Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What in the world... (vent/rant/advice?)


  • Please log in to reply
2 replies to this topic

#1 pezmutwal

pezmutwal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 18 March 2010 - 12:56 AM

This is in relation to this thread: http://www.bleepingcomputer.com/forums/t/299466/post-malware-removal-symptoms/
(Mods, no need to reopen that thread. I have all but given up on the matter and am turning the problem over to AT&T.)

I am completely baffled. I occasionally help out removing viruses and the like at a local office of just a few computers. Well this latest one has been a real MFer. One computer got a virus, it was removed successfully, then another, removed it successfully, and then all of the sudden not a single computer could get any security updates. No updating Windows, Malwarebytes or MSSE.

Well it turns out (refer to link above) that the network did NOT use a static IP and that there really was a DNS Changer Trojan on every computer on the network that were changing to malicious DNS servers. But everywhere I turned for advice on removing it was to use MalwareBytes or SmitFraudFix. Both detected the Trojan and both SAID that it was removed, but immediately after reboot the DNS Changer Trojan is back again.

I never got a chance to finish the GMER scan requested in the thread mentioned above because I started it at 10 AM, left the office at 5 PM and it was still scanning, and when I went to check on it the next day, a Windows message saying it recovered from an unexpected shutdown was displayed on the screen.

So anyway, I said screw it, I'm taking this whole mother down. First thing I did was disconnect all nodes from the router. Then I hit the "Reset to Factory" on that dang thing, reformatted every computer, and once the OS's were all done installing on all the computers, I reconnected them to the network, got an internet connection and attempted to update...

And still... CANNOT GET ANY SECURITY UPDATES. Internet connection is there, other websites load, but I just cannot get any security updates.

I'm going to call AT&T tomorrow and tell them to take a look at it because I am OUT of ideas.

BC AdBot (Login to Remove)

 


#2 pezmutwal

pezmutwal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 18 March 2010 - 11:58 AM

UPDATE:

In yet another bizarre twist in this epic saga, I went to the office today to finish installing their network printer. I was shocked to see in the system tray that the MSSE icon was green! I opened it up and sure enough it had been updated. Then I also noticed Windows Updates were downloading too.

I am just completely stumped here. Why did the updates not work the entire night after the reformat, but the next day they worked fine like nothing was ever wrong?

This is so wild. Oh well. Means I get paid soon. :huh:

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:56 PM

Posted 19 March 2010 - 04:40 PM

Updates work in succession, and probably maybe network issues.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users