AntiVirus 2010 virus

Family members computer got the AntiVirus 2010 trojan. Had computer on for some time before noticing it so it got really corrupted. Only way to stop from copying itself was to scan HD as a secondary drive on another computer. Afterwards, ran MalwareBytes again to get the rest.

After removing virus key files where deleted. Have reinstalled them one by one, but running into a problem.

Can connect to network and internet but DNS is totally messed up. Can ping google by ip but not by name.

pcasa

Posted 2010-10-21T19:14:05.487

Reputation: 123

Should go on SuperUser. – Cody Harlow – 2010-10-21T19:25:51.373

2This is heading to SU, judging from the votes... But just wipe the computer, reinstall OS and then restore the user's data from backups. – jscott – 2010-10-21T19:39:40.847

All ready recommending wipe and reinstall. Just trying to see if I could give them some time to backup IMPORTANT pictures and email instead of copying everything over. – pcasa – 2010-10-21T20:09:21.673

Answers

Run malicious software removal tool. it removes all traces of antivirus 2010 trojan.
type ipconfig /flushdns.
run combofix. it will flush out corrupted dns * hosts entries.

i had resolved the issue with these tools.

Prasant Jain

Posted 2010-10-21T19:14:05.487

Reputation: 66

You might want to clean up, restructure and clarify your answer. At first glance I thought you were another (nothing personal and no insult intended) AntiVir-Spam-User. – Bobby – 2010-10-22T12:53:14.387

Thank you, that's way better (and also makes a better looking answer which is likelier to get upvotes). – Bobby – 2010-10-22T13:58:17.593

1As a Sidenote: Combofix will also look for and remove rootkits, so you might want to run a full-antivirus-scan again after running combofix. – Bobby – 2010-10-22T14:05:15.923

You probably want to flush the DNS cache (running ipconfig /flushdns) after running combofix, in case any requests are made between the two. – Fahad Sadah – 2010-10-24T14:33:47.840

Are you pointing to a valid DNS server? This can be manually set when setting your local IP / gateway, or inherited from a DHCP server. If you don't have one set, you can use Google's public DNS server at 8.8.8.8.

PMGoldstein

Posted 2010-10-21T19:14:05.487

Reputation: 189

Just tried it, didn't work – None – 2010-10-21T19:23:17.323

1Can you ping 8.8.8.8? Also what happens if you NSLookup google.com? – None – 2010-10-21T19:27:00.560

Can ping IP addresses, just not names. will try NSLookup in 10 min. Finishing another chkdsk /r now. – None – 2010-10-21T19:29:25.750

Cool, never new about superuser.com. – pcasa – 2010-10-21T20:00:01.727

1NSLoookup google.com result = Server:google-public-dns-a.google.com Address:8.8.8.8 Non-authoritative answer: Name:google.com Addresses: 74.125.67.147, 74.125.67.104, 74.125.67.105, 74.125.67.106, 74.125.67.103, 74.125.67.99 – pcasa – 2010-10-21T20:01:38.570

You should use Spybot S&D when something is fiddling with your network.
http://www.safer-networking.org/index2.html

Apache

Posted 2010-10-21T19:14:05.487

Reputation: 14 755

Just ran Spybot and that didn't work either. – pcasa – 2010-10-21T22:57:33.467

It sounds to me like there may be something screwed up in the layered service protocol stack. Download LSPFix and run it.

http://download.cnet.com/LSPFix/3000-2085_4-10417026.html

Do a Google search on any suspicious LSP entries before deleting them.

WARNING: Deleting valid (i.e. non-malicious) entries can cripple your computer's network-ability.

Jim Fell

Posted 2010-10-21T19:14:05.487

Reputation: 5 069