Malwarebytes and it finds > six instances of this virus. > I choose to remove them, and the software wants to restart my computer. > After reboot, a rerun of Malwarebytes shows that my system is clean. > Then IE8 is started. All of a sudden I cannot connect to any website, not > even google > A new run of Malwarebytes reveals yet another six instances of the same > virus. > > A checkup on all other computers in the household tells a tale of a > massive outburst. > > I've got my ISP to reset the ADSL router, much against his beliefs, but no > fix. > > I am running, amongst others, a self built Windows Vista Ultimate based > pc, with all updates, and all security measures running.</span> Are you running as admin and do you have UAC disabled? (but aside from that "all security measures running") <span style="color:blue"> > AVG 8 > Windows Defender > A weekly run of Spybot and Adaware > I reckon if I can clean this computer I can easily fix the others. > > What am I doing wrong here?</span> You want a list? <span style="color:blue"> > Is this Malwarebyte a hoax?</span> No, it is a good application. This malware is extremely sticky - check for rootkit activity. Quote
Guest Kayman Posted November 13, 2008 Posted November 13, 2008 On Thu, 13 Nov 2008 14:58:22 +0100, Øyvind Granberg wrote: <span style="color:blue"> > Hi... > > As a continuance of the thread "Do I have a virus?" > > Well it's back. The Trojan.DNSChanger virus has really never left the > building. > I have downloaded and paid for software called Malwarebytes and it finds six > instances of this virus. > I choose to remove them, and the software wants to restart my computer. > After reboot, a rerun of Malwarebytes shows that my system is clean. > Then IE8 is started. All of a sudden I cannot connect to any website, not > even google > A new run of Malwarebytes reveals yet another six instances of the same > virus. > > A checkup on all other computers in the household tells a tale of a massive > outburst. > > I've got my ISP to reset the ADSL router, much against his beliefs, but no > fix. > > I am running, amongst others, a self built Windows Vista Ultimate based pc, > with all updates, and all security measures running. > AVG 8 > Windows Defender > A weekly run of Spybot and Adaware > I reckon if I can clean this computer I can easily fix the others. > > What am I doing wrong here? > Is this Malwarebyte a hoax?</span> Malwarebytes' Anti-Malware is a good-quality bona fide application. After the software is updated try scanning in safe mode. How do you boot to Safe Mode? By pressing/tabbing F8 (or F5 on some keyboards) during re-boot. A description of the Safe Mode Boot options in Windows XP http://support.microsoft.com/default.aspx?scid=315222 Start your computer in safe mode (Vista) http://windowshelp.microsoft.com/Windows/e...c904a11033.mspx http://www.bleepingcomputer.com/tutorials/tutorial61.html Alternatively: click onto Start==>Run, type "msconfig" (without quotation marks), click OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must access the System Configuration utility again and click the General tab then click/check the radio button 'Normal Startup'- load all device drivers and services'. Not successful? Download/execute: David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or Kaspersky's AVPTool http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ --or-- http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ --or-- http://ftp.kaspersky.com/devbuilds/AVPTool/ There's no updating involved since the scanning engine is updated several times a day and you simply download the updated scanner whenever you want to do a scan. Uninstall after use. To uninstall/move this program "enable self-defense' must be unchecked! --and/or-- Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ --and-- SuperAntispyware - Free http://www.superantispyware.com/superantis...efreevspro.html Scan in normal and safe mode. Then download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/to...ools/hijackthis Please, do not post HJT logs to this newsgroup. Fora where you can get expert advice for HiJack This! (HJT) logs. http://www.thespykiller.co.uk/index.php?board=3.0 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.tomcoyote.org/index.php?showforum=27 http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.theeldergeek.com/forum/index.php?showforum=29 NOTE: Registration is required in any of the above mentioned fora before posting a HJT log and read the 'stickies' (instructions/guidelines) for the respective HJT forum. Routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck style_emoticons/ Quote
Guest FromTheRafters Posted November 13, 2008 Posted November 13, 2008 "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:ent6X%23ZRJHA.1028@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > > "Øyvind Granberg" <tresfjording@live.no> wrote in message > news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:green"> >> Hi... >> >> As a continuance of the thread "Do I have a virus?" >> >> Well it's back. The Trojan.DNSChanger virus has really never left the >> building. >> I have downloaded and paid for software called Malwarebytes and it finds >> six instances of this virus. >> I choose to remove them, and the software wants to restart my computer. >> After reboot, a rerun of Malwarebytes shows that my system is clean. >> Then IE8 is started. All of a sudden I cannot connect to any website, not >> even google >> A new run of Malwarebytes reveals yet another six instances of the same >> virus. >> >> A checkup on all other computers in the household tells a tale of a >> massive outburst. >> >> I've got my ISP to reset the ADSL router, much against his beliefs, but >> no fix. >> >> I am running, amongst others, a self built Windows Vista Ultimate based >> pc, with all updates, and all security measures running.</span> > > Are you running as admin and do you have UAC disabled? > (but aside from that "all security measures running") ><span style="color:green"> >> AVG 8 >> Windows Defender >> A weekly run of Spybot and Adaware >> I reckon if I can clean this computer I can easily fix the others. >> >> What am I doing wrong here?</span> > > You want a list? ><span style="color:green"> >> Is this Malwarebyte a hoax?</span> > > No, it is a good application. > > This malware is extremely sticky - check for rootkit activity.</span> ....before you ask http://searchenterprisedesktop.techtarget....1086476,00.html Quote
Guest ~BD~ Posted November 13, 2008 Posted November 13, 2008 I'm saddened to learn that you have a continuing problem, OG. You said "Then IE8 is started" IE8 is in Beta - advice I've had says that you must expect problems if you use an 'un-finished' product. I suggest you uninstall IE8 and try to revert to IE7. I've enjoyed browsing your web site btw! style_emoticons/ Just to rub salt into the wound, you didn't need to pay anything to download and use Malwarebytes on a one-off basis (i.e. not continuous protection). If you have a rootkit, rather than try to find and kill it, I'm sure it will be much quicker for you to 'Flatten and Rebuild'. If you have access to the Internet, you may 'enjoy' reading through a thread I started earlier this year, still available on Google, here:- http://groups.google.co.uk/group/microsoft...e5f99b403a1e451 My subsequent discussions now lead me to believe that one needs to clear the CMOS and probably flash the BIOS too if one wants to be sure of a clean machine. Good luck! Dave -- "Øyvind Granberg" <tresfjording@live.no> wrote in message news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:blue"> > Hi... > > As a continuance of the thread "Do I have a virus?" > > Well it's back. The Trojan.DNSChanger virus has really never left the > building. > I have downloaded and paid for software called Malwarebytes and it finds > six instances of this virus. > I choose to remove them, and the software wants to restart my computer. > After reboot, a rerun of Malwarebytes shows that my system is clean. > Then IE8 is started. All of a sudden I cannot connect to any website, not > even google > A new run of Malwarebytes reveals yet another six instances of the same > virus. > > A checkup on all other computers in the household tells a tale of a > massive outburst. > > I've got my ISP to reset the ADSL router, much against his beliefs, but no > fix. > > I am running, amongst others, a self built Windows Vista Ultimate based > pc, with all updates, and all security measures running. > AVG 8 > Windows Defender > A weekly run of Spybot and Adaware > I reckon if I can clean this computer I can easily fix the others. > > What am I doing wrong here? > Is this Malwarebyte a hoax? > > > -- > > Vennlig hilsen > Øyvind Granberg > > tresfjording@live.no > www.tresfjording.com </span> Quote
Guest David H. Lipman Posted November 13, 2008 Posted November 13, 2008 From: "Øyvind Granberg" <tresfjording@live.no> | Hi... | As a continuance of the thread "Do I have a virus?" | Well it's back. The Trojan.DNSChanger virus has really never left the | building. | I have downloaded and paid for software called Malwarebytes and it finds six | instances of this virus. | I choose to remove them, and the software wants to restart my computer. | After reboot, a rerun of Malwarebytes shows that my system is clean. | Then IE8 is started. All of a sudden I cannot connect to any website, not | even google | A new run of Malwarebytes reveals yet another six instances of the same | virus. | A checkup on all other computers in the household tells a tale of a massive | outburst. | I've got my ISP to reset the ADSL router, much against his beliefs, but no | fix. | I am running, amongst others, a self built Windows Vista Ultimate based pc, | with all updates, and all security measures running. | AVG 8 | Windows Defender | A weekly run of Spybot and Adaware | I reckon if I can clean this computer I can easily fix the others. | What am I doing wrong here? | Is this Malwarebyte a hoax? First, the DNSChanger is NOT a virus. It is a Trojan and a close relative of the Zlob. Second, the new breed of the DNSChanger will inded alter the DNS settings of SOHO Routers. One must change the default password to a strong password. What I have seen, in the sample I recently tested, is that the DNSChanger injects a DLL into the Spooler service. The Spooler Service is then restarted and will communicate with a SOHO Router with a weak password or the default password and it will then alter the SOHO Router as such affecting your ability to access web sites. Several days ago I suggested that you post in an Expert Forum. You apparently failed to do so and thats why you are STILL having problems. Again I state... This is NOT a virus. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest David H. Lipman Posted November 13, 2008 Posted November 13, 2008 From: "~BD~" <~BD~@nomail.afraid.com> | My subsequent discussions now lead me to believe that one needs to clear the | CMOS and probably flash the BIOS too if one wants to be sure of a clean | machine. | Good luck! | Dave / Absolutely NOT needed. / Please stay out of this dicussion. You don't understand the problem nor the trojan's activity nor understand the workings of the hardware's interaction with the OS concerning the BIOS and CMOS. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Øyvind Granberg Posted November 13, 2008 Posted November 13, 2008 ><span style="color:blue"> > You want a list?</span> You sound like my wife :-) <span style="color:blue"> ><span style="color:green"> >> Is this Malwarebyte a hoax?</span></span> Why I'm asking this is because it don't seem to woirk right. It finds the trojan, baut the registry entries remains after the fix. <span style="color:blue"> > > No, it is a good application. > > This malware is extremely sticky - check for rootkit activity.</span> I downloaded RootkitRevealer, but it coudn't find anything. -- Øyvind G. -- Quote
Guest Øyvind Granberg Posted November 13, 2008 Posted November 13, 2008 <span style="color:blue"> > Download/execute: > David H. Lipman's MULTI_AV Tool > http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe > http://www.pctipp.ch/downloads/dl/35905.asp > English: > http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ > Additional Instructions: > http://pcdid.com/Multi_AV.htm > and/or > Kaspersky's AVPTool > http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ > --or-- > http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ > --or-- > http://ftp.kaspersky.com/devbuilds/AVPTool/ > There's no updating involved since the scanning engine is updated several > times a day and you simply download the updated scanner whenever you want > to do a scan. Uninstall after use. To uninstall/move this program "enable > self-defense' must be unchecked! > --and/or-- > Dr.Web CureIt!® Utility - FREE > http://www.freedrweb.com/cureit/ > --and-- > SuperAntispyware - Free > http://www.superantispyware.com/superantis...efreevspro.html ></span> First of all, why should I install Kapersky or Sophos or McAfee or what ever when I do have AVG 8 installed? Secondly, paying ?20-50 for every malware remover on the net i not my way of spending a thursday night. :-) But I am working my way through your list... --øg-- Quote
Guest Kayman Posted November 13, 2008 Posted November 13, 2008 On Thu, 13 Nov 2008 21:57:25 +0700, Kayman wrote: <span style="color:blue"> > On Thu, 13 Nov 2008 14:58:22 +0100, Øyvind Granberg wrote: > <span style="color:green"> >> Hi... >> >> As a continuance of the thread "Do I have a virus?" >> >> Well it's back. The Trojan.DNSChanger virus has really never left the >> building. >> I have downloaded and paid for software called Malwarebytes and it finds six >> instances of this virus. >> I choose to remove them, and the software wants to restart my computer. >> After reboot, a rerun of Malwarebytes shows that my system is clean. >> Then IE8 is started. All of a sudden I cannot connect to any website, not >> even google >> A new run of Malwarebytes reveals yet another six instances of the same >> virus. >> >> A checkup on all other computers in the household tells a tale of a massive >> outburst. >> >> I've got my ISP to reset the ADSL router, much against his beliefs, but no >> fix. >> >> I am running, amongst others, a self built Windows Vista Ultimate based pc, >> with all updates, and all security measures running. >> AVG 8 >> Windows Defender >> A weekly run of Spybot and Adaware >> I reckon if I can clean this computer I can easily fix the others. >> >> What am I doing wrong here? >> Is this Malwarebyte a hoax?</span> > > Malwarebytes' Anti-Malware is a good-quality bona fide application. > After the software is updated try scanning in safe mode. > How do you boot to Safe Mode? > By pressing/tabbing F8 (or F5 on some keyboards) during re-boot. > A description of the Safe Mode Boot options in Windows XP > http://support.microsoft.com/default.aspx?scid=315222 > Start your computer in safe mode (Vista) > http://windowshelp.microsoft.com/Windows/e...c904a11033.mspx > http://www.bleepingcomputer.com/tutorials/tutorial61.html > Alternatively: > click onto Start==>Run, type "msconfig" (without quotation marks), click > OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click > Restart. To go back to Normal Mode, you must access the System > Configuration utility again and click the General tab then click/check the > radio button 'Normal Startup'- load all device drivers and services'. > > Not successful? > > Download/execute: > David H. Lipman's MULTI_AV Tool > http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe > http://www.pctipp.ch/downloads/dl/35905.asp > English: > http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ > Additional Instructions: > http://pcdid.com/Multi_AV.htm > and/or > Kaspersky's AVPTool > http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ > --or-- > http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ > --or-- > http://ftp.kaspersky.com/devbuilds/AVPTool/ > There's no updating involved since the scanning engine is updated several > times a day and you simply download the updated scanner whenever you want > to do a scan. Uninstall after use. To uninstall/move this program "enable > self-defense' must be unchecked! > --and/or-- > Dr.Web CureIt!® Utility - FREE > http://www.freedrweb.com/cureit/ > --and-- > SuperAntispyware - Free > http://www.superantispyware.com/superantis...efreevspro.html > > Scan in normal and safe mode. > > Then download and execute HiJack This! (HJT) > http://www.trendsecure.com/portal/en-US/to...ools/hijackthis > > Please, do not post HJT logs to this newsgroup. > Fora where you can get expert advice for HiJack This! (HJT) logs. > > http://www.thespykiller.co.uk/index.php?board=3.0 > http://www.spywarewarrior.com/viewforum.php?f=5 > http://forums.tomcoyote.org/index.php?showforum=27 > http://www.bleepingcomputer.com/forums/forum22.html > http://www.malwarebytes.org/forums/index.php?showforum=7 > http://www.5starsupport.com/ipboard/index.php?showforum=18 > http://www.theeldergeek.com/forum/index.php?showforum=29 > > NOTE: > Registration is required in any of the above mentioned fora before posting > a HJT log and read the 'stickies' (instructions/guidelines) for the > respective HJT forum. > > Routinely practice Safe-Hex. > http://www.claymania.com/safe-hex.html > Hundreds Click on 'Click Here to Get Infected' Ad > http://www.eweek.com/article2/0,1895,2132447,00.asp > > Good luck style_emoticons/</span> Implement Countermeasures against DNSChanger. http://extremesecurity.blogspot.com/2008/0...t-hijacked.html Quote
Guest The Real Truth MVP Posted November 13, 2008 Posted November 13, 2008 Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm Use the email link on that page to send me a copy of the MBAM log. -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "Øyvind Granberg" <tresfjording@live.no> wrote in message news:F72C4954-B32D-45A4-986E-6E5DC858E76F@microsoft.com...<span style="color:blue"> ><span style="color:green"> >> Download/execute: >> David H. Lipman's MULTI_AV Tool >> http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe >> http://www.pctipp.ch/downloads/dl/35905.asp >> English: >> http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ >> Additional Instructions: >> http://pcdid.com/Multi_AV.htm >> and/or >> Kaspersky's AVPTool >> http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ >> --or-- >> http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ >> --or-- >> http://ftp.kaspersky.com/devbuilds/AVPTool/ >> There's no updating involved since the scanning engine is updated several >> times a day and you simply download the updated scanner whenever you want >> to do a scan. Uninstall after use. To uninstall/move this program "enable >> self-defense' must be unchecked! >> --and/or-- >> Dr.Web CureIt!® Utility - FREE >> http://www.freedrweb.com/cureit/ >> --and-- >> SuperAntispyware - Free >> http://www.superantispyware.com/superantis...efreevspro.html >></span> > > First of all, why should I install Kapersky or Sophos or McAfee or what > ever when I do have AVG 8 installed? > > Secondly, paying ?20-50 for every malware remover on the net i not my way > of spending a thursday night. :-) > > But I am working my way through your list... > > --øg-- </span> Quote
Guest Øyvind Granberg Posted November 14, 2008 Posted November 14, 2008 Thank you ~BD~ for those kind words. Glad you liked my website :-) I will reset the CMOS and BIOS at next reboot. I am opposed to reinstalling the OS. That is a solution I turnde to i the past. I reformatted my first computer back in the late eighties. I thought it was THE solution in the nineties. This decade the procedure makes me physically sick... hehe... But after cleaning the registry, deleting files (autorun.inf) and folders (\resycled) the regitry keys rebuilt themselves. Somewhere there has to be a file that is run at startup, or when I start IE. I will now revert to IE7 and flush CMOS and reset BIOS during restart. BRB -- Vennlig hilsen Øyvind Granberg tresfjording@live.no www.tresfjording.com "~BD~" <~BD~@nomail.afraid.com> skrev i nyhetsmeldingen: uTso#4bRJHA.4008@TK2MSFTNGP02.phx.gbl ...<span style="color:blue"> > I'm saddened to learn that you have a continuing problem, OG. > > You said "Then IE8 is started" > > IE8 is in Beta - advice I've had says that you must expect problems if you > use an 'un-finished' product. I suggest you uninstall IE8 and try to > revert to IE7. > > I've enjoyed browsing your web site btw! style_emoticons/ > > Just to rub salt into the wound, you didn't need to pay anything to > download and use Malwarebytes on a one-off basis (i.e. not continuous > protection). > > If you have a rootkit, rather than try to find and kill it, I'm sure it > will be much quicker for you to 'Flatten and Rebuild'. If you have access > to the Internet, you may 'enjoy' reading through a thread I started > earlier this year, still available on Google, here:- > > http://groups.google.co.uk/group/microsoft...e5f99b403a1e451 > > My subsequent discussions now lead me to believe that one needs to clear > the CMOS and probably flash the BIOS too if one wants to be sure of a > clean machine. > > Good luck! > > Dave > > -- > > > "Øyvind Granberg" <tresfjording@live.no> wrote in message > news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:green"> >> Hi... >> >> As a continuance of the thread "Do I have a virus?" >> >> Well it's back. The Trojan.DNSChanger virus has really never left the >> building. >> I have downloaded and paid for software called Malwarebytes and it finds >> six instances of this virus. >> I choose to remove them, and the software wants to restart my computer. >> After reboot, a rerun of Malwarebytes shows that my system is clean. >> Then IE8 is started. All of a sudden I cannot connect to any website, not >> even google >> A new run of Malwarebytes reveals yet another six instances of the same >> virus. >> >> A checkup on all other computers in the household tells a tale of a >> massive outburst. >> >> I've got my ISP to reset the ADSL router, much against his beliefs, but >> no fix. >> >> I am running, amongst others, a self built Windows Vista Ultimate based >> pc, with all updates, and all security measures running. >> AVG 8 >> Windows Defender >> A weekly run of Spybot and Adaware >> I reckon if I can clean this computer I can easily fix the others. >> >> What am I doing wrong here? >> Is this Malwarebyte a hoax? >> >> >> -- >> >> Vennlig hilsen >> Øyvind Granberg >> >> tresfjording@live.no >> www.tresfjording.com</span> > > </span> Quote
Guest Kayman Posted November 14, 2008 Posted November 14, 2008 On Fri, 14 Nov 2008 00:33:54 +0100, Øyvind Granberg wrote: <span style="color:blue"><span style="color:green"> >> Download/execute: >> David H. Lipman's MULTI_AV Tool >> http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe >> http://www.pctipp.ch/downloads/dl/35905.asp >> English: >> http://www.raymond.cc/blog/archives/2008/0...virus-for-free/ >> Additional Instructions: >> http://pcdid.com/Multi_AV.htm >> and/or >> Kaspersky's AVPTool >> http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ >> --or-- >> http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ >> --or-- >> http://ftp.kaspersky.com/devbuilds/AVPTool/ >> There's no updating involved since the scanning engine is updated several >> times a day and you simply download the updated scanner whenever you want >> to do a scan. Uninstall after use. To uninstall/move this program "enable >> self-defense' must be unchecked! >> --and/or-- >> Dr.Web CureIt!® Utility - FREE >> http://www.freedrweb.com/cureit/ >> --and-- >> SuperAntispyware - Free >> http://www.superantispyware.com/superantis...efreevspro.html >></span> > > First of all, why should I install Kapersky or Sophos or McAfee or what ever > when I do have AVG 8 installed?</span> Whenever I jump of an aircraft in mid-flight I always carry a second parachute... <span style="color:blue"> > Secondly, paying ?20-50 for every malware remover on the net i not my way of > spending a thursday night. :-)</span> None of the applications cost a dime; they are FREE! (Even Malwarebytes comes in a free version). <span style="color:blue"> > But I am working my way through your list...</span> Implement Countermeasures against DNSChanger. http://extremesecurity.blogspot.com/2008/0...t-hijacked.html Quote
Guest 1PW Posted November 14, 2008 Posted November 14, 2008 On 11/13/2008 10:33 AM, ~BD~ sent: Snip, snip... <span style="color:blue"> > > My subsequent discussions now lead me to believe that one needs to clear the > CMOS and probably flash the BIOS too if one wants to be sure of a clean > machine. > > Good luck! > > Dave > </span> Hello Dave: It is quite easy to take what we discussed, in the other thread, out of context. Extreme measures are not indicated in many instances. Good judgment, must be coupled with experience. Also, reburning the BIOS does come with its own set of risks of failure. The motherboard is clearly at risk. If the above malware is clearly hard disk drive resident, the risk/benefit ratio of reburning the BIOS is clearly not on the side of the system's tech/owner/user. A proper assessment/diagnosis must precede the proper corrective action. -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest Øyvind Granberg Posted November 14, 2008 Posted November 14, 2008 Your procedure involves hundres of MB's to download. Aren't we here shooting sparrow with cannons? -- Vennlig hilsen Øyvind Granberg tresfjording@live.no www.tresfjording.com "David H. Lipman" <DLipman~nospam~@Verizon.Net> skrev i nyhetsmeldingen: e0662gdRJHA.4608@TK2MSFTNGP03.phx.gbl ...<span style="color:blue"> > From: "Øyvind Granberg" <tresfjording@live.no> > > | Hi... > > | As a continuance of the thread "Do I have a virus?" > > | Well it's back. The Trojan.DNSChanger virus has really never left the > | building. > | I have downloaded and paid for software called Malwarebytes and it finds > six > | instances of this virus. > | I choose to remove them, and the software wants to restart my computer. > | After reboot, a rerun of Malwarebytes shows that my system is clean. > | Then IE8 is started. All of a sudden I cannot connect to any website, > not > | even google > | A new run of Malwarebytes reveals yet another six instances of the same > | virus. > > | A checkup on all other computers in the household tells a tale of a > massive > | outburst. > > | I've got my ISP to reset the ADSL router, much against his beliefs, but > no > | fix. > > | I am running, amongst others, a self built Windows Vista Ultimate based > pc, > | with all updates, and all security measures running. > | AVG 8 > | Windows Defender > | A weekly run of Spybot and Adaware > | I reckon if I can clean this computer I can easily fix the others. > > | What am I doing wrong here? > | Is this Malwarebyte a hoax? > > First, the DNSChanger is NOT a virus. It is a Trojan and a close relative > of the Zlob. > Second, the new breed of the DNSChanger will inded alter the DNS settings > of SOHO Routers. > One must change the default password to a strong password. > > What I have seen, in the sample I recently tested, is that the DNSChanger > injects a DLL > into the Spooler service. The Spooler Service is then restarted and will > communicate with > a SOHO Router with a weak password or the default password and it will > then alter the SOHO > Router as such affecting your ability to access web sites. > > Several days ago I suggested that you post in an Expert Forum. > > You apparently failed to do so and thats why you are STILL having > problems. > > Again I state... This is NOT a virus. > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > </span> Quote
Guest ~BD~ Posted November 14, 2008 Posted November 14, 2008 "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message news:gfig6d$tuj$1@feeder.motzarella.org...<span style="color:blue"> > On 11/13/2008 10:33 AM, ~BD~ sent: > > Snip, snip... ><span style="color:green"> >> >> My subsequent discussions now lead me to believe that one needs to clear >> the >> CMOS and probably flash the BIOS too if one wants to be sure of a clean >> machine. >> >> Good luck! >> >> Dave >></span> > > Hello Dave: > > It is quite easy to take what we discussed, in the other thread, out of > context. Extreme measures are not indicated in many instances. Good > judgment, must be coupled with experience. Also, reburning the BIOS > does come with its own set of risks of failure. The motherboard is > clearly at risk. If the above malware is clearly hard disk drive > resident, the risk/benefit ratio of reburning the BIOS is clearly not on > the side of the system's tech/owner/user. > > A proper assessment/diagnosis must precede the proper corrective > action. > > -- > 1PW</span> -- Hello again, Pete style_emoticons/ <span style="color:blue"> > @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]</span> I've still not worked out what this code means (busy doing other things today!) <grin> I fully appreciate your comments and I'm sure Øyvind Granberg will understand too. Having reviewed his web site and absorbed a notion of his experience with computers, I'm equally sure that he, just like me, will wish to experiment and try to solve his problems himself - without resorting to employing a 'professional' (as it seems you once were!). You say "A proper assessment/diagnosis must precede the proper corrective action". I fully accept this. With your wealth of experience, where would you recommend one might go on the Internet.to achieve this objective? Why do I ask you? You are one of the few folk on these MS security newsgroups who has taken a great deal of time and trouble to help me better understand these technical matters (FromTheRafters has been another recently - thanks FTR). I do not profess, nor ever have, to be knowledgeable about computers. That doesn't mean that I am stupid and ignorant ....... as some here would have you believe! I did not come to these groups to solve my malware problems, rather to investigate how, and by whom, machines are infected in the first place. I basically trust no-one and don't believe something simply because it is showing on a screen in front of me. Nor do I blindly follow 'instructions' from any Tom, Dick or Harry (or even David H Lipman - whose credentials are completely unknown - yet who struts around these groups as if he is Lord of the manor!). The average guy who proceeds to a forum, downloads all manner of magical programmes to help fix his /her PC (under instruction, of course) will have absolutely no idea if their machine has really been cleaned - as long as it 'works', that will be sufficient. Lambs to the slaughter perhaps? <smile> Thanks for listening, Dave Quote
Guest FromTheRafters Posted November 14, 2008 Posted November 14, 2008 "Øyvind Granberg" <tresfjording@live.no> wrote in message news:e83729eRJHA.1164@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Your procedure involves hundres of MB's to download. > Aren't we here shooting sparrow with cannons?</span> Taking the easy road is how you got into this mess. David has given you good direction, and it will be good practice for the next time. Quote
Guest Peter Foldes Posted November 14, 2008 Posted November 14, 2008 Øyvind You are exactly in the same boat as to the one you are answering too. Be careful it might sink. Learn to listen -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Øyvind Granberg" <tresfjording@live.no> wrote in message news:B70F3874-ADB3-4B60-B276-9C1D57BE2D40@microsoft.com...<span style="color:blue"> > Thank you ~BD~ for those kind words. Glad you liked my website :-) > > I will reset the CMOS and BIOS at next reboot. > > I am opposed to reinstalling the OS. That is a solution I turnde to i the > past. > I reformatted my first computer back in the late eighties. I thought it was > THE solution in the nineties. > This decade the procedure makes me physically sick... hehe... > > But after cleaning the registry, deleting files (autorun.inf) and folders > (resycled) the regitry keys rebuilt themselves. > Somewhere there has to be a file that is run at startup, or when I start IE. > I will now revert to IE7 and flush CMOS and reset BIOS during restart. > > BRB > > > -- > > Vennlig hilsen > Øyvind Granberg > > tresfjording@live.no > www.tresfjording.com > > "~BD~" <~BD~@nomail.afraid.com> skrev i nyhetsmeldingen: > uTso#4bRJHA.4008@TK2MSFTNGP02.phx.gbl ...<span style="color:green"> >> I'm saddened to learn that you have a continuing problem, OG. >> >> You said "Then IE8 is started" >> >> IE8 is in Beta - advice I've had says that you must expect problems if you >> use an 'un-finished' product. I suggest you uninstall IE8 and try to >> revert to IE7. >> >> I've enjoyed browsing your web site btw! style_emoticons/ >> >> Just to rub salt into the wound, you didn't need to pay anything to >> download and use Malwarebytes on a one-off basis (i.e. not continuous >> protection). >> >> If you have a rootkit, rather than try to find and kill it, I'm sure it >> will be much quicker for you to 'Flatten and Rebuild'. If you have access >> to the Internet, you may 'enjoy' reading through a thread I started >> earlier this year, still available on Google, here:- >> >> http://groups.google.co.uk/group/microsoft...e5f99b403a1e451 >> >> My subsequent discussions now lead me to believe that one needs to clear >> the CMOS and probably flash the BIOS too if one wants to be sure of a >> clean machine. >> >> Good luck! >> >> Dave >> >> -- >> >> >> "Øyvind Granberg" <tresfjording@live.no> wrote in message >> news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:darkred"> >>> Hi... >>> >>> As a continuance of the thread "Do I have a virus?" >>> >>> Well it's back. The Trojan.DNSChanger virus has really never left the >>> building. >>> I have downloaded and paid for software called Malwarebytes and it finds >>> six instances of this virus. >>> I choose to remove them, and the software wants to restart my computer. >>> After reboot, a rerun of Malwarebytes shows that my system is clean. >>> Then IE8 is started. All of a sudden I cannot connect to any website, not >>> even google >>> A new run of Malwarebytes reveals yet another six instances of the same >>> virus. >>> >>> A checkup on all other computers in the household tells a tale of a >>> massive outburst. >>> >>> I've got my ISP to reset the ADSL router, much against his beliefs, but >>> no fix. >>> >>> I am running, amongst others, a self built Windows Vista Ultimate based >>> pc, with all updates, and all security measures running. >>> AVG 8 >>> Windows Defender >>> A weekly run of Spybot and Adaware >>> I reckon if I can clean this computer I can easily fix the others. >>> >>> What am I doing wrong here? >>> Is this Malwarebyte a hoax? >>> >>> >>> -- >>> >>> Vennlig hilsen >>> Øyvind Granberg >>> >>> tresfjording@live.no >>> www.tresfjording.com</span> >> >></span></span> Quote
Guest FromTheRafters Posted November 14, 2008 Posted November 14, 2008 "Øyvind Granberg" <tresfjording@live.no> wrote in message news:30DDCE10-7C2A-479B-972C-439F1393C7D2@microsoft.com...<span style="color:blue"><span style="color:green"> > > >> You want a list?</span> > You sound like my wife :-)</span> But I appreciate your sense of humor. style_emoticons/D Quote
Guest David H. Lipman Posted November 14, 2008 Posted November 14, 2008 From: "Øyvind Granberg" <tresfjording@live.no> | Your procedure involves hundres of MB's to download. | Aren't we here shooting sparrow with cannons? My procedure was for you to post in and Expert Forum and i don't see how it would require hundred of MB's of download. If you are talking about my Multi AV Scanning Tool, I never suggested you use it. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest John Mason Jr Posted November 14, 2008 Posted November 14, 2008 Øyvind Granberg wrote:<span style="color:blue"><span style="color:green"> >> >> You want a list?</span> > You sound like my wife :-) > <span style="color:green"> >><span style="color:darkred"> >>> Is this Malwarebyte a hoax?</span></span> > Why I'm asking this is because it don't seem to woirk right. It finds > the trojan, baut the registry entries remains after the fix. > <span style="color:green"> >> >> No, it is a good application. >> >> This malware is extremely sticky - check for rootkit activity.</span> > I downloaded RootkitRevealer, but it coudn't find anything. > > > > -- Øyvind G. -- </span> You might try reporting the problem in General Malwarebytes' Anti-Malware Forum <http://www.malwarebytes.org/forums/index.php?showforum=41> or via contact page <http://www.malwarebytes.org/contact.php> They are normally responsive John Quote
Guest 1PW Posted November 14, 2008 Posted November 14, 2008 On 11/13/2008 05:31 PM, ~BD~ sent:<span style="color:blue"> > "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message > news:gfig6d$tuj$1@feeder.motzarella.org...<span style="color:green"> >> On 11/13/2008 10:33 AM, ~BD~ sent: >> >> Snip, snip... >><span style="color:darkred"> >>> My subsequent discussions now lead me to believe that one needs to clear >>> the >>> CMOS and probably flash the BIOS too if one wants to be sure of a clean >>> machine. >>> >>> Good luck! >>> >>> Dave >>></span> >> Hello Dave: >> >> It is quite easy to take what we discussed, in the other thread, out of >> context. Extreme measures are not indicated in many instances. Good >> judgment, must be coupled with experience. Also, reburning the BIOS >> does come with its own set of risks of failure. The motherboard is >> clearly at risk. If the above malware is clearly hard disk drive >> resident, the risk/benefit ratio of reburning the BIOS is clearly not on >> the side of the system's tech/owner/user. >> >> A proper assessment/diagnosis must precede the proper corrective >> action. >> >> -- >> 1PW</span> > > -- > > Hello again, Pete style_emoticons/ > <span style="color:green"> >> @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]</span> > > I've still not worked out what this code means (busy doing other things > today!) <grin> > > I fully appreciate your comments and I'm sure Øyvind Granberg will > understand too. Having reviewed his web site and absorbed a notion of his > experience with computers, I'm equally sure that he, just like me, will wish > to experiment and try to solve his problems himself - without resorting to > employing a 'professional' (as it seems you once were!). > > You say "A proper assessment/diagnosis must precede the proper corrective > action". I fully accept this. With your wealth of experience, where would > you recommend one might go on the Internet.to achieve this objective? > > Why do I ask you? You are one of the few folk on these MS security > newsgroups who has taken a great deal of time and trouble to help me better > understand these technical matters (FromTheRafters has been another > recently - thanks FTR). I do not profess, nor ever have, to be knowledgeable > about computers. That doesn't mean that I am stupid and ignorant ....... as > some here would have you believe! > > I did not come to these groups to solve my malware problems, rather to > investigate how, and by whom, machines are infected in the first place. I > basically trust no-one and don't believe something simply because it is > showing on a screen in front of me. Nor do I blindly follow 'instructions' > from any Tom, Dick or Harry (or even David H Lipman - whose credentials are > completely unknown - yet who struts around these groups as if he is Lord of > the manor!). > > The average guy who proceeds to a forum, downloads all manner of magical > programmes to help fix his /her PC (under instruction, of course) will have > absolutely no idea if their machine has really been cleaned - as long as > it 'works', that will be sufficient. Lambs to the slaughter perhaps? <smile> > > Thanks for listening, > > Dave</span> We are stealing this thread from one with a huge problem and great need. Let's begin another thread. Our apologies to all that read are blatherings. -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest ~BD~ Posted November 14, 2008 Posted November 14, 2008 Hello Øyvind I replied to you earlier this morning from Google Groups (supposedly!) but cannot now find same via Google. I'd set a 'follow-up' in the hope that my message would show up in the 'microsoft.public.security.virus' group which I usually view with Outlook Express. It has not (so far) appeared ............... But I have found it here:- http://www.pcreview.co.uk/forums/showthread.php?t=3668206 Scratching head (again!) - Puzzling to me (a user, not a guru!) Dave -- "Øyvind Granberg" <tresfjording@live.no> wrote in message news:B70F3874-ADB3-4B60-B276-9C1D57BE2D40@microsoft.com...<span style="color:blue"> > Thank you ~BD~ for those kind words. Glad you liked my website :-) > > I will reset the CMOS and BIOS at next reboot. > > I am opposed to reinstalling the OS. That is a solution I turnde to i the > past. > I reformatted my first computer back in the late eighties. I thought it > was THE solution in the nineties. > This decade the procedure makes me physically sick... hehe... > > But after cleaning the registry, deleting files (autorun.inf) and folders > (resycled) the regitry keys rebuilt themselves. > Somewhere there has to be a file that is run at startup, or when I start > IE. > I will now revert to IE7 and flush CMOS and reset BIOS during restart. > > BRB > > > -- > > Vennlig hilsen > Øyvind Granberg > > tresfjording@live.no > www.tresfjording.com > > "~BD~" <~BD~@nomail.afraid.com> skrev i nyhetsmeldingen: > uTso#4bRJHA.4008@TK2MSFTNGP02.phx.gbl ...<span style="color:green"> >> I'm saddened to learn that you have a continuing problem, OG. >> >> You said "Then IE8 is started" >> >> IE8 is in Beta - advice I've had says that you must expect problems if >> you use an 'un-finished' product. I suggest you uninstall IE8 and try to >> revert to IE7. >> >> I've enjoyed browsing your web site btw! style_emoticons/ >> >> Just to rub salt into the wound, you didn't need to pay anything to >> download and use Malwarebytes on a one-off basis (i.e. not continuous >> protection). >> >> If you have a rootkit, rather than try to find and kill it, I'm sure it >> will be much quicker for you to 'Flatten and Rebuild'. If you have access >> to the Internet, you may 'enjoy' reading through a thread I started >> earlier this year, still available on Google, here:- >> >> http://groups.google.co.uk/group/microsoft...e5f99b403a1e451 >> >> My subsequent discussions now lead me to believe that one needs to clear >> the CMOS and probably flash the BIOS too if one wants to be sure of a >> clean machine. >> >> Good luck! >> >> Dave >> >> -- >> >> >> "Øyvind Granberg" <tresfjording@live.no> wrote in message >> news:2AA77F27-57A5-4CB9-AD8B-4769F1049533@microsoft.com...<span style="color:darkred"> >>> Hi... >>> >>> As a continuance of the thread "Do I have a virus?" >>> >>> Well it's back. The Trojan.DNSChanger virus has really never left the >>> building. >>> I have downloaded and paid for software called Malwarebytes and it finds >>> six instances of this virus. >>> I choose to remove them, and the software wants to restart my computer. >>> After reboot, a rerun of Malwarebytes shows that my system is clean. >>> Then IE8 is started. All of a sudden I cannot connect to any website, >>> not even google >>> A new run of Malwarebytes reveals yet another six instances of the same >>> virus. >>> >>> A checkup on all other computers in the household tells a tale of a >>> massive outburst. >>> >>> I've got my ISP to reset the ADSL router, much against his beliefs, but >>> no fix. >>> >>> I am running, amongst others, a self built Windows Vista Ultimate based >>> pc, with all updates, and all security measures running. >>> AVG 8 >>> Windows Defender >>> A weekly run of Spybot and Adaware >>> I reckon if I can clean this computer I can easily fix the others. >>> >>> What am I doing wrong here? >>> Is this Malwarebyte a hoax? >>> >>> >>> -- >>> >>> Vennlig hilsen >>> Øyvind Granberg >>> >>> tresfjording@live.no >>> www.tresfjording.com</span> >> >> </span></span> Quote
Guest ~BD~ Posted November 14, 2008 Posted November 14, 2008 "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message news:gfj08f$p5f$1@feeder.motzarella.org...<span style="color:blue"> > On 11/13/2008 05:31 PM, ~BD~ sent:<span style="color:green"> >> "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message >> news:gfig6d$tuj$1@feeder.motzarella.org...<span style="color:darkred"> >>> On 11/13/2008 10:33 AM, ~BD~ sent: >>> >>> Snip, snip... >>> >>>> My subsequent discussions now lead me to believe that one needs to >>>> clear >>>> the >>>> CMOS and probably flash the BIOS too if one wants to be sure of a clean >>>> machine. >>>> >>>> Good luck! >>>> >>>> Dave >>>> >>> Hello Dave: >>> >>> It is quite easy to take what we discussed, in the other thread, out of >>> context. Extreme measures are not indicated in many instances. Good >>> judgment, must be coupled with experience. Also, reburning the BIOS >>> does come with its own set of risks of failure. The motherboard is >>> clearly at risk. If the above malware is clearly hard disk drive >>> resident, the risk/benefit ratio of reburning the BIOS is clearly not on >>> the side of the system's tech/owner/user. >>> >>> A proper assessment/diagnosis must precede the proper corrective >>> action. >>> >>> -- >>> 1PW</span> >> >> -- >> >> Hello again, Pete style_emoticons/ >><span style="color:darkred"> >>> @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]</span> >> >> I've still not worked out what this code means (busy doing other things >> today!) <grin> >> >> I fully appreciate your comments and I'm sure Øyvind Granberg will >> understand too. Having reviewed his web site and absorbed a notion of his >> experience with computers, I'm equally sure that he, just like me, will >> wish >> to experiment and try to solve his problems himself - without resorting >> to >> employing a 'professional' (as it seems you once were!). >> >> You say "A proper assessment/diagnosis must precede the proper corrective >> action". I fully accept this. With your wealth of experience, where would >> you recommend one might go on the Internet.to achieve this objective? >> >> Why do I ask you? You are one of the few folk on these MS security >> newsgroups who has taken a great deal of time and trouble to help me >> better >> understand these technical matters (FromTheRafters has been another >> recently - thanks FTR). I do not profess, nor ever have, to be >> knowledgeable >> about computers. That doesn't mean that I am stupid and ignorant ....... >> as >> some here would have you believe! >> >> I did not come to these groups to solve my malware problems, rather to >> investigate how, and by whom, machines are infected in the first place. I >> basically trust no-one and don't believe something simply because it is >> showing on a screen in front of me. Nor do I blindly follow >> 'instructions' >> from any Tom, Dick or Harry (or even David H Lipman - whose credentials >> are >> completely unknown - yet who struts around these groups as if he is Lord >> of >> the manor!). >> >> The average guy who proceeds to a forum, downloads all manner of magical >> programmes to help fix his /her PC (under instruction, of course) will >> have >> absolutely no idea if their machine has really been cleaned - as long >> as >> it 'works', that will be sufficient. Lambs to the slaughter perhaps? >> <smile> >> >> Thanks for listening, >> >> Dave</span> > > We are stealing this thread from one with a huge problem and great need. > > Let's begin another thread. > > Our apologies to all that read are blatherings. > > -- > 1PW > > @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]</span> -- OK - I'll start a new thread 'Lambs to the slaughter perhaps?' <smile> Dave -- Quote
Guest Øyvind Granberg Posted November 14, 2008 Posted November 14, 2008 I will... as soon as mr. Lipmans ENORMOUS four step virus killer quest is over. <span style="color:blue"> > You might try reporting the problem in General Malwarebytes' Anti-Malware > Forum <http://www.malwarebytes.org/forums/index.php?showforum=41> > > or via contact page <http://www.malwarebytes.org/contact.php> > > They are normally responsive > > > John </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.