VIrus?

Hey guys on my brothers laptop (lenovo z560 win7home64) he was trying to get to a website the groceryoutlet.com and it would pull up as not available. Even though everyone else on our network could and his friends could at their homes and his phone. So after doing some basic cleaning of network temp files and such it still wasn't going to the site. So I checked the network settings on the wireless and the dns addresses were changed to 216.146.35.240 for both 1st and 2nd. I though that's odd. I changed them back to what I set them to and tried again. It wouldn't open the website so I checked back with the dns settings and again they were changed back to 216.146.35.240. I going to assume virus and I'm running system sweeper now. Has anyone encountered this type of virus?

Got done scanning and it's not detecting anything. What else can fix this short of complete clean install?

It looks like after some research it might have been some program called Sendori. After uninstalling it I regained controll of the DNS settings. Not sure how it was installed. I'll have to wait and see if any further issues from this come up.

I'm blocking the site Sendori on my router. What would the sytax be to universally block any instance of Sendori.com?

I ran all the scanners I have installed on his system. I ran norton, malwarebytes, superantispyware, and system sweeper. All came up clean. I think for now it's considered legit program as they have a website and according to an article it's now owned by ask.com. I've promptly blocked the website and any iteration of the site on my router. As far I'm concerned though it's malware/virus. Anything that alters stuff without permission is bad.

Try using hitman Pro and see if it detects anything.

CanIHaz said:

Try using hitman Pro and see if it detects anything.

I'll try that right now.

Nope just couple tracking cookies. I'm confident I got rid of it. As the DNS is staying where I set it to.

But has anyone seen this Sendori thing?

Don't know if you knew this and don't know whether you are interested either, but
by doing a whois lookup of the DNS server address you have listed above (216.146.35.240)
returns the web hosting company Dyynamic Network Services Inc.

You might find it interesting to know that this is the same website which at one time was
hosting Wikileaks until they started getting belted with Denial of service attacks and therefore
promptly let go Wikileaks so as not to jeopardise other client relations.

In relation to your question about the Sendori thing, no I have not witnessed it
or even heard of it for that matter before coming across your thread. CNet and Brothersoft
have it listed as an anti-malware application which is actually supposed to help speed
up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery.

If the Sendori software is in fact legitimate (and remember that there are products out there claiming
they will help when in fact they are malicious themselves) and if you trust the opinion
of CNet and such sites then Sendori may have had a report from someone affected by the site
you were trying to access effectively blocking it until you manually allowed it into a trusted sites list.

Again, if the Sentori product is legit I would be looking for another root cause
of the changing DNS address problem even though as you say after uninstalling it is OK.

FYI - the most common places to check for Malware or Virus manually are:
1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed
2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE
You can find what is in those entries by using the following path/s:
HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESTIGATE WHAT IS IN THERE

This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful.

Cheers :)

AllOnTheBus said:

Don't know if you knew this and don't know whether you are interested either, but
by doing a whois lookup of the DNS server address you have listed above (216.146.35.240)
returns the web hosting company Dyynamic Network Services Inc.

You might find it interesting to know that this is the same website which at one time was
hosting Wikileaks until they started getting belted with Denial of service attacks and therefore
promptly let go Wikileaks so as not to jeopardise other client relations.

In relation to your question about the Sendori thing, no I have not witnessed it
or even heard of it for that matter before coming across your thread. CNet and Brothersoft
have it listed as an anti-malware application which is actually supposed to help speed
up (if you believe that) navigation to a desired website. Why or how this product is changing your DNS address if in fact that is the root of your problem in the first place is a mystery.

If the Sendori software is in fact legitimate (and remember that there are products out there claiming
they will help when in fact they are malicious themselves) and if you trust the opinion
of CNet and such sites then Sendori may have had a report from someone affected by the site
you were trying to access effectively blocking it until you manually allowed it into a trusted sites list.

Again, if the Sentori product is legit I would be looking for another root cause
of the changing DNS address problem even though as you say after uninstalling it is OK.

FYI - the most common places to check for Malware or Virus manually are:
1) Through Task Manager -> Processes and Dr. Google to research the processes that may be running/ listed
2) I also like to check the Run and Run Once registry entries in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE
You can find what is in those entries by using the following path/s:
HKEY->[CURRENT_USER or LOCAL_MACHINE]->SOFTWARE->MICROSOFT->WINDOWS->CURRENT VERSION->LOOK FOR THE RUN AND RUN ONCE FILES HERE AND INVESIGATE WHAT IS IN THERE

This is just my opinion and others will probably disagree. Apologies for not being able to pin the DNS addy changing on anything in particular but I hope this has been somewhat helpful.

Cheers :)

Thanks for chiming in. I've blocked all instances of this so the links you privided are not reachable. I've read that it seemed legit, but I was able to find only one instance on a firefox forum where someone was calling it malware. My brother has not experienced any other issues and the DNS settings have remained what I set them to. Any software that installs itself without permission and prevents the user from changing network settings sounds like malware to me.
Here's some reviews backing up my experience. I think it's malware disguised. http://download.cnet.com/Sendori/364...-11912980.html