Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"resycled\boot.com" + Trojan.DNSChanger

Started by pachyderm , Nov 24 2008 04:23 AM

  • Please log in to reply

#1
pachyderm
Posted 24 November 2008 - 04:23 AM

pachyderm

    New Member

  • Member
  • Pip
  • 2 posts
This maybe one in the same problem since they appeared at the same time.
I received the error message when attempting to open (double click on c:\) my C:\ drive. I 'googled' it and received a number of entries into a number of forums. After reading a few of the posts and threads I downloaded Malwarebytes and scanned my computer. It came up with the Trojan.DNSChanger always in the registry key HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\..... Always about 6 or 7 keys.
In my search I noticed that almost every post required different fixes so I do not know what to do to fix my problem.
At times I cannot connect to the internet at all with "page does not exist" or "invalid address errors".
I would appreciate any help I can get.
If there is a general fix then please refer me to it.
BTW Symantec corporate version 9 does not recognize a problem at all.
OS XP sp3
Thanx
Pachy
  • 0

Advertisements

#2
emeraldnzl
Posted 25 November 2008 - 06:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello pachyderm,

Please run MBAM again. See instructions below.

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
So when you return please post
  • MBAM report
  • and the two RSIT logs - log.txt and info.txt

Note: It is likely the reports will not fit on one post. Just use as many posts as you need, that's fine. :)
  • 0

#3
pachyderm
Posted 26 November 2008 - 12:01 AM

pachyderm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi emeraldnzl
thanx 4 the reply but i have had no connectivity for the past two days (I work from home) and yesterday I decided to format and re-install. I suspect that that will solve the issue for now.
I would appreciate an understanding of how to be proactive and keep this from happening again if you don't mind. Are all trojans specific to the infection ? Viruses seem to be easier to deal with.
TNX again
Pachy
  • 0

#4
emeraldnzl
Posted 26 November 2008 - 01:09 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello pachyderm,

You haven't given me a HijackThis log to see what your machine operating system is, or what anti-malware programs you are running so the following comments are general ones. They may not apply directly to your machine.

Also you should be aware that running more than one real time anti-spyware, anti-virus or firewall at the same time can cause a conflict. That conflict could result in error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

-------------------------------------------------------------------------------------------------------------------

Now here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Check your Java is up to date. Older versions are vunerable to malicious attack.

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
--------------------------------------------------------------------------------------------------------------------

Check your Adobe Acrobat Reader; it may be out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Choose one of these that are free for personal use:
  • Comodo Note:Comodo Firewall is no longer available as a stand-alone download and you should choose firewall only during installation.
  • PC Tools Firewall Plus
and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP