Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites|Sign in
Microsoft
|Communities Home|Communities Worldwide
  changing info in system information in microsoft.public.security.homeusers  
 |  Edit my Profile  |  Help
 
     
   
 
 
 
topo 2/5/2008 12:30 PM PST
  Question
  system tools-system information-internet settings-connectivity. i scrolled
down to name server address. primary dns 85.255.xxx.xx secondary dns
85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped me
restore my computer. the above 2 dns addresses were the rouge varmits
causing the problems. why are they showing up in system information and how
do i remove them from sys info. my machine is clean. xp, sp2, ie6, dsl
thanks
--
topo
 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
 
 
David H. Lipman 2/5/2008 2:51 PM PST
   
  From: "topo" <topo@discussions.microsoft.com>

| system tools-system information-internet settings-connectivity. i scrolled
| down to name server address. primary dns 85.255.xxx.xx secondary dns
| 85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped me
| restore my computer. the above 2 dns addresses were the rouge varmits
| causing the problems. why are they showing up in system information and how
| do i remove them from sys info. my machine is clean. xp, sp2, ie6, dsl
| thanks
| --
| topo

Because you may STILL be infected with a DNS Changer Trojan !


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
 
 
PA Bear [MS MVP] 2/5/2008 2:54 PM PST
   
  You've still got a Wareout infection!

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


topo wrote:
> system tools-system information-internet settings-connectivity. i
> scrolled
> down to name server address. primary dns 85.255.xxx.xx secondary dns
> 85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped
> me
> restore my computer. the above 2 dns addresses were the rouge varmits
> causing the problems. why are they showing up in system information and
> how
> do i remove them from sys info. my machine is clean. xp, sp2, ie6, dsl
> thanks

 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
 
 
topo 2/5/2008 3:59 PM PST
   
  i ran hickjackthis scan. no 017 entries where 85.255.xxx.xxx would show up.
everything on scan is as should be. checked tcp/ip everything blank.
dns and ip automatically are checked. do you think i should run a fixwareout
scan? if so, what and where is lastest version? thanks.
--
topo


"PA Bear [MS MVP]" wrote:

> You've still got a Wareout infection!
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
> analysis, not here.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> topo wrote:
> > system tools-system information-internet settings-connectivity. i
> > scrolled
> > down to name server address. primary dns 85.255.xxx.xx secondary dns
> > 85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped
> > me
> > restore my computer. the above 2 dns addresses were the rouge varmits
> > causing the problems. why are they showing up in system information and
> > how
> > do i remove them from sys info. my machine is clean. xp, sp2, ie6, dsl
> > thanks
>
>
 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
 
 
PA Bear [MS MVP] 2/5/2008 7:29 PM PST
  Answer
  I think you should post your hijackthis log in an appropriate forum for
expert assistance.

topo wrote:
> i ran hickjackthis scan. no 017 entries where 85.255.xxx.xxx would show
> up.
> everything on scan is as should be. checked tcp/ip everything blank.
> dns and ip automatically are checked. do you think i should run a
> fixwareout scan? if so, what and where is lastest version? thanks.
>
>> You've still got a Wareout infection!
>>
>> Unexplained computer behavior may be caused by deceptive software
>> http://support.microsoft.com/kb/827315
>>
>> Run a /thorough/ check for hijackware, including posting your hijackthis
>> log to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine2.blogspot.com/
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. **Post your log to
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://castlecops.com/forum67.html,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>> expert
>> analysis, not here.**
>>
>> If the procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> topo wrote:
>>> system tools-system information-internet settings-connectivity. i
>>> scrolled
>>> down to name server address. primary dns 85.255.xxx.xx secondary
>>> dns
>>> 85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped
>>> me
>>> restore my computer. the above 2 dns addresses were the rouge varmits
>>> causing the problems. why are they showing up in system information and
>>> how
>>> do i remove them from sys info. my machine is clean. xp, sp2, ie6,
>>> dsl
>>> thanks

 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
 
 
topo 2/10/2008 7:55 AM PST
   
  the rouge addresses were showing up in my unused dailup connection folder.
removed and everything is as should be. thank you for your help.
--
topo


"PA Bear [MS MVP]" wrote:

> I think you should post your hijackthis log in an appropriate forum for
> expert assistance.
>
> topo wrote:
> > i ran hickjackthis scan. no 017 entries where 85.255.xxx.xxx would show
> > up.
> > everything on scan is as should be. checked tcp/ip everything blank.
> > dns and ip automatically are checked. do you think i should run a
> > fixwareout scan? if so, what and where is lastest version? thanks.
> >
> >> You've still got a Wareout infection!
> >>
> >> Unexplained computer behavior may be caused by deceptive software
> >> http://support.microsoft.com/kb/827315
> >>
> >> Run a /thorough/ check for hijackware, including posting your hijackthis
> >> log to an appropriate forum.
> >>
> >> Checking for/Help with Hijackware
> >> http://aumha.org/a/parasite.htm
> >> http://aumha.org/a/quickfix.htm
> >> http://aumha.net/viewtopic.php?t=5878
> >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> >> http://mvps.org/winhelp2002/unwanted.htm
> >> http://inetexplorer.mvps.org/data/prevention.htm
> >> http://inetexplorer.mvps.org/tshoot.html
> >> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> >> http://defendingyourmachine2.blogspot.com/
> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >>
> >> When all else fails, HijackThis v2.0.2
> >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
> >> It will help you to both identify and remove any hijackware/spyware with
> >> assistance from an expert. **Post your log to
> >> http://forums.spybot.info/forumdisplay.php?f=22,
> >> http://castlecops.com/forum67.html,
> >> http://forums.subratam.org/index.php?showforum=7,
> >> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> >> expert
> >> analysis, not here.**
> >>
> >> If the procedures look too complex - and there is no shame in admitting
> >> this isn't your cup of tea - take the machine to a local, reputable and
> >> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> >> --
> >> ~Robear Dyer (PA Bear)
> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >> AumHa VSOP & Admin http://aumha.net
> >> DTS-L http://dts-l.net/
> >>
> >>
> >> topo wrote:
> >>> system tools-system information-internet settings-connectivity. i
> >>> scrolled
> >>> down to name server address. primary dns 85.255.xxx.xx secondary
> >>> dns
> >>> 85.255.xxx.xx i was hijacked about 3 years ago and hijackthis helped
> >>> me
> >>> restore my computer. the above 2 dns addresses were the rouge varmits
> >>> causing the problems. why are they showing up in system information and
> >>> how
> >>> do i remove them from sys info. my machine is clean. xp, sp2, ie6,
> >>> dsl
> >>> thanks
>
>
 
  Was this post helpful to you?  
 
 
  Reply | Print post   TopTop  
 
 
  Return to Microsoft Communities  Notify me of replies  
 

© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement