Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: VIrus?

24 Dec 2011   #1
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 
VIrus?

Hey guys on my brothers laptop (lenovo z560 win7home64) he was trying to get to a website the groceryoutlet.com and it would pull up as not available. Even though everyone else on our network could and his friends could at their homes and his phone. So after doing some basic cleaning of network temp files and such it still wasn't going to the site. So I checked the network settings on the wireless and the dns addresses were changed to 216.146.35.240 for both 1st and 2nd. I though that's odd. I changed them back to what I set them to and tried again. It wouldn't open the website so I checked back with the dns settings and again they were changed back to 216.146.35.240. I going to assume virus and I'm running system sweeper now. Has anyone encountered this type of virus?


My System SpecsSystem Spec
24 Dec 2011   #2
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

Got done scanning and it's not detecting anything. What else can fix this short of complete clean install?
My System SpecsSystem Spec
24 Dec 2011   #3
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

It looks like after some research it might have been some program called Sendori. After uninstalling it I regained controll of the DNS settings. Not sure how it was installed. I'll have to wait and see if any further issues from this come up.

I'm blocking the site Sendori on my router. What would the sytax be to universally block any instance of Sendori.com?
My System SpecsSystem Spec
24 Dec 2011   #4
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Might be a good idea to run a scan with Malwarebytes to see if that comes up with anything.

Malwarebytes : Free anti-malware, anti-virus and spyware removal download
My System SpecsSystem Spec
24 Dec 2011   #5
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

I ran all the scanners I have installed on his system. I ran norton, malwarebytes, superantispyware, and system sweeper. All came up clean. I think for now it's considered legit program as they have a website and according to an article it's now owned by ask.com. I've promptly blocked the website and any iteration of the site on my router. As far I'm concerned though it's malware/virus. Anything that alters stuff without permission is bad.
My System SpecsSystem Spec
24 Dec 2011   #6
CanIHaz

Windows 7 Home Premium x64 SP1
 
 

Try using hitman Pro and see if it detects anything.
My System SpecsSystem Spec
24 Dec 2011   #7
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

Quote   Quote: Originally Posted by CanIHaz View Post
Try using hitman Pro and see if it detects anything.
I'll try that right now.

Nope just couple tracking cookies. I'm confident I got rid of it. As the DNS is staying where I set it to.
My System SpecsSystem Spec
25 Dec 2011   #8
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

But has anyone seen this Sendori thing?
My System SpecsSystem Spec
25 Dec 2011   #9
AllOnTheBus

Windows 7 Home Premium 64 Bit OS
 
 

Don't know if you knew this and don't know whether you are interested either, but
by doing a whois lookup of the DNS server address you have listed above (216.146.35.240)
returns the web hosting company Dyynamic Network Services Inc.

You might find it interesting to know that this is the same website which at one time was
hosting Wikileaks until they started getting belted with Denial of service attacks and therefore
promptly let go Wikileaks so as not to jeopardise other client relations.

In relation to your question about the Sendori thing, no I have not witnessed it
or even heard of it for that matter before coming across your thread. CNet and Brothersoft
have it listed as an anti-malware application which is actually supposed to help speed
up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery.

If the Sendori software is in fact legitimate (and remember that there are products out there claiming
they will help when in fact they are malicious themselves) and if you trust the opinion
of CNet and such sites then Sendori may have had a report from someone affected by the site
you were trying to access effectively blocking it until you manually allowed it into a trusted sites list.

Again, if the Sentori product is legit I would be looking for another root cause
of the changing DNS address problem even though as you say after uninstalling it is OK.

FYI - the most common places to check for Malware or Virus manually are:
1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed
2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE
You can find what is in those entries by using the following path/s:
HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESTIGATE WHAT IS IN THERE

This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful.

Cheers
My System SpecsSystem Spec
25 Dec 2011   #10
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

Quote   Quote: Originally Posted by AllOnTheBus View Post
Don't know if you knew this and don't know whether you are interested either, but
by doing a whois lookup of the DNS server address you have listed above (216.146.35.240)
returns the web hosting company Dyynamic Network Services Inc.

You might find it interesting to know that this is the same website which at one time was
hosting Wikileaks until they started getting belted with Denial of service attacks and therefore
promptly let go Wikileaks so as not to jeopardise other client relations.

In relation to your question about the Sendori thing, no I have not witnessed it
or even heard of it for that matter before coming across your thread. CNet and Brothersoft
have it listed as an anti-malware application which is actually supposed to help speed
up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery.

If the Sendori software is in fact legitimate (and remember that there are products out there claiming
they will help when in fact they are malicious themselves) and if you trust the opinion
of CNet and such sites then Sendori may have had a report from someone affected by the site
you were trying to access effectively blocking it until you manually allowed it into a trusted sites list.

Again, if the Sentori product is legit I would be looking for another root cause
of the changing DNS address problem even though as you say after uninstalling it is OK.

FYI - the most common places to check for Malware or Virus manually are:
1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed
2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE
You can find what is in those entries by using the following path/s:
HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESIGATE WHAT IS IN THERE

This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful.

Cheers
Thanks for chiming in. I've blocked all instances of this so the links you privided are not reachable. I've read that it seemed legit, but I was able to find only one instance on a firefox forum where someone was calling it malware. My brother has not experienced any other issues and the DNS settings have remained what I set them to. Any software that installs itself without permission and prevents the user from changing network settings sounds like malware to me.
Here's some reviews backing up my experience. I think it's malware disguised. http://download.cnet.com/Sendori/364...-11912980.html
My System SpecsSystem Spec
Reply

 VIrus?




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:21 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App