Help removing zlobDNSChanger

I reset the setting but it didn't help. Here are the results of the scan ( I don't know if I did it right or not - it didn't give me any options like you had said - there just the scan button ) :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-27 15:53:49
PROTECTIONS: 2
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 10.0 No Yes
Windows Defender 1.1.3807.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@advertising[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@overture[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@zedo[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@adrevolver[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Merlin\Cookies\merlin@enhance[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location O
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description O
;===================================================================================================================================================================================
108742 MEDIUM MS06-006 O
;===================================================================================================================================================================================
 
Hey,

All the scans are finding nothing bad. Lets do this. If your using a router, shut down your system, turn off the router by pulling the power cable, tunn off your Cable or DSL modem by pulling the power cable, let it all sit for about 5 minutes, turn on the , the modem, then the router and then boot up your system, sometimes the router and cable modem has to be flushed out.

Tell you the truth , I am about out of ideas, all the scans are picking up nothing bad.

You have Firefox installed, make sure its the latest version , 3.0.1, if not Download the new version, install it and run it, it will ask you if you want to make it your default browser, this is up to you, you can run both IE and Firefox without any conflicts. See if Firefox works normally or it its redirecting you also.

Firefox 3
 
Hi Ken,
I shut down the system and rebooted. Still having issues but mainly just when checking my e-mail. I guess if my scans show nothing bad than I shouldn't be too worried. I appreciate all you have done to help me. If you can think of anything else I should do - let me know. If not, thanks for the time you have spent working on my problem!
 
Whats happening should not, try this and lets see if it picks up anything

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
I tried the scan a couple of times but it kept failing. It spent ages on the registry dump and then came up with this error :

AutoIt error
Line 1:
Error: Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.

I don't know what that means but I'm sure you do!
 
Hello,

Never saw that error before, I am going to have someone else look at this in case I missed something.


Try running the free online scanner from NOD, its excellent for picking up the bad guys

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Hi Ken,
This scan also found nothing. Here is the log :

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3412 (20080903)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=0375f3eea5609848bed79f9c5b262788
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-03 08:51:05
# local_time=2008-09-03 04:51:05 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=347947
# found=0
# scan_time=2913
 
Bones,

We can run scans until we're blue in the face and they are not going to find anything. One of the things I love about doing what I do is that I am in contact with so many nice people that are dedicated to removing this garbage. I posted myself on our forum for helpers and a few other helpers had the same issue, I could be wrong but the problem that we have is the the Wareout infection you had or still have has hacked into your router and changed the setting on it. I have seen this happen in the past but I have not helped anyone who this has happened to.

Give me some information, what brand and model of router do you have?

Try bypassing the router by plugging your cable or DSL modem right into your computer and see if the problem persists, let me know.


Please do following steps:
1. Reset router , most routers have a reset button that you hold in for a minute or so
2. Your going to have to set up this router like you did when it was new
3. change password to some other than the default one.
4. check dns settings in router (Configuring DHCP Server information -part in this manual) Let me know if there set to 85.255.115.34


In the windows control panel. If you are using Windows XP's Category
View, select the Network and Internet Connections category otherwise
double click on Network Connections. Then right click on your default
connection, usually local area connection for cable and dsl, and left
click on properties. Click the Networking tab. Double-click on the
Internet Protocol (TCP/IP).

Select the radio dial that says
Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems

Next Go start run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)



Let me know how you stand after all this, I know its a mouthfull but the infections nowadays are getting more sophisticated all the time.
 
You must log in or register to reply here.
Back
Top