Nasty Virus

**~~Cyanide~~** · 12-24-09, 10:45 AM

Originally Posted by Arreo

Originally Posted by cyaNide

Is it safe to post my "Connection specific DNS suffix" and "DNS Servers" IP shit in here though?

Cyanide, it's safe to post, especially since if my guess is correct it is going to be some malware filled server in Russia somewhere....

It isn't your IP address though, which is the only sort of insecure thing that you could post.

Can I PM you it? I just don't want to post it. I'm a bit paranoid.

**Arreo** · 12-24-09, 10:45 AM

Da comrade, just PM it to me

**WileECyte** · 12-24-09, 10:46 AM

Actually, I'd wager it'll show his ISPs normal DNS entries. Based on his description, I'm guessing he had the same malware I was dealing with. There's a rootkit that hooks into the kernel to intercept DNS requests and redirects them to another DNS entry, ignoring the system settings altogether.

**Viktor_Olin** · 12-24-09, 10:47 AM

If that checks out OK, try resetting your hosts file to default; it could be corrupted and keep you from connecting to the legitimate websites:
http://support.microsoft.com/kb/972034

**Arreo** · 12-24-09, 10:48 AM

Originally Posted by WileECyte

Actually, I'd wager it'll show his ISPs normal DNS entries. Based on his description, I'm guessing he had the same malware I was dealing with. There's a rootkit that hooks into the kernel to intercept DNS requests and redirects them to another DNS entry, ignoring the system settings altogether.

Never had that one.... that's a bitch and a half...

EDIT and actually, looking at the IP/Hostname that is being used in these posts, it looks correct, so I wouldn't be surprised if it is something like what you are describing Wile.

**WileECyte** · 12-24-09, 10:51 AM

Yeah... I spent 2-3 hours poking at it. Decided to image the box and rebuild. I need to get the image into my VMWare sandbox to poke at it some more here during the holidays.

**~~Cyanide~~** · 12-24-09, 10:53 AM

Originally Posted by Arreo

Da comrade, just PM it to me

PM sent. Hopefully it helps.

Although, it looks normal to me...

**Arreo** · 12-24-09, 10:56 AM

Originally Posted by cyaNide

Originally Posted by Arreo

Da comrade, just PM it to me

PM sent. Hopefully it helps.

Although, it looks normal to me...

Yeah, your computer is allowing the 2wire router to assign the DNS servers. That seems more or less normal (I mean I suppose someone could have corrupted the router firmware/settings, but that is really pretty unlikely. I've only ever read about it happening.)

**~~Cyanide~~** · 12-24-09, 10:58 AM

Originally Posted by Arreo

Originally Posted by cyaNide

Originally Posted by Arreo

Da comrade, just PM it to me

PM sent. Hopefully it helps.

Although, it looks normal to me...

Yeah, your computer is allowing the 2wire router to assign the DNS servers. That seems more or less normal (I mean I suppose someone could have corrupted the router firmware/settings, but that is really pretty unlikely. I've only ever read about it happening.)

Soooooo that's not the problem. *sigh*

**~~Cyanide~~** · 12-25-09, 08:45 AM

Alright. I re-formatted my whole comp. But now I'm having ANOTHER problem! (Just my luck...)

I backed-up alot of my files on an external hard drive. After re-formatting my computer, I installed my mobo drivers from the disc, and went on the internet to download Steam. The download went perfectly, all of them did. Then, when I went to grab my music and stuff off the external hard drive, my computer is detecting it (showing it's connected), but I can't seem to OPEN it! I need this stuff BAD.

Any solutions?