Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter · #1 ·
here is my story. I was hit via drive by with a malicious trojan on my windows XP computer. I managed to remove it but since removing it I have gotten notifications of a couple IP numbers being blocked by malwarebytes trying to access my computer everytime I get on the internet. from what I understand this a is a backdoor trojan.

I hooked up a different new computer with Windows 7 via the same connection and I still get the pop ups. I have tried banning the IP in router settings and that doesnt work. I have gotten atleast two different IP numbers listed as trying to access my computers. is this an issue with the connection itself only or are my computers doomed no matter what place I take them to hook up to the internet?

any help would be greatly appreciated. :4-dontkno
 

·
TSF-Emeritus
Joined
·
8,956 Posts
Reset the router and flush the DNS


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.



NEXT

On the Win 7 machine:
  1. Click the Microsoft Start logo in the bottom left corner of the screen
  2. Click All Programs
  3. Click Accessories
  4. RIGHT-click on Command Prompt
  5. Select Run As Administrator
  6. In the command window type the following and then hit enter:

    ipconfig /flushdns​
  7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Now on the XP machine:
  • Go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


NEXT


we need to check to make sure the XP machine is not infected:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

·
Registered
Joined
·
15 Posts
Discussion Starter · #3 ·
I have a couple of questions, first and foremost thank you for all the help!

there is also a third computer connected to the internet via wireless to the router. this computer doesnt get the pop ups and doesnt seem infected. will reseting the router and flushing the DNS affect this computer?

for my XP machine I am keeping it disconnected from the internet. my windows 7 computer is the one I wanted to keep connected. I have run full system scans with malwarebytes on the XP machine and have gotten nothing, doesnt seem like neither is infected, but I get IP block pop ups on both. could this be solved by simply connecting the computer up to the internet elsewhere?
 

·
TSF-Emeritus
Joined
·
8,956 Posts
honestly, I'm really not sure, without diagnostic scans to look through, I'm not sure exactly what has happened, whether it's just one, two or all the machines affected or just the router, I won't be able to know without a thorough look.

run the diagnostic scans on the XP and we'll start there.

run an ESET online scan on the other two to make sure they are OK (we'll do this on the XP too after we've had a look at it with the diagnostic scans)


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top