TechSpot

Cannot run 8-step guide

By dickiedog
Nov 25, 2008
  1. unfortunately i can not open any of your guidelines i know i have a virus on my system a rogue dns server any ideas of how to get around this :
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  3. dickiedog

    dickiedog TS Rookie Topic Starter

    i cannot down load anything from the 8 steps. i am currentley running zonealarm would this be stopping this?
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes please un-install all live protecting software packages (as per the guide)
     
  5. dickiedog

    dickiedog TS Rookie Topic Starter

    finished 8 step guide

    i have completed the 8 step guide the trouble with my computer is that when i am on the net it redirects me to a different page from wot i want i have attached the logs requested can any one help !
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Are you now able to install an Antivirus?
    Here is a direct link to Avira (free) Antivirus
    Please download; install; update; and perform a full scan

    Otherwise (and actually do this)

    [​IMG]Run Kaspersky Online AV Scanner

    In order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
  7. dickiedog

    dickiedog TS Rookie Topic Starter

    dns server problem

    downloaded avira and it would not update i then tryed the kap online and it gave me an error unable to resolve source dns server. my server for my dns is listed as 85.255.112.123 got any ideas?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Manual steps to repair or to reset Winsock for Windows Vista users
    • 1. Click [​IMG], type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
    • 2. Type netsh winsock reset at the command prompt, and then press ENTER.

      Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.

    • 3. Type exit, and then press ENTER.
     
  9. dickiedog

    dickiedog TS Rookie Topic Starter

    dns name

    followed instructions to restart the com so i typed in exit then restarted it then tryed the kap online again to no avail.it gives me the same error as before should i have restarted the com before i typed exit
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    No it's not it :(

    ...

    I apologize, I must go
    I have an appointment that I cannot miss
    I'll return here in approx 2 hrs or so
    By the way it's something simple, like stopping something in TaskManager, or checking the network properties, and removing any DNS entry (but write it down first.

    Must go....
     
  11. dickiedog

    dickiedog TS Rookie Topic Starter

    dns server problem

    this is wot i have done to date i first noticed the problem a week ago my internet browser was redirecting from my search page to a different web page than the one i clicked on i can not go to page two of my searches i tryed last night to change the dns addresses which are at the moment 85.255.112.123 and 85.255.112.234 these were delected and i entered ip addreses and dns that i got from my internet providers website i also changed the setting to reconise these and not connect automatically to any others but these i restarted my com but to no avail.
    when i got back on the system was redirected back to these two dns servers and was receiving auto ip addresses again

    i have also deleted my web search engine but still have the same problem

    when i got my network to do a diagnose on this it told me that there was a problem with these dns server nums that start 85.255.11...... when i researched on the net i was made aware that other people have had the same problem and it is a pharming virus that i have inavertantly downloaded on reading further up on this i have been told that i will need a complete reboot of the system wil this be needed because i have no reboot disks for my com.
     
     
  12. rf6647

    rf6647 TS Maniac Posts: 931

    Please accept a slight interruption. If you have tried the logical, how about trying the radical. This is based on current folklore surrounding DNSChanger.Trojan.Agent (an infection removed by SAS).

    This computer should be isolated from other computers on the local network (typically attached to a router).

    Protect from contamination of unknown origin - if this is not practical, then proceed with scans.
    Disconnect all computers from the router (local network). Power cycle the router (remove power, restore power). Connect only the infected computer to the router.

    Your earlier logs show found and removed items.

    Rerun both MBAM & SAS.

    This effort is complete when logs report NO infections/threats, or reporting something it can not clean.

    Restart the computer. Scan with HJT.

    Posts logs. Report progress & what changes are observed.
     
  13. dickiedog

    dickiedog TS Rookie Topic Starter

    dns server problem

    i have been running malware now for 6 hours and it has checked over 6 million files on my computer my harddrive is only 500 gb and i am only using 160 gb of this is this correct .
    the program seems to be going over the same messanger files again and again
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    This is where CCleaner would have been best to run first
    To remove all those thousands of temp files first ;)
     
  15. dickiedog

    dickiedog TS Rookie Topic Starter

    dns server problem

    i ran cc first then updated my malware which the system now allows me to do then i ran a full scan and it is still running through the same few messenger files the scan has not found any infections should i leave it running or abort it ?
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    It depends, where in the alphabetically scan process is it at?
    If it's close to the end, then No (ie if it's up to Windows folder (ie W))

    But if you're still scanning before even the Windows folder, it probably would be best to stop it, and then scan in Safe mode (by pressing F8 at Windows startup)
     
  17. dickiedog

    dickiedog TS Rookie Topic Starter

    this is wot the scan says at the moment c;\users\dickie\appdata\local\microsoft\messenger\ after this if scans the same files about a dozen and a half of them suggestions:confused:
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Is messenger off?

    Anyway its gone past Windows folder that's a plus :)

    edit

    Hang-on, no it hasn't (I need to know how to spell better)
    Maybe scan in Safe Mode
     
  19. dickiedog

    dickiedog TS Rookie Topic Starter

    messenger is off so i going to do wot u said see if it helps :D
     
  20. dickiedog

    dickiedog TS Rookie Topic Starter

    is everything fixed

    i have done everything that was said i now have no numbers in my dns server list and my web browser does not redirect me anymore :approve:i have attached the log files is there anything else i got to do
     
  21. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.