Malware / virus preventing connection to BT DNS - please help
Solved/Closed
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
-
May 27, 2016 at 05:43 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 29, 2016 at 04:25 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 29, 2016 at 04:25 PM
Related:
- Malware / virus preventing connection to BT DNS - please help
- Goose virus - Download - Other
- Dns address cannot be found android - Guide
- Ntuser.dat virus - Guide
- Attrib - r-h-s /s /d *.* virus ✓ - Windows Forum
- Can jpg have virus - Guide
14 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 28, 2016 at 05:15 AM
May 28, 2016 at 05:15 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag3 :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
https://authentification.site
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
1. Open this link and download ZHPDiag3 :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
https://authentification.site
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 28, 2016 at 04:36 PM
May 28, 2016 at 04:36 PM
Hello
There are 15 malware in your computer, some capable of causing the problem you are experiencing.
There are also 795 items which you should delete as they are superfluous and may cause your system to act up in the wrong way, in other words your computer will start getting a displeasing attitude.
To get rid of the malware, please download ZHPCleaner:
https://nicolascoolman.eu
Open the file, run a scan and then clean
Post the log here.
Once we have gone through the above, I will show you how to remove the 795 superfluous files.
Good luck
There are 15 malware in your computer, some capable of causing the problem you are experiencing.
There are also 795 items which you should delete as they are superfluous and may cause your system to act up in the wrong way, in other words your computer will start getting a displeasing attitude.
To get rid of the malware, please download ZHPCleaner:
https://nicolascoolman.eu
Open the file, run a scan and then clean
Post the log here.
Once we have gone through the above, I will show you how to remove the 795 superfluous files.
Good luck
xpcman
Posts
19528
Registration date
Wednesday October 8, 2008
Status
Contributor
Last seen
June 15, 2019
1,824
May 27, 2016 at 05:47 PM
May 27, 2016 at 05:47 PM
Did you check to see if a "proxy server" is being used?
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 27, 2016 at 06:43 PM
May 27, 2016 at 06:43 PM
no, there is no proxy server that i can see - but i went into his internet options / advanced and reset internet explorer settings, now he no longer gets the DNS message above he now gets "This page cant be displayed make sure the web address is correct" when his device is connected to my BT hub.
However his laptop will now connect to BTWifi-with-fon and happily view the interent - but only using this option. Ive even tried using a lan cable and as soon its disconnected from the btwifi again its "page cant be displayed"
However his laptop will now connect to BTWifi-with-fon and happily view the interent - but only using this option. Ive even tried using a lan cable and as soon its disconnected from the btwifi again its "page cant be displayed"
Didn't find the answer you are looking for?
Ask a question
What anti-virus are you using? Have you scanned it for virus'? What does Housecall.trendmicro.com say?
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 27, 2016 at 07:16 PM
May 27, 2016 at 07:16 PM
he has malwarebytes and bitdefender (both free versions) on his machine, but i dont think malwarebytes has been updated or run since i last saw his laptop about 5 months ago and hes ignore bitdefender...
im currently running Housecall (never seen it before) will update if it finds anything
now im confused - house call finished and advised:
0 threats found
Vulnerabilities found, please use housecall for home networks to scan and fix.. im a bit cynical about this though as it gives no indication at all as to what this 'vulnerability' may be.
Ok, housecall has finished - nothing picked up on his laptop, the apparently vulnerabilty is my router password
im currently running Housecall (never seen it before) will update if it finds anything
now im confused - house call finished and advised:
0 threats found
Vulnerabilities found, please use housecall for home networks to scan and fix.. im a bit cynical about this though as it gives no indication at all as to what this 'vulnerability' may be.
Ok, housecall has finished - nothing picked up on his laptop, the apparently vulnerabilty is my router password
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 27, 2016 at 08:06 PM
May 27, 2016 at 08:06 PM
yes, i have been updating everything as i go, ill try the spy bot in the morning - otherwise i have a feeling i may be here some time :/
Feed the beast daily. Perhaps if updates were applied when they were available, it might have been prevented!
It's kind of fun to do the impossible! -Walter Elias Disney
It's kind of fun to do the impossible! -Walter Elias Disney
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 28, 2016 at 03:51 AM
May 28, 2016 at 03:51 AM
hahaha i know that - just a shame my dad never listens to me and we end up going through this same scenario at varying times throughout the year - but this time i cant get the bloomin thing to connect and really don't want to flatten it.
Ok, so i got his laptop to connect to my BT Wifi-with-fon (BT Openzone) and i received certificate errors first thing - had to "continue to this website (not recommended" - not sure if this is relevant? But it still wont recognise my BT wifi or ethernet
Ok, so i got his laptop to connect to my BT Wifi-with-fon (BT Openzone) and i received certificate errors first thing - had to "continue to this website (not recommended" - not sure if this is relevant? But it still wont recognise my BT wifi or ethernet
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 28, 2016 at 05:05 AM
May 28, 2016 at 05:05 AM
managed to get the laptop to connect to internet by following https://docs.microsoft.com/en-gb/troubleshoot/browsers/internet-explorer-cannot-display-the-webpage-error
now trying to find out what service is causing his problem
now trying to find out what service is causing his problem
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 28, 2016 at 05:15 PM
May 28, 2016 at 05:15 PM
Thanks, cleaner run
http://speedy.sh/zcWmq/ZHPCleaner.txt
looks like the superflouos stuff has somehow increase to 802 now :(
http://speedy.sh/zcWmq/ZHPCleaner.txt
looks like the superflouos stuff has somehow increase to 802 now :(
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 28, 2016 at 05:26 PM
May 28, 2016 at 05:26 PM
You are on the winner's side !
Can you upload another ZHPDiag log, just to make sure.
Thanks
P.S. Will logout in 15 minutes till tomorrow.
Can you upload another ZHPDiag log, just to make sure.
Thanks
P.S. Will logout in 15 minutes till tomorrow.
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 28, 2016 at 05:46 PM
May 28, 2016 at 05:46 PM
http://speedy.sh/TjryG/ZHPDiag.txt
Diag log
Thanks
Diag log
Thanks
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 28, 2016 at 06:00 PM
May 28, 2016 at 06:00 PM
Hi,
You keep accumulating malware, there are no 6 and 21 superfluous.
You also have anti-virus files while you should have only one. Anti-virus all have their scanning engines, they will slowdown your system and create conflicts perhaps let viruses through. You have and ran F-Secure which is excellent.
Don't use Spybot anymore, it is obsolete no longer efficient
1. Download ZHPFix here
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
O4 - HKLM\..\RunOnce: [ZHPCleaner_Folder1] C:\WINDOWS\System32\config\systemprofile\AppData\Local\WebBar" /F /Q (.not file.)
HKLM\SOFTWARE\Wow6432Node\iWin
3 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\WebBar
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\WebBar
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (...) -- C:\Windows\TEMP\{2FDD94F3-21B2-4A32-A31C-06C4462149A4}.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [SidebarExecute] (...) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{6866BC44-2282-31C5-E678-14FDC9FBE1EC}] (...) -- C:\Users\home\AppData\Local\{67375~1\UNINST~1.EXE (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{BAF505FF-E3DB-4427-A9D7-883BCB94B797}] (...) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{D4A5C3A3-59AF-471C-9561-F43851EFC999}] (...) -- C:\Users\home\AppData\Local\ArcadeTwist\uninstaller.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [350] (.Orphean.) =>.Superfluous.Orphean
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv [2306] (.Orphean.) =>.Superfluous.Orphean
O39 - APT: SidebarExecute - (...) -- C:\WINDOWS\System32\Tasks\SidebarExecute [2090] (.Orphean.) =>.Superfluous.Orphean
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
O34 - HKLM BootExecute: (sdnclean64.exe)
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKCU\SOFTWARE\Safer Networking Limited
O43 - CFD: 25/03/2014 - [0] D -- C:\ProgramData\AstralaxWrapper
O43 - CFD: 15/09/2013 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 13/08/2012 - [0] D -- C:\ProgramData\Product
O43 - CFD: 28/05/2016 - [] D -- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 26/10/2015 - [0] D -- C:\Users\home\AppData\Local\fola
O43 - CFD: 29/07/2015 - [0] D -- C:\Users\home\AppData\Local\Programs\Common
O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DataSharing
O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Packages
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
God luck and God Save the Queen !
You keep accumulating malware, there are no 6 and 21 superfluous.
You also have anti-virus files while you should have only one. Anti-virus all have their scanning engines, they will slowdown your system and create conflicts perhaps let viruses through. You have and ran F-Secure which is excellent.
Don't use Spybot anymore, it is obsolete no longer efficient
1. Download ZHPFix here
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
O4 - HKLM\..\RunOnce: [ZHPCleaner_Folder1] C:\WINDOWS\System32\config\systemprofile\AppData\Local\WebBar" /F /Q (.not file.)
HKLM\SOFTWARE\Wow6432Node\iWin
3 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\WebBar
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\WebBar
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (...) -- C:\Windows\TEMP\{2FDD94F3-21B2-4A32-A31C-06C4462149A4}.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [SidebarExecute] (...) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{6866BC44-2282-31C5-E678-14FDC9FBE1EC}] (...) -- C:\Users\home\AppData\Local\{67375~1\UNINST~1.EXE (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{BAF505FF-E3DB-4427-A9D7-883BCB94B797}] (...) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{D4A5C3A3-59AF-471C-9561-F43851EFC999}] (...) -- C:\Users\home\AppData\Local\ArcadeTwist\uninstaller.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [350] (.Orphean.) =>.Superfluous.Orphean
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv [2306] (.Orphean.) =>.Superfluous.Orphean
O39 - APT: SidebarExecute - (...) -- C:\WINDOWS\System32\Tasks\SidebarExecute [2090] (.Orphean.) =>.Superfluous.Orphean
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
O34 - HKLM BootExecute: (sdnclean64.exe)
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKCU\SOFTWARE\Safer Networking Limited
O43 - CFD: 25/03/2014 - [0] D -- C:\ProgramData\AstralaxWrapper
O43 - CFD: 15/09/2013 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 13/08/2012 - [0] D -- C:\ProgramData\Product
O43 - CFD: 28/05/2016 - [] D -- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 26/10/2015 - [0] D -- C:\Users\home\AppData\Local\fola
O43 - CFD: 29/07/2015 - [0] D -- C:\Users\home\AppData\Local\Programs\Common
O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DataSharing
O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Packages
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
God luck and God Save the Queen !
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 29, 2016 at 05:02 AM
May 29, 2016 at 05:02 AM
this is getting odd, this will be my 3rd attempt at replying but my messages dissapear
http://speedy.sh/35dkz/ZHPFixReport.txt
http://speedy.sh/fvSAN/ZHPFix-R2.txt
there is now only malwarebytes and bitdefender on the machine
if kept up to date and used properly should these 2 applications prevent my dads malware issue - or is there something else i can use on his laptop?
http://speedy.sh/35dkz/ZHPFixReport.txt
http://speedy.sh/fvSAN/ZHPFix-R2.txt
there is now only malwarebytes and bitdefender on the machine
if kept up to date and used properly should these 2 applications prevent my dads malware issue - or is there something else i can use on his laptop?
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 29, 2016 at 05:05 AM
May 29, 2016 at 05:05 AM
this text file also appeared when i ran ZHPfix
http://speedy.sh/96JEf/catchme.log
http://speedy.sh/96JEf/catchme.log
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 29, 2016 at 05:41 AM
May 29, 2016 at 05:41 AM
Okay, we are almost there.
If your Malwarebyte is the free version it's safe to keep it.
You machine should now be clean.
As for the text file. It's normal as we have removed Webbar, to avoid getting the text file again go to:
c:\windows\system32\config\systemprofile\appdata\local\webbar
and delete it.
Cheers
If your Malwarebyte is the free version it's safe to keep it.
You machine should now be clean.
As for the text file. It's normal as we have removed Webbar, to avoid getting the text file again go to:
c:\windows\system32\config\systemprofile\appdata\local\webbar
and delete it.
Cheers
pomp101
Posts
12
Registration date
Friday May 27, 2016
Status
Member
Last seen
May 29, 2016
May 29, 2016 at 09:14 AM
May 29, 2016 at 09:14 AM
Thank you for all for your help!
Ambucias you are a star - lets hope my dad can keep it clean from now on (i think the only way to truly prevent him from putting rubbish in it again though is to chop his hands off - but thats a tad drastic i think)
Thanks again!
Ambucias you are a star - lets hope my dad can keep it clean from now on (i think the only way to truly prevent him from putting rubbish in it again though is to chop his hands off - but thats a tad drastic i think)
Thanks again!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 29, 2016 at 04:25 PM
May 29, 2016 at 04:25 PM
You are most welcome !
P.S. Please, do not chop your dad's hands off ! Making wear boxing gloves.
P.S. Please, do not chop your dad's hands off ! Making wear boxing gloves.
May 28, 2016 at 08:44 AM
http://speedy.sh/bVZuE/ZHPDiag.txt