Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't reach microsoft'w site and antimalware sites - 01.tmp file


  • Please log in to reply
1 reply to this topic

#1 qygon

qygon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 17 October 2009 - 01:10 PM

Hi, I have known a problem lately about some malware that won't let you get to any of microsoft's sites or antimalware sites - by scaning my computer found some 01.tmp, 02.tmp files - the files are being deleted by malwarebytes at startup but spawn alive againg every time.
I was looking for help at this forum - found some topics about the issue, but could'nt find any answer.
so I went to war alone, and won... (after too many hours - about 6)
anyway, I'm new around here and probably won't last long, so this is kind of an advice for whomever has this malware problem or for the administrators of the forum trying to help other's:
the little $!#:thumbsup:!#! is poisening the dns cache - that's why you can't get to any site even you're editing your hosts file.
so what you shoud do is:
1. open CMD.EXE,
2. type in the command line: TASKLIST /SVC - this will list all proccesses currently runing with the services in the background.
3. look for a proccess "svchost.exe" with the service "Dnscache"
4. open task manager, and if you still don't have the "PID" column, go to "VIEW", "SELECT COLUMNS" and add it
5. kill the svchost proccess that is runing the dns cache by comapring the PID's from the CMD to those in the taskmanager.
6. now you can access site freely: the microsoft malicous remove tool will find it for you and also COMODO free antivirus.
7. NOTICE that until the malware is wiped out you should do steps 1-5 every time your computer is rebooting.


EDIT: Moved to more appropriate forum

Edited by garmanma, 18 October 2009 - 09:42 AM.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:19 AM

Posted 19 October 2009 - 03:02 PM

You can simply stop and restart the DNS Service using these commands :
NET STOP DNSCache
NET START DNSCache

You can save these lines in a file with extension .CMD and when you need to run it, just double click on the file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users