Author Topic: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS  (Read 10662 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #15 on: October 18, 2011, 09:31:44 PM »
It should nearly be finished now so let it run and then run CF

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #16 on: October 18, 2011, 09:32:53 PM »
OTL quickscan is done so I will attach the results and then move on to ComboFix

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #17 on: October 18, 2011, 09:35:36 PM »
OK the minor players have gone so it is all down to combofix now  ;D

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #18 on: October 18, 2011, 09:49:06 PM »
ComboFix made it past Step 50 and began deleting files....then my screen went dark....should I do something?

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #19 on: October 18, 2011, 09:52:31 PM »
OK, my screen lit up again, but there are no desktop icons and I can't use my mouse...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #20 on: October 18, 2011, 09:56:12 PM »
Is combofix still running ? Is there hard drive activity


BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #21 on: October 18, 2011, 09:56:54 PM »
I restarted the machine and says "don not run any programs until ComboFix has finished"

Sorry for the panic replies....

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #22 on: October 18, 2011, 09:58:40 PM »
No problem, if you have never used the programme before it can get a bit scary

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #23 on: October 18, 2011, 10:00:53 PM »
I am not sure if it is doing anything.

Inside the blue dialog box it says :  "Preparing Log Report.  Do not run any programs until ComboFix has finished" 

There is a yellow flashing cursor underneath.  Should it be taking this long?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #24 on: October 18, 2011, 10:02:45 PM »
Should take no more than five minutes, but as this is a complex infection it may take a tad longer

If it still appears to hang after that then restart normally and look for the log at C:\combofix.txt

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #25 on: October 18, 2011, 10:11:18 PM »
OK...here is what I found:

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #26 on: October 18, 2011, 10:14:04 PM »
Only a partial log - but no mind

Is Avast reporting anything now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Files
    ipconfig /flushdns /c
    C:\Windows\assembly\tmp\U

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #27 on: October 18, 2011, 10:18:08 PM »
I am running OTL now.  SO FAR SO GOOD!  MY firewall is back on!  It does not look like I am being re-directed to different websites!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #28 on: October 18, 2011, 10:22:11 PM »
See, scary but fun  ;D

BethK

  • Guest
Re: Win32:DNSChanger-VJ [Trj] Infection and REDIRECT VIRUS
« Reply #29 on: October 18, 2011, 10:26:35 PM »
haha....not sure about fun!! ;D