Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

maremiru


  • Please log in to reply
4 replies to this topic

#1 maremiru

maremiru

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 18 June 2009 - 03:02 PM

@garmanma and thread:

this site seems wonderful, I just registered on basis of this thread, which I hoped I would never need again, after having Spybot S&D as well as Symantecs IS and now 360 running. After detecting the 360v3 not being able to remove a trojan of unknown name (Symantec don't give many details,sadly) I decided after a day or so to open a support chat window (as the only app at that moment) to Symantec-US and could not believe my eyes as the window told me something like "some DNS changes have been made in order that Symantec can access my PC" (it was only on the screen for a second or so).
Fact is that after the chat ended - without solution to the trojan - the internet connectivity ceased and never worked again on that PC in a network of 4, while all other PCs work well. The reason for being cut-off could be the trojan as well, as I read here and somewhere else, that some trojans block the internet connectivity. In some other thread I read about a command line resetting of some socket (for TCP/IP I guess). I hesitate what to do, need your help. The Symantc-DE (Germany) support by phone (do not dare to open support window again, as I need my PC for work!) have virtually given up and advised me to visit a PC technician here in Berlin. *tss*
I would adhere to positively identify the trojan, if there is one, as Adware Pro v5 hat not found a trojan. Nor Spybot.
This leads me to the connection of my problem to this thread: all the fabulous antispy software (although there are dangerous ones among them too like "antivirus doktor"!!): I need definitely one which can be installed with all new definitions from USB, as well as function offline. Does someone know in the first place? Can someone give link about the quality of such software in the second place? this is really about trust and I trust Spybot a lot and Symatec not so much anymore, PCtools had a good rep in old days, but today I cant say as it need internet to be installed. What set of antivir, spyware, malware, firewall software works well together? I imagine this cannot be answered for sure, systems and requirements are differnt, software changes all the time, but anyway give it a try?
In the first place I would be grateful for advice and hints about how to procedd with my broken internet connectivity. I forgot to mention that I have ISP in Germany but am registered with opendns as I work with international sites mostly.
Many regards and deep respect for the knowledge in this forum. - Michael

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:20 AM

Posted 18 June 2009 - 05:37 PM

You can download this to a flash drive

If you are using Spybot's Teatimer function, you must disable it for now
----------------------------------------------



The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


---------------------------------

If mbam won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 maremiru

maremiru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 19 June 2009 - 10:09 AM

Bingo!! or not?!
Yesterday I tried "MBA" (malwarebytes..) before "SAS" (superantivirus...) but it did not show in its window during installation. I went on with "SAS" which resulted in analysis and removal of 3 trojans (one old dormant one from a shop system, which I knew of) and 2 assumingly new ones (named HKUK or so, I deleted through "SAS" - well what exactly? - I assume the registry entries at least) but I was quite convinced that THIS was not going to put my PC online again.
Today I HAD to rename BOTH installation and running program of "MBA" and also installed the newest definitions offline (flash drive) - really a SMART detail I was looking for. And it showed 3 infected registry entries of the TCP/IP controller named Trojan.DNSchanger with data=85.255.112.24 / 118 . this is weird, as this leads to website of trusted-dns.com ! I never heard about it, but seem to be in the busioness of security. I have no clue how this came into my registry!
After deleting these malware items through "MBA" and reboot the PC the Norton360-Sonar Advanced Protection switched automatically to 'green' but after x minutes it swithed back to 'red' again - and sadly the connection to internet would NOT function. Feels like running in circles.
I let "MBA" do a full scan a second time, maybe I should do it in protected (F8) mode as well? Maybe the items and what could be behind were not removed fully?
Regards, - Michael

#4 maremiru

maremiru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 19 June 2009 - 12:01 PM

Addition:
The second run showed no virus or malware at all!
The connection I got through setting preferred and alternate DNS in TCP/IP settings to the "opendns" DNS numbers which my other PC's get by sharing, but not this former infected one.

So far so good, just can't explain why Norton still indicates the same trojan as before. After all I think that Norton is better in anti-virus and some of the other software discussed here is better for malware detection, removal and prevention. For instance the (new?) PrevX has got good reviews and I am grateful to "MBAM" (// MBA) functionality for sure :-)

Recolved ? .. Ihave the feeling that something is hiding stil ...
Michael

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:20 AM

Posted 19 June 2009 - 04:25 PM

I believe you can run SmitfraudF from a thump
It might take 2 scans

http://www.bleepingcomputer.com/virus-remo...se-smitfraudfix
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users