Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection?


  • Please log in to reply
4 replies to this topic

#1 metalmania31

metalmania31

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA, USA
  • Local time:06:35 AM

Posted 25 December 2011 - 06:19 AM

Hey guys on my brothers laptop (lenovo z560 win7home64) he was trying to get to a website the groceryoutlet.com and it would pull up as not available. Even though everyone else on our network could and his friends could at their homes and his phone. So after doing some basic cleaning of network temp files and such it still wasn't going to the site. So I checked the network settings on the wireless and the dns addresses were changed to 216.146.35.240 for both 1st and 2nd. I though that's odd. I changed them back to what I set them to and tried again. It wouldn't open the website so I checked back with the dns settings and again they were changed back to 216.146.35.240. I am assuming it could be a virus and I've run system sweeper 1st.

After I finished the scans they did not detect anything. I scanned with Norton, superantispyware, malwarebytes, & MS system sweeper.

It looks like after some research it might have been some program called Sendori. After uninstalling it I regained controll of the DNS settings. Not sure how it was installed. I'll have to wait and see if any further issues from this come up.

I'm blocking the site Sendori.com on my router.

Has anyone seen this and should I dig deeper into my brothers laptop?

BC AdBot (Login to Remove)

 


#2 metalmania31

metalmania31
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA, USA
  • Local time:06:35 AM

Posted 25 December 2011 - 06:32 PM

Nobody has seen this?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 AM

Posted 25 December 2011 - 10:58 PM

CNET.com: Publisher's Description of Sendori
Sendori, monetizing domain names
Sendori: Auction Redirects from Your Domains

...Sendori is offered to consumers by leading Internet Service Providers and directly via a desktop application...

Sendori
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 metalmania31

metalmania31
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA, USA
  • Local time:06:35 AM

Posted 25 December 2011 - 11:32 PM

CNET.com: Publisher's Description of Sendori
Sendori, monetizing domain names
Sendori: Auction Redirects from Your Domains

...Sendori is offered to consumers by leading Internet Service Providers and directly via a desktop application...

Sendori


I've seen those sites, that doesn't explain why it was preventing me from changing my DNS settings. Soon as I changed them to my settings and exit out and go back in it was reverted back to the 216.146.35.240. If it's legit program it should be classified as malware cause it installed without permission and prevents changes to network settings.
Looks like others have exeperienced similar findings with this software. http://download.cnet.com/Sendori/3640-18510_4-11912980.html

Edited by metalmania31, 25 December 2011 - 11:54 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 AM

Posted 26 December 2011 - 12:12 AM

It appears as long as the program is installed, it controls your DNS settings even if you attempt to change them back.

IMO making such modifications without telling you is deceptive. Many programs install themselves without user knowledge but that is not sufficient to classify it as malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users