Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


caught a virus, wants me to reboot, should i?

  • Please log in to reply
2 replies to this topic

#1 variousgood


  • Members
  • 1 posts
  • Local time:11:00 AM

Posted 18 December 2012 - 12:12 AM

hey guys, thanks for all the tips on this site. it has been invaluable.

i just caught a virus trying to install itself. for the record, i was installing the latest update of youtubeDownloader 2.9.6. i have a registry monitor called WinPatrol running at all times and it pops up anytime a program is trying to do some funny stuff. it alerted me of a program called Sendori trying to attach itself to random places. i clicked "No" for 6 or 7 times, which seemed to halt the virus from entirely manifesting. all references were to "Sendori". a little googling says the virus hijacks your dns server settings.

my ip4/6 interface settings are still the same, they didn't change including dns. i ran hijackThis and found 4 references to the Sendori directory (not hidden; simply program files directory).

we all know some uninstalls actually kick off a deeper configuration of the virus, but after some checkups i decided it would be ok to uninstall normally from control panel.

after the uninstall, the program's entries in the hijackThis log did disappear. i checked the registry for Run and RunOnce and there are no entries for the program (neither obvious or non-obvious) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunOnce

my question is, after the uninstall it prompted me i needed to restart my computer to complete. i clicked X (neither yes or no) and now i'm curious if there's anywhere else i should check. the program's obvious directory is gone, there are no startup entries in the registry and winpatrol and hijackThis aren't showing anything. i'm still nervous to reboot... does anyone have any additional suggestions of places i can guarantee a reboot won't fire this thing off again?

close call, nonetheless. many thanks in advance

Edited by hamluis, 18 December 2012 - 10:16 AM.
Moved from Win 7 to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 C.L.C


  • Members
  • 42 posts
  • Gender:Male
  • Location:Brainerd, In Central Minnesota USA
  • Local time:10:00 AM

Posted 18 December 2012 - 12:29 AM

If you want to be sure go ahead and run a malwarebytes full scan before you restart your computer, it can't hurt.

How do I remove, turn off, or uninstall Sendori?

#3 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 18 December 2012 - 12:33 AM

Also install, update and run a scan with SuperantiSpyware Free as this will pick up other minor problems -

What browser were you using at the time ??

Most malware and Antivirus scans will not pick this program up as it is not an infection as such -
It may reset your home page and if installed it will report your searches back to "Home base"
The actual program was purchased by ASK who also do the same things -
To quote quietman7 (site moderator)

It appears as long as the program is installed, it controls your DNS settings even if you attempt to change them back.
IMO making such modifications without telling you is deceptive. Many programs install themselves without user knowledge but that is not sufficient to classify it as malware.

Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
This will also remove other Toolbars that are generally not required -
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by noknojon, 18 December 2012 - 12:54 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users