Jump to content

LoranK

Members
  • Content Count

    10
  • Joined

  • Last visited

About LoranK

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. LoranK

    the problem with DNS hijacker

    I finally found out what the problems were with SAS finding a virus with the DNS Hijacker trojan. the company that sets the DNS suffix was overloaded with traffic. So to keep the speed up with the conections it received a Tunnel Adapter Teredo Tunneling Pseudo-interface. SAS was picking it up as a Virus when SAS deleted the virus it would delete the complete IP Address and submask net.I would see it twice because there is a tunneling and an auto tunneling interface on with the Ip Address. has anyone else had these kinds of problems? Or I up in the night?
  2. LoranK

    False Positive crippling the IP address

    Thanks, I did tonight. I was sending one of the logs to microsoftt as well. Because my Dr,Watson Postmortum debugger keeps having errors when I have more than 3 tabs open. they are registry items Microsoft may be able to have me rewrite the controlset. Unless you know? I have been browsing around this fourm and have had some of these same experiances as some of the other members. I like the fact that you guys that are good at computers are willing to help the novices like me without replies dripping in sarcasm. thanks, Loran
  3. LoranK

    False Positive crippling the IP address

    Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link.
  4. LoranK

    sas wont remove virus

    I don't think reset will work in this case because it's not the browser that is the problem it is the controlset. that is in MDOS Explorer is the shell. reset will not reconfigure MDOS settings.
  5. LoranK

    sas wont remove virus

    I was having the same problems. Seth is hopfully going to look at my post. what I had to do to restore explorer is to roll back to a restore date. that way you will be able to accsess internet. I think what is happening is the Ip Address is being removed when SAS removes the virus. view the log file to see if it says Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER If this is what it looks like then that is what is most likly happening. If you go into control panel and type ipconfig and it pulls up internal error registry item missing or incomplete. contact microsoft. then thats what it is for sure. I can't figure out how to get rid of the virus either. I think the virus is embeded in the controlset SAS can't distingush the harmful from the required so it will delete it all. that's my thoughts. If you come up with a remedy let me know I would like to smoke the one that I can't get rid of.
  6. LoranK

    Sue for my stupidity

    everyone is entitled to screw up once in a while!
  7. LoranK

    False Positive crippling the IP address

    Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored.::::::::::SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/26/2010 at 02:26 AM Application Version : 4.39.1002 Core Rules Database Version : 5122 Trace Rules Database Version: 2934 Scan type : Complete Scan Total Scan Time : 00:55:45 Memory items scanned : 497 Memory threats detected : 0 Registry items scanned : 8099 Registry threats detected : 113 File items scanned : 34334 File threats detected : 186 Adware.MyWebSearch HKU\S-1-5-21-3618631481-395094298-1503050598-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D :::::::::::this is the first section that I pasted this below is the next section Note the Colons are the breaks that I put in so you can tell what is my typing and what was pasted. I skipped a small section with my sons information in it ::::::::::::::::: C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115605.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115606.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115607.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115608.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115609.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115610.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115611.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115612.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116105.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116106.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116107.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116108.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116109.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116285.DLL Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt C:\Documents and Settings\Owner\Cookies\owner@aws.112.2o7[1].txt C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt;:::::::::::::::::::::::there is a small break of a few lines again below is the rest::::::::::::::::::::HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8 HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#msn.exe.pos HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#msn.exe.pos HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\FunWebProducts HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#UseFWB HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#mwsask HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#UninstallString HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath HKLM\SOFTWARE\MyWebSearch\bar#Id HKLM\SOFTWARE\MyWebSearch\bar#CurInstall HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#CacheDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision HKLM\SOFTWARE\MyWebSearch\bar#sscLabel HKLM\SOFTWARE\MyWebSearch\bar#sscURL HKLM\SOFTWARE\MyWebSearch\bar#Flags HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113765.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113766.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115059.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115060.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115562.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115577.SCR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115580.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115581.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115582.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115583.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115584.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115585.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115586.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115587.SCR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115589.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115590.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115591.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115592.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116651.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116652.DLL Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER
  8. Has anyone that has used the Super anti spyware program had trouble with it recognizing the IP address as a spyware program? three weeks ago I had this Happen. I had the program doing a routine scan and it gave me a odd message about my Lan cable being unplugged. I started by ending the program short of scanning and closed all my programs. then I tried to get back online (after checking connections)the message came up that said Registry file missing Contact Microsoft. I had no way to contact microsoft because I couldn't even get my computer online. I went into comand promt to see if I could configure the IP address Manually because I couldn't ping any other computers. when I type in the IP Config command the promt read IP address 00000 Submask Net 00000 and the Gatway Default 00000. I tried everything I could think of until I finally realized that I had to rollback my computer to the last time I downloaded new definitions from Superantispyware. Just to see what would happen I ran a scan and same as always it came back with the same spyware to be deleted. I deleted it then I was prompted to get a definiton update. I was a little worried about it so I declined. then went to the website directly to see if there were in fact updates there were and so I downloaded them. I ran a scan and in about the same place throughout the scan I had the samething happen to me. to no avail I had to roll back the computer again to fix the problem. I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus so you can't run two spyware programs on your computer at once thats why when you get a new spyware program the instructions tell you to remove all previous spyware programs. that makes sense because I forgot about one once and they both came up with each Identifing the other as a virus. He recommeded I uninstall the program and get a better one. I unistalled it and have not been using it since. I have had no other problems yet. I didn't want to stop using Superantispyware because it seemed to catch alot of tracking cookies. It does put the seed of wonder into my head that the superantispyware site will (when updating insert its own harmless adwares to find)I was wondering if anyone had thoughts on this? I only know enough about computers to be dangerous when trying to fix my problems. Sometimes I can and sometimes I make it worse. would someone please clarify this for me? I would like to re download Superantispyware again On my computer because I thought it really worked. I can't afford to pay a yearly fee to keep people off my computer and I can't afford not to be protected. Thanks in advance to any pros out there with advice. Loran
×