Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have to keep flushing DNS on windows 7


  • Please log in to reply
4 replies to this topic

#1 User k

User k

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 01 February 2013 - 11:08 AM

Split from: http://www.bleepingcomputer.com/forums/topic393861.html ~Budapest

I've had the same problem.

Flushing the DNS cache got me back online at first, but the problem progressed to the point the connection would shut down at random and the flush would no longer restore the connection.

So first, those who can only connect for a few minutes before being booted off type this into your command prompt with adminstrative privileges.
(Go to start window, type cmd, right click on the file that comes up and select run as administrator.)

Enter these four commands individually and press enter after each one if it doesn't automatically except the command.

ipconfig/flushdns

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

*Edit: Restart computer when finished.

This stabilized my connection for 24 hrs before i had to do again.

Now my problem, it appears this is being caused by a browser hi-jacker called ghribi.com. It is a supposed proxy program that re-directs your search results, changes your dns settings and causes false security warnings and add's to pop up on your screen. Some people have gotten it from microsoft itself during updates it appears as well as getting it from FF plugins and various free downloads.

It is not detected by malware bites or ad-aware and i definitely have it because it will redirect me to their search page when I open a new tab and replaces the address in my url bar to ghribi.com instead of google. It must be in my registry and reinstalling itself after I clear it out.

Anyone have any experience with this virus? Maybe walk us through a manual deletion?

Edited by Budapest, 01 February 2013 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:16 AM

Posted 02 February 2013 - 07:06 AM

Hi -
First download these 2 programs, install them annd Update them - Malwarebytes Anti-Malware Free and SuperantiSpyware Free
Run Full scans with both programs and Delete all found items (you may need to Reboot to ensure removal)
Post both of the logs generated in your next reply

Next - Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus - Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
AdwCleaner is a reliable removal tool for adware, toolbar and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.
The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been run

Next - Please download Junkware Removal Tool to your desktop
Junkware Removal Tool by thisisu
•Shut down your protection software now to avoid potential conflicts.
•Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt into your next message.

Only when you are finished the above programs ..... Download TFC by OldTimer from HERE to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista / Windows7, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Thank You -



#3 User k

User k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 02 February 2013 - 10:03 PM

Will do aussie, thanks for the reply.

#4 User k

User k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 03 February 2013 - 10:37 AM

Heres the logs:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.03.01




Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
my :: MY-HP [administrator]

2/2/2013 9:38:44 PM
mbam-log-2013-02-02 (21-38-44).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314794
Time elapsed: 1 hour(s), 8 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
____________________________________________________________________________________________________________________





I ran a quick scan on accident the first time around so I followed it up with a critical scan directly after it finished.
If you need the complete scan logs specifically I will rescan.**********************************************












***Quick scan***
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2013 at 06:40 AM

Application Version : 5.6.1014

Core Rules Database Version : 9962
Trace Rules Database Version: 7774

Scan type : Quick Scan
Total Scan Time : 00:06:11

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 60453
Registry threats detected : 0
File items scanned : 10459
File threats detected : 0




***Critical scan****
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2013 at 06:48 AM

Application Version : 5.6.1014

Core Rules Database Version : 9962
Trace Rules Database Version: 7774

Scan type : Critical Point Scan
Total Scan Time : 00:02:36

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 60453
Registry threats detected : 0
File items scanned : 7289
File threats detected : 0
_________________________________________________________________________________________________________________________________



********************ADWCLEANER*********************************




# AdwCleaner v2.109 - Logfile created 02/03/2013 at 07:09:34
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : my - MY-HP
# Boot Mode : Normal
# Running from : C:\Users\my\Downloads\Have to keep flushing DNS on windows 7_files\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\my\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\my\AppData\LocalLow\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\c2yozh0a.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "blekko");
Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.install-event-fired", true);

-\\ Google Chrome v24.0.1312.57

File : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2482 octets] - [03/02/2013 07:04:37]
AdwCleaner[R2].txt - [2542 octets] - [03/02/2013 07:05:30]
AdwCleaner[S1].txt - [356 octets] - [03/02/2013 07:07:39]
AdwCleaner[S2].txt - [2423 octets] - [03/02/2013 07:09:34]

########## EOF - C:\AdwCleaner[S2].txt - [2483 octets] ##########
_______________________________________________________________________________________________________________________


**************Junk Removal Tool notes***********

Windows crash during deep registry scan.
Event ID 41 Kernal-power System

No problem second time around.













~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by my on Sun 02/03/2013 at 8:00:06.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\my\AppData\Roaming\mozilla\firefox\profiles\c2yozh0a.default\extensions\requestpolicy@requestpolicy.com.xpi"
Successfully deleted the following from C:\Users\my\AppData\Roaming\mozilla\firefox\profiles\c2yozh0a.default\prefs.js

user_pref("extensions.ghostery.blockingLog", "Blocked image: hxxp://b.scorecardresearch.com/p?c1=2&c2=7241469&c4=hxxp%253A%252F%252Fwww.yahoo.com&c5=2023538075&ns__t=135779946
user_pref("extensions.jid0-hVK3JChToUWBtJHMEmFM9ELeInk@jetpack.install-event-fired", true);
user_pref("extensions.jid1-F9UJ2thwoAm5gQ@jetpack.install-event-fired", true);
user_pref("extensions.jid1-ZAdIEUB7XOzOJw@jetpack.ddg_default", true);
user_pref("extensions.jid1-yZwVFzbsyfMrqQ@jetpack.install-event-fired", true);
Emptied folder: C:\Users\my\AppData\Roaming\mozilla\firefox\profiles\c2yozh0a.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/03/2013 at 8:44:54.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:16 AM

Posted 04 February 2013 - 03:14 PM

Did AdwCleaner help the situation, or is it still the same?

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users