LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-12-2009, 03:59 PM   #1
1veedo
Member
 
Registered: Dec 2004
Location: WV, USA
Distribution: Gentoo, Debian
Posts: 186

Rep: Reputation: 34
Windows Vista resolve.conf file (friend has a virus)


My friend has some kind of virus that changed his dns resolver so whenever he goes to google, yahoo, and several other sites it forwards him to a fake looking "official" microsoft antivirus program download.

What I want to know is how to reset his resolv configuration file. I looked in /windows and /system32 for host, dns, and resolv but didn't find any kind of configurations. I also did an ipconfig /flush that said it reset the dns info but didn't fix it (found that solution via google).

Also I need the name of that popular free windows anti-virus program. That or any effective anti-virus program really.
 
Old 01-12-2009, 04:23 PM   #2
pddm
Member
 
Registered: Sep 2005
Distribution: Mint 19.2
Posts: 112

Rep: Reputation: 15
This is actually LINUX Questions.org and not Winblows questions, but anyway:

Get Spybot and scan the machine.
For free Antivirus get FreeAV.

Check in the Taskmanager if there are programs running which do not belong there and kill them (End Task).
Lately there have been some malware which intercept the browsing without changing DNS settings.
Also check the DNS settings.

Good luck.
 
Old 01-12-2009, 04:38 PM   #3
rsciw
Member
 
Registered: Jan 2009
Location: Essex (UK)
Distribution: Home: Debian/Ubuntu, Work: Ubuntu
Posts: 206

Rep: Reputation: 44
you can find some files in
windows\system32\drivers\etc

files are:

hosts
lmhosts.sam
networks
protocol
services

possible that something has been added / edited there, but can't say.
Havn't encountered that yet myself.

free AV programs available are
freeav
avira antivir
avg
avast
 
Old 01-12-2009, 05:11 PM   #4
Hitboxx
Senior Member
 
Registered: Mar 2006
Location: India
Distribution: Fedora
Posts: 1,562
Blog Entries: 3

Rep: Reputation: 61
Most probably it is some sort of adware or spyware. Get Spybot Search & Destroy and AD-Aware (both are freely downloadable from their respective sites), install them, reboot the computer into safe mode and run the scans. Also just for the heck of it as happens in most cases Windows, run a virus scan possibly AVG free antivirus.

@pddm, in my years here, I have learnt we are not as narrow-minded and Windows doubts are indeed allowed in the General section, so please refrain from going all guns blazing.
 
Old 01-12-2009, 06:05 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Also check the dns setting in the router. If your friend uses an xbox and has uPNP enabled on the router, a virus can change the DNS server entry in the router. This would cause all hosts on the LAN to go through an evil dns which would resolve certain addresses to the attackers own dns server.

If the user runs normally as administrator, don't bother trying to remove malware. Reinstall.

If the c:\windows\system32\drivers\etc\hosts file is being edited by malware, only admin should be able to change it. Reinstall.

For Windows XP, nothing in the C:\WINDOWS directory should be writable for other than admin users.
 
Old 01-12-2009, 06:50 PM   #6
1veedo
Member
 
Registered: Dec 2004
Location: WV, USA
Distribution: Gentoo, Debian
Posts: 186

Original Poster
Rep: Reputation: 34
Yeah there was a whole bunch of stuff in his c:\windows\system32\drivers\etc\hosts. AVG found two trojans and I'm downloading adaware. google.com is still hard-added to the dns resolver (ipconfig /displaydns) but yahoo loads after removing everything in that file.

@jschiwal this is a university network and it works just fine (slowly albeit). It's definitely adware / malware on his computer.

And yes I know this is linuxquestions but it's the largest tech community I belong to and figured it'd be the best place to ask. He's actually displayed interest in Linux (sees me using it on my computer) but reasons that because he's "bad at computers" he wouldn't be able to figure out how to use it.

Anyway thanks for all the info.

Last edited by 1veedo; 01-12-2009 at 06:52 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
file sharing from centos 5.2 with windows xp and vista zeus-dice Red Hat 6 08-21-2008 03:11 AM
Unable to resolve ulr. /et/resolve.conf looks fine? TheBrick Linux - Networking 3 02-14-2008 04:13 AM
No resolve.conf file and cant connect to router stocky021 Linux - Wireless Networking 4 09-08-2006 05:39 AM
First Windows Vista (Longhorn) Virus xpression General 8 07-21-2006 06:51 PM
/etc/hosts, /etc/resolve.conf and /etc/host.conf config probs below_average Linux - Networking 1 12-08-2004 10:07 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration