Win32/Renos.DZ virus/malware

reefoid

reefoid

reefoid

Associate
Joined
18 Oct 2002
Posts
2,055
Location
Southend-on-Sea
OK, I seem to have acquired this little git on my laptop (running Vista Home Premium SP1) last night. Its a right bugger and I just can't get rid of it.

Symptoms:

  • Browsers (Chrome and IE8) opening up at random and displaying links to dodgy downloads
  • Windows defender is stating a very high risk and I'm infected with Trojan Downloader Win32/Renos.DZ
  • When I do a Google search in either browser, the first result I click on opens up www.kdirectory.co.uk with a load of dodgy links.

What I've tried so far:

  • Told Windows Defender to remove the infected object. This works for about 30 minutes, but then its back again.
  • I'm running AVG Free on the laptop. Obviously this didn't pick up the original infection. Did a full system scan, nothing found.
  • Tried to install Hijack This, but laptop blue screens towards the end of the installation. Having researched the issue, seems this is a common problem with this infection.
  • Tried to download Malwarebytes, but both Chrome and IE tell me their web page is not available, although I can access it fine from my XP machine. Installs OK from memory stick, but won't run.
  • Installed Ad-Aware OK, but can't use it as the update feature doesn't work, again this works fine on my XP machine.

I've had a look around for a fix and tried a couple of things, but neither worked. I think I may be getting to the stage where I need to re-install. I've backed all my data up in readiness, but would like to avoid re-installing if necessary.

One thing I have noticed is that my hosts file only has the following entry:

::1 localhost

Shouldn't this be 127.0.0.1 localhost?

Anyone come across this infection before and successfully got rid of it?

Thanks
 

Knubje

Knubje

Knubje

Soldato
Joined
5 Jun 2008
Posts
6,240
Location
Portsmouth/Fareham
Have you tried Spybot Search and Destroy? Other malware software - although if you can't update then that might not be so great.

I found this whilst having a quick look:

http://www.computing.net/answers/security/win32renosdz-cant-get-rid-of-it/26277.html

Looks to be someone with the same problem and although there are many steps it seems to get resolved in the end, only skim read it though.

A few people recomend using Avast Antivirus, Kaspersky and Antivir. Have you got any of these programs? If not try and get a copy and do a full system scan.

Good luck!
 

Duke

Duke

Duke

Man of Honour
Joined
29 Jun 2003
Posts
34,515
Location
Wiltshire
As bledd and myself has said a few times.... :p


turn off system restore
remove avg & install nod32 trial (& update)
run ccleaner to remove all temp files etc
go into safe mode and do full scan

Also worth resetting all IE settings back to default.
 

eXor

eXor

eXor

Soldato
Joined
13 Nov 2002
Posts
3,589
I wonder what else you have on there? :eek: :eek:

Some malware will remain stealthy and silently transmit your information to the mother ship.

It would be wise to format -> reinstall --> secure --> change all passwords, if you do anything sensitive on that system. e.g. online banking

Secure it properly this time. Standard User and UAC are there for this very reason. ;)
 

reefoid

reefoid

reefoid

Associate
OP
Joined
18 Oct 2002
Posts
2,055
Location
Southend-on-Sea
eXor said:
I wonder what else you have on there? :eek: :eek:

Some malware will remain stealthy and silently transmit your information to the mother ship.

It would be wise to format -> reinstall --> secure --> change all passwords, if you do anything sensitive on that system. e.g. online banking

Secure it properly this time. Standard User and UAC are there for this very reason. ;)
Click to expand...

NOD32 is scanning now. Hopefully nothing else on there, this is the first infection I've had for about five years. I am a standard user and UAC is on so not sure where this has come from. My son was on the laptop for about 5 minutes yesterday so suspect it was him!!!
 

Ucof

Ucof

Ucof

Associate
Joined
27 Feb 2009
Posts
1,250
Location
Wales.
Try using Spybot as said before - www.spybot.com
Its a shame that no anti-virus has a 100% detection rate, and there's not one tool that specialises in Virii, trojans and other malware.

And get rid of that dodgy Hosts file entry.
 

bledd

bledd

bledd

Don
Joined
21 Oct 2002
Posts
46,753
Location
Parts Unknown
sigh..

disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription
 

Duke

Duke

Duke

Man of Honour
Joined
29 Jun 2003
Posts
34,515
Location
Wiltshire
bledd. said:
sigh..

disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription
Click to expand...
:D
 
You must log in or register to reply here.
Back
Top Bottom