1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Dns- Block

Discussion in 'Web & Email' started by TOW-fixxxer, Nov 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    Ok here I go I am finally going to ask for some help with this problem. ok here i go first my comp specs(The one thats messed up)*not the one im currently on

    windows 98se
    1.8ghz athlon xp 512mb ram, gigabyte mobo, GeForce 5500, im using a alcatel usb DSL modem (where i think some what of the problem lies)

    ok heres the prob now im ready to go download and get any logs i need to help with the solution... now a couple of days my dad was online using my comp (the broken one not this one) and well spyware adware foistware trojans keyloggers and malware were all infesting my comp , so first things first i disconnected from the net ran, spybot s&d, bazooka spyware scanner, and ad- aware se they all found spyware but not all of it, so i went through my regestry and windows and windows system folders deleting all suspected spyware..after words i booted my comp and now i no longer can acess the internet it gives me a 404 not found and i know im connected cuz the modem icon shows i am and that my comp can acess a connection... i still have some spyware left but i want to connect to the net so i can run a panda scan and update my adaware and spybot libraries i think that can finish it off... i know i have spy ware left its from thw VX2 company(but back to the problem go to the [] if you want know about the spyware ) i ran the diagnostic program that comes with my modem it says i can reach the server but none of the dns domains like www.yahoo.com so can anyone help i will go download whatever i need and post any logs like if u want a hijack this log or what not

    [yes another thing i notice is since the spyware Rundll32.exe boots at startup and runs in the background eating resources, and when i cancel it from running and run adaware it finds a new and different dll file infected with VX2 but only when i cancel the rundll32.exe from running in the background i even replaced it and yet i still get the same thing and there is a file "DLNDI.DLL" that stays hidden and im unable to delete it because its a "system" file but when i copied it and pasted it in a seperate directory adaware found it but not when its in the system folder >>>weird ehh<<<]

    so please help i can submit whatever logs needed just request cool thanks and i appreciate any help
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
  3. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    awsome ill try it and get back to you
    appreciate all the help i didnt know getting help would be this easy u guys dont know how hard it is asking for help im so used to fixing my own problems lol
     
  4. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    ok kool i got it online updated my adaware se and spybot programs ran them and they found mnost of the errors but still some phantom program i dont see runniong is downloading and putting random programs on my comp such as addestroyer virtualbouncer se searchbar etc,... i tried running a panda scan but it sits there and wont log on do you guys know of anything i could try running to get rid of this crap.... and what program would give youguys a good log of whats running so you can help me find the source of this trojan/virus / malware program??
     
  5. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
  6. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Glad you got online. That version of the Winsock fix is only for 9x and not XP or 2000, but it replaces the registry keys that are much more than we can be expected to do manually, unless you backed up that portion of your registry.

    Follow dugg's suggestion and post a log.
     
  7. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    You can download an AV floppy set here to scan while Windows is not running (FAT or NTFS):

    AV 4-floppy rescue set:
    http://www.centralcommand.com/ts/dl/rescuedisk.exe

    AV rescue CD:
    http://www.centralcommand.com/ts/dl/rescuedisk.iso

    These floppies can have their virus profiles updated by downloading the updates and copying them to the first 2 floppies:
    http://update.vexira.com/vdf.aa (floppy 1 update)
    http://update.vexira.com/vdf.ab (floppy 2 update)

    Here is another online scan in case the malware disabled Panda and TrendMicro:

    http://www.stop-sign.com/index.php?...dc001&ver=online&SV=se035&dc=1&mc_install=stp
     
  8. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    awsome im gonna try all that you have said and im going download hijack to post a log
     
  9. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    Logfile of HijackThis v1.98.2
    Scan saved at 5:34:21 PM, on 11/9/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINZIP\winzip.exe
    C:\WINDOWS\TEMP\HIJACKTH.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bellsouth.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\31I554\C\AIM95\AIM.EXE (file missing)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
     
  10. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
    Hi, I can't see anything in the log which would cause these kind of problems, although you can fix these to tidy up

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing

    You could also try reinstalling the modem
     
  11. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    Well i know for a fact thatsomething is wrong because something continually spawns pop-ups and something is phantomly installing programs, and also i cant stop rundll32.exe from running at start up i have to manually end the task yet **** still somehow gets on my comp from being online please help me find an online scan or somethinf that works that stop sign found 5 things and none of them seemed to solve it after i got rid of them and the weird thing is nothing is finding them im gonna still try to panda scan it but im kinda waiting on a library update from adaware cuz mabye they wuill find it
    eventually and i can nip this in the bud
     
  12. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Check what starts up from all the possible locations on your machine. Try "autoruns". look under the View tab to include more locations and options.

    http://www.sysinternals.com/files/autoruns.zip

    Look around at the programs you are running when those popups start. Just the other day I started getting popups from seemingly nowhere. It turned out that a registry cleaning had unregistered FlashGet and it had turned back into adware. The serial fixed that.

    Search your machine for folders with names like "adcache", or just "ads". If you find any, look around in them to see if you can determine their origins before deleting.

    You can use this Process Explorer to search for what application is using that folder and putting the ads there:

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
     
  13. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    Cool i tried both and i got rid of most the stuff that seemingly installed it self on my comp i still have a threat left ...... i have a FEELING its the one doing all this ad-aware says its by the VX2 company and this is how i noticed it to work....[ i boot up my comp and rundll32 runs at startup and runs in the background, now if i log on i have pop-ups galore and lots of software downloads it self that i have no desire of having (even that dreaded pornscreensaver.src that booked space will put on your comp) and stuff from kudd.com, but when i run adaware nothing, so i end the task of running rundll32.exe and run adaware and it always finds one .dll file related to the VX2 company ad aware says in the info its a low risk malware that installs unsolicited software and spawns pop-ups but really its should be a high threat cuz it kills resources and disk space is there any program i can use to look into the rundll32.exe and see where or how its booting itself from start up or where its getting its data from im gonna check those other 2 utilities to but just wondering i think if i can kill this vx2 bug i can rap it up searched my comp feircely and i cant find what the hell keeps reinstalling it ieven remade a new rundll32.exe from another comp so that doesnt work to overide it... ill update you as i find more......... also theres a file DLNDI.DLL in that case theres no way to delete it but i think it has something to do with the VX2 but i cant delete it in windows because its a system file and i tried through dos and dos says theres no file named that any ideas... the way i believe its related to vx is all those3 files that adware finds when i look at the properties it says its by NIC Technologies so lets beat this thing
     
  14. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
    I'm not sure if I follow your post correctly, did adaware remove VX2. If not theres an addon on www.lavasoft.de especially for removing VX2.
     
  15. TOW-fixxxer

    TOW-fixxxer Thread Starter

    Joined:
    Nov 7, 2004
    Messages:
    170
    well im sorry my post did get off subeject a little
    but yeah adaware does delete the one file associated with it but for some reason a new will be made every time i end the task of running rundll32.exe and rundll32.exe always runs at startup so i need to stop it from coming up at startup and then run adaware to see what that does to fix the program but i will see if i hae the VX2 update for adaware thanks dugg

    ohh yeah
    i looked at those 2 programs that check autoruns and stuff im gonna take a screen shot and post it in a little while but i need to go do some other stuff to my comp
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/293674

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice