Windows updates direct to MSN

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bvarner, Nov 17, 2008.

  1. bvarner

    bvarner Private E-2

    Have home network with linksys wirelss router with 2 wireless laptops connected.

    On an XP laptop we had several viruses, trojan horses, etc. we have ran cc cleaner and adaware as well as AVG in safe mode until clean. However, windows updates still go to MSN. Do you think it is in the registry, do you have a better cleaner than cc cleaner?

    2nd laptop has Vista 64 bit. After doing the recent windows updates, it reboots fine and lets me back on fine. however, when shutting it completelly off and back on, I cannot type in the password at the welcome screen. the last upates were some security updates, a core services 4.0 service pack 2 update KB954430 as well as a junk email update. I tried installing them one at a time and rebooted between each one last night. When I turned it completely off, can't login in. I am having to restore back two days ago.

    Think the virus effected the router? Do i need to reset it? Anybody know how other than just holding in the reset button.

    Thanks
     
    bvarner, Nov 17, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Sounds like you may have a Zlob.DNS changer infection.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

    After completing ALL of the above, you need to do the below since the infection you have is known to infect router hardware. If you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.

    After doing the above, tell us how things are working.
     
    chaslang, Nov 18, 2008
    #2
  3. bvarner

    bvarner Private E-2

    Thank you I will try this hopefully tonight and let you know what happens. Just wondered if I change the DNS settings on my router and laptop, would that help once the virus is cleaned? I talked with my ISP and they gave me a different one to use than what I have already. I have also reset my router back to the factory settings and resetup the security with all new passwords...

    ON my second laptop with Vista 64 bit, I can get to the windows updates and install them and reboot with no problems. If I cut the laptop off though it will not let me type in my password at the logon. Would this virus do this as well?
     
    bvarner, Nov 19, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since you have not run the cleaning procedure and given us any logs, we don't know what infections you have. Thus we cannot answer your question. If you have already put in a new router or have reset to factory defaults that takes care of the possibility that your router was infected unless you reinfected it because you had not first cleaned your PC.

    We can only work one PC in a thread. So you will have to work this PC in a new thread. Note that without knowing what infections you had we cannot answer these questions with any accuracy.
     
    chaslang, Nov 22, 2008
    #4
  5. bvarner

    bvarner Private E-2

    I ran the first 2 on the instructions and the Super Anti-Spyware removed the virus. Thank you for your help. the log from SAS is below.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/23/2008 at 09:26 AM

    Application Version : 4.22.1014

    Core Rules Database Version : 3640
    Trace Rules Database Version: 1623

    Scan type : Complete Scan
    Total Scan Time : 00:40:24

    Memory items scanned : 289
    Memory threats detected : 0
    Registry items scanned : 3975
    Registry threats detected : 5
    File items scanned : 13074
    File threats detected : 0

    Adware.IWinGames
    HKU\S-1-5-21-1177238915-1060284298-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

    Trojan.DNS-Changer (Hi-Jacked DNS)
    HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{A5A09B80-C7F6-48D3-888B-8C25FC25E772}#NAMESERVER
    HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CF998619-2457-4044-BBEB-C58053104459}#NAMESERVER
    HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{A5A09B80-C7F6-48D3-888B-8C25FC25E772}#NAMESERVER
    HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CF998619-2457-4044-BBEB-C58053104459}#NAMESERVER
     
    bvarner, Nov 23, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may not be finished. You need to run the whole cleaning procedure and ATTACH ( not post inline like you did ) the other 3 logs. You may need to reset your router to factory defaults too to finish removing the problem.
     
    chaslang, Nov 24, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds