BleepingComputer.com: Can't reach microsoft'w site and antimalware sites - 01.tmp file

Hi, I have known a problem lately about some malware that won't let you get to any of microsoft's sites or antimalware sites - by scaning my computer found some 01.tmp, 02.tmp files - the files are being deleted by malwarebytes at startup but spawn alive againg every time.
I was looking for help at this forum - found some topics about the issue, but could'nt find any answer.
so I went to war alone, and won... (after too many hours - about 6)
anyway, I'm new around here and probably won't last long, so this is kind of an advice for whomever has this malware problem or for the administrators of the forum trying to help other's:
the little $!#!#! is poisening the dns cache - that's why you can't get to any site even you're editing your hosts file.
so what you shoud do is:
1. open CMD.EXE,
2. type in the command line: TASKLIST /SVC - this will list all proccesses currently runing with the services in the background.
3. look for a proccess "svchost.exe" with the service "Dnscache"
4. open task manager, and if you still don't have the "PID" column, go to "VIEW", "SELECT COLUMNS" and add it
5. kill the svchost proccess that is runing the dns cache by comapring the PID's from the CMD to those in the taskmanager.
6. now you can access site freely: the microsoft malicous remove tool will find it for you and also COMODO free antivirus.
7. NOTICE that until the malware is wiped out you should do steps 1-5 every time your computer is rebooting.


EDIT: Moved to more appropriate forum

This post has been edited by garmanma: 18 October 2009 - 09:42 AM

You can simply stop and restart the DNS Service using these commands :

NET STOP DNSCache
NET START DNSCache

You can save these lines in a file with extension .CMD and when you need to run it, just double click on the file.