Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Check for DNS-Changer malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 2:26 pm

Again, that looks ok. So long as you are able to get the updates I wouldn't worry.

Any more problems/questions? :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 2:54 pm

melboy,

Thanks so much for all your help. In the end all was clean, so that's good.


I do have a few questions to ask, given the opportunity. I appreciate if you can find the time to answer them, or redirect me to where I can get the answer.


1) Do I simply delete all the tools I downloaded in this process, now?


2) Can I keep MBAM, despite having already Avast AV and Spybot S&D?
Does the free MBAM provide resident protection like Spybot's TeaTimer? or it only works as scanner?


3) To update software versions, I usually do a clean install (I think it's the right term? basically I remove the software, then reboot, then reinstall the new version from the offline installer). I do this, for example, with Java, Adobe, Spywareblaster and Spybot S&D, because I know they recommend it.
However with Flash & Shockwave Players I just run the online installer directly over, as they don't mention about clean install and because the updates are usually minor, on a build or sub-version, rather than a major version.
Is this ok or should I do a clean install for them too every time?

With Avast I also update it when it asks me to, just by clicking on the button. But I think it's ok in this case?


4) Do you recommend that I create a new Restore Point, and remove all previous ones now?


5) Firewall: the previous time I came to this forum, the helper advised me to get a better firewall, e.g. Online Armor, as XP's one only covers outgoing traffic.
I must say, I know very very little of FWs but I do know that if I don't use it correctly it could block the whole computer. So I printed out the OA manual and started reading -when I have some time- to understand what it does. I'm still taking my time with this, to make sure I understand it.
However I noticed that the link to the download on the MR forum is to a CNET website: is that a different version from that given directly on OA's original website?
Also, the OA manual says to uninstall any FW before installing OA: how can I uninstall XP's in-built FW? or do I just turn it off?
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 4:09 pm

rbd wrote:Thanks so much for all your help.
You're most welcome - It's better to be safe than sorry! ;)

rbd wrote:1) Do I simply delete all the tools I downloaded in this process, now?
Yes. I'll give you a tool to run that will clean up in my final post.

rbd wrote:2) Can I keep MBAM, despite having already Avast AV and Spybot S&D?
Does the free MBAM provide resident protection like Spybot's TeaTimer? or it only works as scanner?
The free version is on demand only. There is a protection module available in the pro version, but there is a reasonable one-off fee for this. Again I'll give you more information in my final post.

rbd wrote:3) To update software versions, I usually do a clean install...
...Is this ok or should I do a clean install for them too every time?
It's personal preference really. I tend to update with a clean install if it's a major build update. If it's a minor version update I tend just to install over the top - unless I experience problems, then I do a clean install. I use the programs own uninstaller rather than a third party uninstaller as these programs tend to remove all the folders, including those which contain your personal preferences.

rbd wrote:4) Do you recommend that I create a new Restore Point, and remove all previous ones now?
As nothing was found this isn't necessary, but you can if you wish. I can give you instructions if need be.


rbd wrote:5) Firewall:
Firewalls are a personal preference. If you can respond correctly to any questions posed by a third party, bi-directional firewall (Many of which now also include optional HIPs, Host Intrusion Prevention System) & your computer can take the extra resources one would use, then I would recommend you install one.

The Windows firewall is sufficient, it does what a firewall should do. However, it is quite easy for malware to disable it, or circumnavigate it. Malware will still try and turn off third party firewalls by killing their processes though - as they do with any security software - and may also attempt to circumnavigate them by injecting their code into already trusted processes.

If you wish to try it, I would always recommend downloading from the Developers site if possible, although the version on Cnet should be the same.

You will find that OA automatically disables the Windows firewall upon installation. If not, it's easy to disable via the Control Panel.


Anything further? :)


For future information, if you ever have questions you can always ask them in the General Discussions forum: viewforum.php?f=26
There's also information in the Public Library, including the short guide to staying safer online: viewtopic.php?p=557960
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 4:54 pm

melboy,

thanks for your comprehensive answers.

2) I'll keep MBAM, then.
4) Restore Point: I'll take this opportunity to make a bit of space on my hard disk by cleaning the previous RPs. Please do send me instructions.
5) Firewall: ok, i'll try and install OA, once I have finished "studying" its manual. It's also an opportunity for me to learn more about FWs. If anything goes bad, I'll remove it and revert back to the XP one.

One final query:
6) If in future I have reason to believe I might have caught malware, can I use any of the tools you used -just as scanners to verify whether there is a problem- before coming to this forum? I wouldn't want to waste your or another helper's time if it's a false sensation.

Other than that, I really have no further queries.

Thanks again
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 5:17 pm

The tools we use can be quite specialised, so it's always better to get us to take a look. If you had reason to suspect you were infected and your antivirus or Malwarebytes wasn't able to fix it, don't hesitate to open a new topic.

It can help us - If we can grab samples of undetected malware then we can get them added to the scanners & tools definitions.



Your log now appears to be clean. Congratulations!

This is my general post for when your logs show no signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.


OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


Delete any tools left over, including their logfiles by simply right clicking & choosing Delete.


Clear System Restore Points

Turn System Restore off

  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer

    Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


========================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges.
    You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 6:02 pm

oops... I think you forgot to add a link to download OTL! ;)
can you add it here, please.

At the end, can I also remove the MBR.dat that I backed up on my USB flash memory?
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 6:26 pm

Ooops! Sorry, my bad. I thought I'd had you download it earlier.

Use OTC - it does the same job.

OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


It's worth keeping MBR.dat - It's a backup of your Master Boot Record. It could invaluable should your MBR become corrupted or infected in the future.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 8th, 2012, 7:16 am

Hi melboy,

Thanks once more for your help.

I am going to read the info in your final posts and have a look at WinPatrol too.

I followed your instructions. Just one thing: for the System Restore, after unabling it for the C: & D: drives, I noticed the disk space for Restore Points was set to 12% (maximum) for both. I reduced it to 9% for both, to keep the disk less full in future. I hope this is not a bad move - please let me know if it's ok, or I should revert to max setting or I can even lower it more?

Thanks again,

rbd
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 8th, 2012, 7:44 am

Hi rbd :)

You can turn off system restore for your D: drive as it's only required to be running on the system drive C:

9% should still be sufficient, it just means you'll have less restore points to go back should you have a problem.

Your DDS log showed you had 15 restore points covering the last 25 days or so available previously.

==== System Restore Points ===================
.
RP678: 05/06/2012 17:08:28 - System Checkpoint
RP679: 05/06/2012 18:14:52 - Software Distribution Service 3.0
RP680: 09/06/2012 14:27:41 - System Checkpoint
RP681: 10/06/2012 16:39:33 - System Checkpoint
RP682: 12/06/2012 22:40:04 - Software Distribution Service 3.0
RP683: 12/06/2012 22:45:02 - Software Distribution Service 3.0
RP684: 13/06/2012 00:44:46 - Removed Java(TM) 7 Update 4
RP685: 13/06/2012 00:52:42 - Installed Java(TM) 7 Update 5
RP686: 16/06/2012 19:43:50 - System Checkpoint
RP687: 19/06/2012 22:44:47 - System Checkpoint
RP688: 23/06/2012 19:29:36 - System Checkpoint
RP689: 25/06/2012 19:27:15 - System Checkpoint
RP690: 27/06/2012 20:35:38 - System Checkpoint
RP691: 29/06/2012 00:54:33 - System Checkpoint
RP692: 30/06/2012 19:26:15 - System Checkpoint


You could lower it more but bear in mind this cuts down the number of restore points. I would only do this if you are struggling for disk space on the system drive - you need a minimum of 15%

Again according to your DDS log you had approx 50% free.

C: is FIXED (NTFS) - 35 GiB total, 17.626 GiB free.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 8th, 2012, 7:49 am

Ok - I'll keep it at 9% then, and remove it from D: drive.

Final thanks!
I think you can now close this thread - it's someone else's time to benefit from your help.

Regards
rbd
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby Cypher » July 8th, 2012, 10:04 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware