 |  |
| |
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows 7. The Windows 7 forum also covers news and updates and has an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.
Windows 7 - VIrus?
| |
| 12-24-2011 | #1 |
| | VIrus? Hey guys on my brothers laptop (lenovo z560 win7home64) he was trying to get to a website the groceryoutlet.com and it would pull up as not available. Even though everyone else on our network could and his friends could at their homes and his phone. So after doing some basic cleaning of network temp files and such it still wasn't going to the site. So I checked the network settings on the wireless and the dns addresses were changed to 216.146.35.240 for both 1st and 2nd. I though that's odd. I changed them back to what I set them to and tried again. It wouldn't open the website so I checked back with the dns settings and again they were changed back to 216.146.35.240. I going to assume virus and I'm running system sweeper now. Has anyone encountered this type of virus? |
My System Specs |
| 12-24-2011 | #2 |
| | Got done scanning and it's not detecting anything. What else can fix this short of complete clean install? |
| My System Specs |
| 12-24-2011 | #3 |
| | It looks like after some research it might have been some program called Sendori. After uninstalling it I regained controll of the DNS settings. Not sure how it was installed. I'll have to wait and see if any further issues from this come up. I'm blocking the site Sendori on my router. What would the sytax be to universally block any instance of Sendori.com? |
| My System Specs |
| . |
| |
| 12-24-2011 | #4 |
| | Might be a good idea to run a scan with Malwarebytes to see if that comes up with anything. Malwarebytes : Free anti-malware, anti-virus and spyware removal download |
| My System Specs |
| 12-24-2011 | #5 |
| | I ran all the scanners I have installed on his system. I ran norton, malwarebytes, superantispyware, and system sweeper. All came up clean. I think for now it's considered legit program as they have a website and according to an article it's now owned by ask.com. I've promptly blocked the website and any iteration of the site on my router. As far I'm concerned though it's malware/virus. Anything that alters stuff without permission is bad. |
| My System Specs |
| 12-24-2011 | #6 |
| | Try using hitman Pro and see if it detects anything. |
| My System Specs |
| 12-24-2011 | #7 |
| | 
Quote: Originally Posted by CanIHaz  Try using hitman Pro and see if it detects anything. Nope just couple tracking cookies. I'm confident I got rid of it. As the DNS is staying where I set it to. |
| My System Specs |
| 12-25-2011 | #8 |
| | But has anyone seen this Sendori thing? |
| My System Specs |
| 12-25-2011 | #9 |
| | Don't know if you knew this and don't know whether you are interested either, but by doing a whois lookup of the DNS server address you have listed above (216.146.35.240) returns the web hosting company Dyynamic Network Services Inc. You might find it interesting to know that this is the same website which at one time was hosting Wikileaks until they started getting belted with Denial of service attacks and therefore promptly let go Wikileaks so as not to jeopardise other client relations. In relation to your question about the Sendori thing, no I have not witnessed it or even heard of it for that matter before coming across your thread. CNet and Brothersoft have it listed as an anti-malware application which is actually supposed to help speed up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery. If the Sendori software is in fact legitimate (and remember that there are products out there claiming they will help when in fact they are malicious themselves) and if you trust the opinion of CNet and such sites then Sendori may have had a report from someone affected by the site you were trying to access effectively blocking it until you manually allowed it into a trusted sites list. Again, if the Sentori product is legit I would be looking for another root cause of the changing DNS address problem even though as you say after uninstalling it is OK. FYI - the most common places to check for Malware or Virus manually are: 1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed 2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE You can find what is in those entries by using the following path/s: HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESTIGATE WHAT IS IN THERE This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful. Cheers  |
| My System Specs |
| 12-25-2011 | #10 |
| |
Quote: Originally Posted by AllOnTheBus Don't know if you knew this and don't know whether you are interested either, but by doing a whois lookup of the DNS server address you have listed above (216.146.35.240) returns the web hosting company Dyynamic Network Services Inc. You might find it interesting to know that this is the same website which at one time was hosting Wikileaks until they started getting belted with Denial of service attacks and therefore promptly let go Wikileaks so as not to jeopardise other client relations. In relation to your question about the Sendori thing, no I have not witnessed it or even heard of it for that matter before coming across your thread. CNet and Brothersoft have it listed as an anti-malware application which is actually supposed to help speed up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery. If the Sendori software is in fact legitimate (and remember that there are products out there claiming they will help when in fact they are malicious themselves) and if you trust the opinion of CNet and such sites then Sendori may have had a report from someone affected by the site you were trying to access effectively blocking it until you manually allowed it into a trusted sites list. Again, if the Sentori product is legit I would be looking for another root cause of the changing DNS address problem even though as you say after uninstalling it is OK. FYI - the most common places to check for Malware or Virus manually are: 1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed 2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE You can find what is in those entries by using the following path/s: HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESIGATE WHAT IS IN THERE This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful. Cheers Here's some reviews backing up my experience. I think it's malware disguised. http://download.cnet.com/Sendori/364...-11912980.html |
| My System Specs |
 |
VIrus? problems?
| Thread Tools | |
| Similar Threads for: VIrus? | ||||
| Thread | Forum | |||
| Want are the best afforable anti-virus for a trojan virus | System Security | |||
| virus like activity but not virus | System Security | |||
 WIN 7 anti virus(virus) | System Security | |||
| Virus! Please help | Crashes and Debugging | |||
| Is it a virus? | System Security | |||
All times are GMT -5. The time now is 01:11 AM.
