Trojan DNSChanger infects keeps coming back.

[pskelley]

Then I loaded AVG did an update and it found some files that were infected and after fixing them I did a restart and it won't boot.

Any program, no matter how careful they are can make a mistake, that's why AVG quarantines what it removes. You can access that quarantine via the AVG interface, click History then Virus Vault. As you can see any files can be restored. You can also google the files removed to see what they are if you are not sure or send them to AVG for analysis. Here are free online scanners that are handy to have:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

A good idea to let stuff AVG remove to stay in the Virus Vault for at least a few days befoe deleting it.

I can not tell you much more without knowing the error message you got when the computer would not boot. Sometime a restart will correct they issue. You might also want to run System File Checker to make sure nothing is missing or corrupt: http://dwightblackburn.com/winxp/ <<< tut

Thanks...Phil

[Bob.G]

Hi Phil.

I restored the HD from the image of the last total backup. I went back through the steps we took to clean the DNS Changer then reinstalled AVG and ran a complete scan. it detected no infected files. I haven't had time yet to do much surfing to see if the problem is resolved completely or not.

When I re-installed S&D it will not update. I get a message "Error retrieving Update into file". I can browse in IE so I don't think it is an internet connection problem and I have not reinstalled the Ashampoo firewall yet. Any suggestions?

Thanks

Bob

[pskelley]

Thanks for the feedback Bob, this thread will remain open until all malware issues are resolved one way or another. (we still have have to remove combofix and wrap up) I am not an expert on Spybot S&D <<< assume that is what you meant.

I would first suggest you try updating other programs and if they are ok, then uninstall Spybot S&D and install it again. If you still have issues, then look here for answers and to post your questions.
http://forums.spybot.info/forumdisplay.php?f=4

I also updated Spybot S&D on this computer just now and it updated fine. One thing you can try, update from a different server, change the update location when prompted to update.

Keep me posted...Phil

[Bob.G]

Thanks Phil.

I fixed the problem. I had to change the DNS settings. I'll run a S&D scan now. Should I also immunize?

Bob

[pskelley]

Always immunize after you do do any updates:
http://www.safer-networking.org/en/faq/index.html

I'll post this information for you now if you are ready for it.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.



Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


(I can't see where I ever got the first MBAM scan result, so if you have questions about the results, please post them)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update AVG 8 and scan the system, to be sure it is running right and scanning clean.
Good AVG information: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/m...oes/Links.html

[Bob.G]

Hi Phil.

Everything seems to be OK. I really appreciate the help you've given me on this. So I guess this case can be closed. What are you're reccomended procedures now that it's clean to maitain it clean?

On my other computer I have a lot of processes that load on start-up and was hoping you could give me some some advise or point me toward a solution on how to clean that up. I've cleared the prefetch once but it keeps loading things I don't need it to load at start-up.

Thanks again.

Bob

[pskelley]

Hi Bob, if you would read the links above, I believe all of your questions will be answers. It's not a good idea to mix computer in the same thread, but this information should help you:

What to do if your Computer's running slowly
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutori...ningslowly.php
http://users.telenet.be/bluepatchy/m...wcomputer.html <<< posted earlier
http://www.microsoft.com/atwork/getstarted/speed.mspx


Prefetch is an important part of the operating system, please read the information in the link I posted once already:
http://www.windowsnetworking.com/art...efetch-XP.html
http://www.google.com/search?hl=en&q...earch&aq=f&oq=


Thanks