Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: NGNIX DNS changer virus is in my system

20 Oct 2019   #11
F22 Simpilot

Windows 7 Ultimate x64
 
 

You may have malware on your computer. Whether what tools I can give you will fix the damage I don't know. That is if this is malware.

Before I give you links to some things you can run, check your IP address at Shodan. Does Shodan list any open ports, and if so which ones?

Grab your IP address (this is the WAN external IP) here: IP X - IP info and leak test suite

Paste your IP address in Shodan here: Shodan

Any ports opened? No? Moving on.

Go here and download and install Sanity Check. When you first install it will need to add a few registry keys. Say yes and then reboot your computer. Now run Sanity Check. After you run Sanity Check what is its analysis? Post what it may find.

Resplendence Software - SanityCheck, Advanced Rootkit and Malware Detector

Download and run rKill here: Download RKill

Now for a full fledged anti-virus scanner. It is Herdprotect. In this case the portable version since Herdprotect for some reason or another isn't releasing their installer right now. But the portable version will work. Now Herdprotect uses some 67 anti-virus engines I think it is. So you may or may not have false positives. I never had myself. You need to run it once, wait at least 30 minutes then run it again. What are its findings?

Download Portable herdProtect 1.0.3.9 Beta


My System SpecsSystem Spec
.
20 Oct 2019   #12
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi @samuria

Minitool box and FRST are different programs, did you mean this


Download Farbar Service Scanner


Roy
My System SpecsSystem Spec
20 Oct 2019   #13
samuria

win 8 32 bit
 
 

Either will do frst is more comprhesive
My System SpecsSystem Spec
.

20 Oct 2019   #14
loninappleton

Windows 7 x64 Ultimate
 
 

I will pursue this. Isn't FRST a program at Bleeping Computer or one they use?


But as an update to the whole thread, I did the cleaning routine I mentioned of chkdsk /f/r
Entended Disk Cleanup
Glary Utilities
and Old Timer TFC


It was a lengthy process-- time consuming but after it all, my problem URL link to the news station
got through.


I have to do a bit of testing yet and backup my good stuff.


But your tutorial will be valuable for current day virus tools... the free ones please.


I can say that before the cleaner routine Malwarebytes free edition which I normally use did not
crack the NGinx problem. All the old programs like HijackThis and others I kept in a toolkit folder--
it's been a long time since I've done any of this or had to. Refreshing all that will be helpful.


I'll report on your suggestion in a bit. Today, lots of backups and straightening out what works and
securing it.
My System SpecsSystem Spec
20 Oct 2019   #15
Paul Black

Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Hi samuria,

Quote   Quote: Originally Posted by samuria View Post
Set your DNS on the PC to 1.1.1.1 & 1.0.0.1
Out of interest, why use these?
My System SpecsSystem Spec
20 Oct 2019   #16
samuria

win 8 32 bit
 
 

One of 3 fast dns others google and opendns
My System SpecsSystem Spec
21 Oct 2019   #17
loninappleton

Windows 7 x64 Ultimate
 
 

OP again. I'm reviewing this thread and will gather the programs mentioned above.



That will take some time the way I do things.
My System SpecsSystem Spec
.
21 Oct 2019   #18
loninappleton

Windows 7 x64 Ultimate
 
 

I have run and saved the txt file for FRST.
Is that too big to display as attachment? Should I put it in a folder?
My System SpecsSystem Spec
22 Oct 2019   #19
loninappleton

Windows 7 x64 Ultimate
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
You may have malware on your computer. Whether what tools I can give you will fix the damage I don't know. That is if this is malware.

Before I give you links to some things you can run, check your IP address at Shodan. Does Shodan list any open ports, and if so which ones?

Grab your IP address (this is the WAN external IP) here: IP X - IP info and leak test suite

Paste your IP address in Shodan here: Shodan

Any ports opened? No? Moving on.

Go here and download and install Sanity Check. When you first install it will need to add a few registry keys. Say yes and then reboot your computer. Now run Sanity Check. After you run Sanity Check what is its analysis? Post what it may find.

Resplendence Software - SanityCheck, Advanced Rootkit and Malware Detector

Download and run rKill here: Download RKill

Now for a full fledged anti-virus scanner. It is Herdprotect. In this case the portable version since Herdprotect for some reason or another isn't releasing their installer right now. But the portable version will work. Now Herdprotect uses some 67 anti-virus engines I think it is. So you may or may not have false positives. I never had myself. You need to run it once, wait at least 30 minutes then run it again. What are its findings?

Download Portable herdProtect 1.0.3.9 Beta
I don't like making long quotes but there seems no way around it. Why all the jumping about with Shodan. I ran the get IP address routine. Then you show a Shodan registration to go through.
The shodan screen is too long to screen print. I have not done any more registrations new passwords etc.

When I feel more patient I may go through it but right now I feel like a rat in a maze.

I'll try Sanity check. At least it doesn't seem to need any more registrations and passwords-- I have box full. I'm tired of it.

Currently I'm using Basilisk for of Firefox. I had hoped that would stop all the upgrade prompts
but that might have been wishful thinking as well. I just want off the bus.
My System SpecsSystem Spec
22 Oct 2019   #20
samuria

win 8 32 bit
 
 

You can copy txt from both reports and paste as txt in the forum one per post
My System SpecsSystem Spec
Reply

 NGNIX DNS changer virus is in my system




Thread Tools




Similar help and support threads
Thread Forum
Windows 10 Logon Changer changed my system icons
Hello, so today I installed Windows 10 Logon Changer and it started to get some of my icons black. Does anyone know how to restore the system icons? http://i.imgur.com/EmElPsS.png
Customization
Do I have a worm or virus in my system? What to do about it?
3 contacts have forwarded me emails that have my name as the sender, although not my email address. The contact of the email is a link. In the emails forwarded to me I can also see a list from my contact list -i.e. that this mail from not my address was sent to various contacts and will appear as...
System Security
Partition Virus/Non-system Drive Virus
I don't think much about virii because I image my system, and can always put it back to before the virus hit. Always worked perfectly. I use Win firewall and MSE. But I've heard there are virii that partition the HD or SSD. And virii that go to non-system drives. Anybody actually run across one...
System Security
Can't Clear System Restore Files. System Check Virus the Cause?
About a month ago I managed to get the infamous System Check virus on my computer. I was shocked that it happened, I was at the time doing a google image search. Anyway I managed to remove the virus, unhide my files, and restore all my start menu shortcuts. During the removal process, I...
General Discussion
Virus! No system restore available
System restore error? When i try to restore i get "System restore does not appear to be functioning correctly on this system. A volume shadow copy service component encontered an unexpected error. Check the application event log for more information (0x80042302). Im trying to do this because I...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:47.
Twitter Facebook