Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is potentially screwed, Please help!


  • Please log in to reply
8 replies to this topic

#1 Lraine93

Lraine93

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 February 2009 - 05:44 PM

Hey All,
OK here's the deal. First of all, I always see people posting a long list of stuff that tells everyone about their systems I don't know how to do this, but I'm really good at following directions. So, my problem is this. Yesterday, I was playing around on the PC and I attempted to use Yahoo's search engine and it rerouted me to some wacky page. Tried it again, same thing. So, I automatically went to my AntiMalware and ran a quick scan. It popped up with 4 registry data items that were infected; I quarantined and deleted them. This however did not fix my problem. I ran a few more scans with Mcafee and Windows Defender but nothing fixed my problem. The name of the infection was Trojan DNSchanger. Usually, I'm really good at disinfecting my computer but this one has stumped me. I tried to do a system restore and it won't let me and for some reason, now it won't let me online. When the cable's plugged in the pc shows connected and when it's not it shows disconnected just as expected. I even called my cable company and they said that they can't see a connection at all. My VDD showed that I had two Symantec additions in my registry, which I shouldn't cause we got rid of Norton years ago and ran all of the removal stuff then cause it was causing problems. If someone can talk me through a fix that'd be much appreciated.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:32 PM

Posted 08 February 2009 - 06:03 PM

Hi and welcome to BleepingComputer :thumbsup:

Let's start with a Malwarebytes scan...

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Lraine93

Lraine93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 February 2009 - 06:09 PM

I've ran multiple malwarebytes anti malware scans. Luckily, I already have it on my computer cause I cannot connect to the internet. I'm having to use a thumb drive and go back and forth between a laptop and my infected pc. I have however figured out HJT. I have download the spybot thingy but did not put it on my pc because it didn't want to install. Here's my log from HJT.


HJT log removed ~ rigel

I think that's how it's done, right??

Oh, also about a MBAM scan, it came up clean and clear but I'll transfer it over ASAP.

Edited by rigel, 08 February 2009 - 06:14 PM.


#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:32 PM

Posted 08 February 2009 - 06:18 PM

I pulled your HJT log because those cant be addressed in this forum.

If you can download the updates on another computer and transfer them over to this one, Malwarebytes has been pretty sucessful as of late removing the hard parts of DNSChanger.


I recommend changing the password of your router. This type of infection is designed to take over - we are taking back.
==========================================
Let's manually reset your DNS.

Open Network Connections by clicking the Start button , clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.

Right-click the connection that you want to change, and then click Properties. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To obtain a DNS server address automatically, click Obtain DNS server address automatically, and then click OK.
==========================================
Click Start - Run. The Run dialog box will open.
Type cmd in the box and click Enter. A DOS window will open.
Type ipconfig /flushdns <=Note the spacing
Reboot your computer!
==========================================

Thanks!

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 Lraine93

Lraine93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 February 2009 - 06:29 PM

I've done what you suggested and I'm about to unhook here and check the pc. However, I don't hold out much hope as the cable person took me through almost the same steps last night. Except when I did Ipconfig last night, we didn't do flushdns. Is it supposed to say something after I do that? Because it just give me the same administator prompt. I really hope this works and I appreciate your help with this matter. I'll check back here in a few minutes after I check on Spike (my pc).

#6 Lraine93

Lraine93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 February 2009 - 06:50 PM

Just got back over here. Still can't connect to the internet on the pc eventhough scans are saying all is clear.

#7 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:32 PM

Posted 08 February 2009 - 08:11 PM

Take a look at the settings on your router. Make sure DNS is set to automatic.

DNSChanger can be a real pain... have faith :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#8 Lraine93

Lraine93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 09 February 2009 - 08:55 AM

Hey,
Well, we were able to get the Internet back on but we have to leave the window open otherwise it's very hard to get it to open back up. However, we still seem to have the search engine problem. Whenever we try to take a link off a search engine it reroutes to a different more aggravating page. Would this be a good time to try the ipconfig /flushdns?

#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:32 PM

Posted 09 February 2009 - 12:58 PM

Yes, you can try to flush it now. You will need to reboot following the flush.

Then update and rerun Malwarebytes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users