PaulYork Posted February 14, 2009 ID:56508 Share Posted February 14, 2009 I've been having trouble with the automatic updating for windows, with error messages coming up every time I use the PC. Whilst this doesn't seem to be causing too many problems, it is more than mildly annoying!I've looked at the error code that is reported in Vista, which shows as 80244019. Having looked at this online, it looks like I have a DNSChanger Trojan (whatever that is)!The advice was to download MalwareBytes, run the update and scan, which is where it falls down - again, it won't let me update it. I don't want to go ahead and try in safe mode, as I don't want to screw the system up inadvertantly.Any ideas?Cheers!Paul. Link to post Share on other sites More sharing options...
extremeboy Posted February 24, 2009 ID:59301 Share Posted February 24, 2009 Hello.Safe Mode does not screw up your computer. It's another boot mode that can be used. As long as you use safe mode using the F8 method you are fine. I would like you to run 2 scans for me please.If you do not make a reply in 5 days, we will need to close your topic.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.Download and Run ATFCleanerPlease download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.Under Main Select Files to Delete choose: Select All.Click the Empty Selected button.If you use Firefox browser also...Click Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser also...Click Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Download and Run OTScanItDownload OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.Check the Scan all users box at the top left.Change the Rootkit Scan setting from "No" to Yes.Click the Extras button under "Additional Scans".Now click the Run Scan button on the toolbar.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Close Notepad (saving the change if necessary).Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Download gmer.zip and save to your desktop.Alternate Download Site 1Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here. When you have done this, disconnect from the Internet and close all running programs.There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click the >>>Click on Settings, then check the first five settings:System Protection and TracingProcessesSave created processes to the logDriversSave loaded drivers to the log[*]You will be prompted to restart your computer. Please do so.After the reboot, run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.Click on the Scan and wait for the scan to finish.Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.If GMER doesn't work in Normal Mode try running it in Safe ModeImportant!:Please do not select the Show all checkbox during the scan..Please post back with:-OTScanIT log-GMER Scan log-What Problems do you still have?With Regards,Extremeboy Link to post Share on other sites More sharing options...
extremeboy Posted March 1, 2009 ID:60752 Share Posted March 1, 2009 Hello.Are you still there?If you are please follow the instructions in my previous post.If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.Thanks for understanding. With Regards,Extremeboy Link to post Share on other sites More sharing options...
extremeboy Posted March 5, 2009 ID:61779 Share Posted March 5, 2009 Hello.Due to Lack of feedback, this topic will be Closed, by a Moderator.Please start a new thread in the Hijackthis-Malware Removal forum and post a new Hijackthis log if you require assistance again. Do Not PM me please as I need to leave soon and cannot continue to help you at that time frame.This applies only to the original topic starter.Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.With Regards,Extremeboy Link to post Share on other sites More sharing options...
Recommended Posts