Trojan.DNSChanger
Closed
hellokitty713
Posts
1
Registration date
Saturday June 19, 2010
Status
Member
Last seen
June 19, 2010
-
Jun 19, 2010 at 01:36 PM
Gervarod - Jul 2, 2010 at 02:43 AM
Gervarod - Jul 2, 2010 at 02:43 AM
6 responses
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Jun 19, 2010 at 11:47 PM
Jun 19, 2010 at 11:47 PM
try this 1
Perform full scan in malware's antimalware software.
download GMER - Rootkit Detector and Remover, just click on this link
http://www2.gmer.net/gmer.zip
Perform the scan and then manually kill process and delete the rootkit.
Perform full scan in malware's antimalware software.
download GMER - Rootkit Detector and Remover, just click on this link
http://www2.gmer.net/gmer.zip
Perform the scan and then manually kill process and delete the rootkit.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jun 22, 2010 at 04:41 PM
Jun 22, 2010 at 04:41 PM
Hello Kitty,
It seems that your message was not received by Jack4All.
I have an alternative to your problem which may prove to be simple, but I really do need to identify any suspicious items in your processes and registry.
To fix the problem, I must have a Hyjacthis log.
http://free.antivirus.com/hijackthis/
Please download, install and request a scan and save a log. Copy the log and post it here.
Catch you later
Regards
It seems that your message was not received by Jack4All.
I have an alternative to your problem which may prove to be simple, but I really do need to identify any suspicious items in your processes and registry.
To fix the problem, I must have a Hyjacthis log.
http://free.antivirus.com/hijackthis/
Please download, install and request a scan and save a log. Copy the log and post it here.
Catch you later
Regards
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Jun 23, 2010 at 06:27 AM
Jun 23, 2010 at 06:27 AM
Hi kitty,
Sorry for the late reply.
GMER - Rootkit Detector and Remover is an application that finds the hidden rootkits.-->just extract that file--->double click to open the application -->click on scan. If you find any hidden process manually kill process and delete the rootkit.
or
You can try this solution, just follow all the 4 steps.
Step 1:
i) Click on start--->Run-->type devmgmt.msc and click on ok--->
device manager will be opened
ii) Then click on the view tab--->select Show Hidden Drivers
Scroll down to non Plug and Play drivers--->Click + at left.
iii) Search these drivers with named TDSSserv.sys or TDSSxyz.sys where xyz
are random characters, msqpdxserv.sys, seneka or seneka.sys---> right click
on it and disable it--->click on yes to confirm it.
Note : If the drivers are not listed in the device manager, then still continue
with step2.
Then restart your computer
Step 2:
i) Download Avenger file, just click on this link
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Extract that file--->just double click on it --> click on yes.-->The Avenger opens.
ii) Just copy and paste this script starting from "drivers to delete" which ends at "C:\resycled" in the input script section.
Drivers to delete:
TDSSserv.sys
msqpdxserv.sys
gaopdxserv.sys
gxvxcserv.sys
seneka
seneka.sys
ndisprot.sys
UACd.sys
MSIVXserv.sys
ESQULserv.sys
Files to delete:
C:\Windows\system32\wdmaud.sys
C:\resycled\bootmatrix.com
Folders to delete:
C:\resycled
iii)Then check the checkbox "Automatically disable any rootkits found".
Click on "Execute"-->Click on Yes.
When it asks you Reboot now?.--->click on Yes
Step 3:
i)Then update your Malware's Anti-Malware and run "Full Scan". ( default is quick scan)
Then remove it and restart it.
Step 4:
i)Click on start-->type ncpa.cpl and click on OK. Network Connections window
will be opened.
ii) Then right click on your local area connection -->click on properties---->then
scroll down and double click on Internet Protocol [TCP/IP]---->click on
"Properties" button-->then Internet Protocol [TCP/IP] properties window will
be opened---> there make sure "Obtain DNS Server address automatically" is
selected.
iii) Then Click on start --->run--->type cmd -->click on OK--->command prompt
will be opened-->then type this command
ipconfig /flushdns ----->press enter.
restart your PC now.
If the problem still exists, follow Ambucias steps and paste the hijackthis log here.
Sorry for the late reply.
GMER - Rootkit Detector and Remover is an application that finds the hidden rootkits.-->just extract that file--->double click to open the application -->click on scan. If you find any hidden process manually kill process and delete the rootkit.
or
You can try this solution, just follow all the 4 steps.
Step 1:
i) Click on start--->Run-->type devmgmt.msc and click on ok--->
device manager will be opened
ii) Then click on the view tab--->select Show Hidden Drivers
Scroll down to non Plug and Play drivers--->Click + at left.
iii) Search these drivers with named TDSSserv.sys or TDSSxyz.sys where xyz
are random characters, msqpdxserv.sys, seneka or seneka.sys---> right click
on it and disable it--->click on yes to confirm it.
Note : If the drivers are not listed in the device manager, then still continue
with step2.
Then restart your computer
Step 2:
i) Download Avenger file, just click on this link
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Extract that file--->just double click on it --> click on yes.-->The Avenger opens.
ii) Just copy and paste this script starting from "drivers to delete" which ends at "C:\resycled" in the input script section.
Drivers to delete:
TDSSserv.sys
msqpdxserv.sys
gaopdxserv.sys
gxvxcserv.sys
seneka
seneka.sys
ndisprot.sys
UACd.sys
MSIVXserv.sys
ESQULserv.sys
Files to delete:
C:\Windows\system32\wdmaud.sys
C:\resycled\bootmatrix.com
Folders to delete:
C:\resycled
iii)Then check the checkbox "Automatically disable any rootkits found".
Click on "Execute"-->Click on Yes.
When it asks you Reboot now?.--->click on Yes
Step 3:
i)Then update your Malware's Anti-Malware and run "Full Scan". ( default is quick scan)
Then remove it and restart it.
Step 4:
i)Click on start-->type ncpa.cpl and click on OK. Network Connections window
will be opened.
ii) Then right click on your local area connection -->click on properties---->then
scroll down and double click on Internet Protocol [TCP/IP]---->click on
"Properties" button-->then Internet Protocol [TCP/IP] properties window will
be opened---> there make sure "Obtain DNS Server address automatically" is
selected.
iii) Then Click on start --->run--->type cmd -->click on OK--->command prompt
will be opened-->then type this command
ipconfig /flushdns ----->press enter.
restart your PC now.
If the problem still exists, follow Ambucias steps and paste the hijackthis log here.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jun 23, 2010 at 07:12 AM
Jun 23, 2010 at 07:12 AM
Hello Jack,
I am impressed! That is what is called cybernetic gymnastics.
I am impressed! That is what is called cybernetic gymnastics.
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Jun 24, 2010 at 07:16 AM
Jun 24, 2010 at 07:16 AM
hello Ambucias,
I am trying my best.
I am trying my best.
Didn't find the answer you are looking for?
Ask a question
Avenger doesnt work, I think, it just opens a pic, that says it cant be displayed...
Sorry if Im doing something wrong, :(
Sorry if Im doing something wrong, :(
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Jun 24, 2010 at 07:17 AM
Jun 24, 2010 at 07:17 AM
hi Kitty,
Try to download the avenger from this link.
http://swandog46.geekstogo.com/avenger2/avenger2.html
Click on download ( you can find it at left side)
Try to download the avenger from this link.
http://swandog46.geekstogo.com/avenger2/avenger2.html
Click on download ( you can find it at left side)
such as using SmitfraudFix which might remove it faster for her.
https://www.bleepingcomputer.com/virus-removal/how-to-use-smitfraudfix
which does remove DNS changers
https://www.bleepingcomputer.com/virus-removal/how-to-use-smitfraudfix
which does remove DNS changers
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jun 27, 2010 at 04:22 PM
Jun 27, 2010 at 04:22 PM
Hello Gervarod,
I had forgotten about smitfraudfix. Good idea! I am proud of you!
I had forgotten about smitfraudfix. Good idea! I am proud of you!
the best & only way I have found is to reinstall the router. despite what all others suggest -- i've tried them all. was very successful w/ reintstalling the router.
Cheers,
Josh
Cheers,
Josh
well if you put your computer in safe mode then run https://www.bleepingcomputer.com/virus-removal/how-to-use-smitfraudfix then it should remove the TrojanDNS changer