Trojan Win32 Dns Changer .ik -hard to believe

Why do you seem to have a problem that on this occasion your favourite AV didn't do its job?:-it happens accept it!

 

RUBBISH....

the dll was harmless till he unleashed it, he never would have had this problem with drweb still installed, kaspersky and its mumbo jumbo on the pop ups, he allowed it and unleashed it on his sytstem.

i dont need to justify myself to you, dont care what av you use or whatever he uses.

the dll alone was not a threat, or his registry problem would have notified of any changes or problems.

 

Sometimes I know KAV detects certain DLLs that are not detected by other programs. Did you notice any EXE file alert from KAV?

Because frankly speaking, nowadays I find very few trojans which are detected by KAV but not by Ewido/AVG AntiSpyware. Thats why I'm curious about this, as AVG should have picked it up (unless you were not having the real-time guard enabled).

Also, it seems KAV is having some FPs with the KillAV.jr detection. I suggest you send the files for analysis to the Kaspersky viruslab.

As for Dr.Web, I've seen it miss quite a lot of malware, but still, I've never been infected with Dr.Web on.

 

What firewall are you using? Maybe someone got through? Maybe a false alarm?

 

Keep in mind i turn avg realtime off while in games and many times forget to turn it back on while on the net.Dr web is always running though.

The whole thing was really strange.I find the same thing with avg 7.5 and was supprised,but the realtime was not on

Metal425
my firewall is NF4 active armor built into my chipset.But the program never had a change to reach my firewall is my guess and hopes.This will cause me not to be so relaxed about security in the future.I may even add prevx1.How are your resources running prevx1?

 

has anything actually happened to your machine?

it could easily just be an FP

 

It could have been--i quess i will never know

Nothing has happened.Been running very smooth and fast.This is what i built.

xp pro
939-- 3700+
1 g 2.2.2.5 ram
raptors in raid
pc power & cooling 510 sli


I will be upgrading to a amd x2 processor soon.

 

ok, well no problems.... dont worry too much

amd x2 runs well i assure you.

 

My wifes laptop is a pentium dual-core and it runs very well

 

my laptop is an AMD Turion X2 dual core, dell.... and it runs any AV software swiftly, even the ones that are known to be slow, they are now fast

 

I'm a Kaspersky user, with no problems and Dr. Web/NOD32/Anything has not leaned me away from Kaspersky yet.

 

Agreed, I'm a Kaspersky user also.

 

Ok I waited for the bickering over my AV is bigger than your AV to stop, but alas this may not happen.

DNS changers of this type tend to be infections from the good old Zlob family.

BrainWarp - since you seem to be fairly educated in computer usage security I am
assuming it wasn't you who was looking at porn and ended up installing a media codec file.

You can narrow your search down to on or around the 12-15th of March for infection, I am fairly
certain it is the 13th though.

Since it was a dll then this indicates some level of infection did occur when you were protected by AVG and DrWeb,
BUT it wasn't soley the fault of the AV software since user interaction is required to install something of that nature.
They advertise free access to porn, ripped DVDs,MP3's etc.

 

Thats about the time my son had his friend over for several days.It would not do any good for me to ask my son about this ,but i will have to keep tighter security with him on the computer.His computer has parental restriction software installed so probuly he and his friend got on my computer to see whatever they were looking for after i hit the hay.

He mainly stays in the local chat rooms and on my space

I'm also trying out prevx1 right now.Nice program

 

This says a lot.

 

It is possible that the .dll was inactive and therefore Dr.Web did not detect it. In smart scanning mode it only detects malware if you run them/access them or if its active. Dr.Web full system scan might have detected it.

 

That is not correct, a zlob infection initiates the dll every time the computer is started usually by hklm run keys.
I know this is in some versions only.

BrainWarp - you may want to have a look at this reg key
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ "Value = NameServer"
Just make sure it is clean.

 

If the DLL was not active, KAV's PDM wouldn't have caught it trying to run. In this case, obviously Dr.Web has missed something. I'm not particularly surprised either, as I have known Dr.Web to miss quite a bit of malware.

It is possible AVG may have been turned off at that point, allowing the PC to get infected...

 

Don't know if this is the same, but Trojan.DnsChange is added in http://live.drweb.com by Alexey Olendar

 

Just remember there is no such thing as a stupid question.

What do you mean by "inactive"?

If that .dll was just copied from a floppy/CD/USB drive into, say, the system32 folder, would ANY product detect it as bad?

Mike

 

Sorry, Mike