best way to get rid of this??

something downloaed onto my coputer today...

and windows antispyware picked up the browser changes which i blocked.

however my ie is now blank...and if i type in an adress is redirects to 'dns404.net'

and once it said that it was blocked by some spyware application.

any idea how to delete whatever it is??

cheers

 

While you wait for a more expert reply you might want to look at this link and see if applies to your situation

https://www-secure.symantec.com/avcenter/venc/data/trojan.zlob.f.html

Regards

eyes-open

 

That is propbably this one:

http://www.sophos.com/virusinfo/analyses/trojpupert.html

This is the procedure that is usually advised to get rid of it:
Click here to download smitRem.exe.

• Save the file to your desktop.
• It is a self extracting file.
• Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
• Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Download the trial version of Ewido Security Suite here.

• Install ewido.
• During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido
• It will prompt you to update click the OK button and it will go to the main screen
• On the left side of the main screen click update
• Click on Start and let it update.
• DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan it will prompt you to clean files, click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Regards,

Pieter

 

LOL eyes-open beat me to it.

Regards,

Pieter

 

@ Pieter > hi My link may not be the cause - but the information supplied is a bit minimal and this particular trojan does reference the redirection to dns404.net. I'm sure there are other avenues to this change - this was one that I knew was fairly recent and documented.

@ Griogair

I'm sure it's stating the obvious - but if you do go to the dns404.net site - do not download/install 'Spy Trooper'.

This is just another chain of the con & should be avoided at all costs.

Cheers & good luck with your problem.

 

cheers guys once again...

im running panda active scan just now...

realy aooying though as windows antispyware keeps prompting me to change an internet security zone...every 5 seconds which i block...

grrrr

 

think the alls clear guys..thanks.

will post tomorow though as im at uni and its like 3 in the morning...and drunk people are pissing me off....rubbing the good time in my pennyless face!!

wish i was pissed!

anyhoo....cheers!

 

cheers...al seems to be fine.

eyes-open quick reply thanks

pieter,you seemed to have been involved in solving just about every problem ive posted here...much apreciated

 

SpyTrooper/TopAntiSpy/Spyaxe

Official Description: This is a rogue antispyware product that is normally bundled with different trojans as a way of installation.

Properties: Adds other software
Changes browser

Related Products ZToolbar Adware This is a product known to install Spyaxe.
Trojan.Puper Trojan This product has been known to be bundled with Spyaxe.

http://www.spywareguide.com/product_show.php?id=2361

. . .

Out of curiosity i DL'd the " Free Scan " lol software and uploade to Jottis. The only one that found it was NOD !

http://img506.imageshack.us/img506/6901/install7ui.png


Just a quick sample of what would happen to your system. I analysed the exe with Faber Toys

File generated by Faber Toys

5 Imported Modules

ADVAPI32.dll
COMCTL32.dll
KERNEL32.dll
USER32.dll
WSOCK32.dll

If you want to see the full HTML report created by the Faber Toys App on what this exe does see here.

Your Download-Link: http://rapidshare.de/files/9109948/Install.html.html


StevieO