DNS-changing malware FBI thingy - anybody???

[Ponders]

via Firefox/Chrome we are getting the warning on google - we have done security checks suggested but are still getting warning, which means router settings have been reset?

DH, supposedly our resident tech because he works in IT (but he only does systems analysis/development ) denies that this is a problem & thinks that resetting DNS things on each individual computer will solve it; but he doesn't use any browser other than AOL, which doesn't get the google flag

I've told him that AOL has been bamboozled:

"Your computer appears to be looking up IP addresses correctly!
Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected "

but he won't listen to me because he knows best aaaaaargh

Please can a techy person tell me what to tell him so that he will believe that the router needs to be reset to factory settings before July 9th?

Yes, a common router. AOL has a setup guide for it here which involves downloading an Easy Installer program.
Router address is 192.168.0.1
By default, the username is admin and the password is password.

Your DH knows this already I would guess as he has accessed the router to change the settings. Now he is back home, no need for you to know these details but may be handy for future.

he's doing some actual work (shock horror) atm but will look at those when he's finished.

he did say that Norton should have pick up the trojan? but it clearly didn't, or we wouldn't be in this mess in the first place, would we? I used to have spybot installed on old machine, but had forgotten about it or I would have got it on this one too.

anyway I'll get back to you in a bit about that & the scan

thanks again, nick

router has also been rebooted repeatedly

This will cause your broadband line to slow down, as the ADSL hardware at the telephone exchange thinks there is a line problem. It will correct itself over the next week or so.

AVOID Turning The Router Off. The light with the i symbol (third light from Left) is the one that should be Solid Green which indicates that the router has a broadband signal.

the router is normally left on 24/7 - the reboots were while on the phone to aol.

oh is that an i???? I thought it was a candle (I did wonder why not something more techno!). It is solid green but flickers occasionally

So currently what is the state of play? (I'm going to the gym around 5pm, so won't be around for a couple of hours)

Norton is doing a system scan - did you notice if it updated itself before running the scan?

You have some internet access, some sites work, others do not - is that still the case?

Does DD still have problems using the WiFi connection on the smartphone?

Candle... yeh suppose it does look like that. I agree it's a bit of a strange icon. I'm guessing it's more an i to be I for Internet.

Solid green is good. Flickers occasionally could be due to the phone exchange realising that the line is working fine and is increasing the speed to find the optimum line speed, so not a concern at the moment.

state of play still the same until DH finishes what he's doing

scan complete, 79 tracking cookies found & deleted - I didn't notice update status, I may do that & run it again

DD off out now so I don't know about her phone.

enjoy the gym, will catch up later I hope

last update was 1 day ago

it's now checking for updates but doesn't seemt o be getting anywhere

Can you download SpyBot?

still can't open any pages with links to it

Can you open the CNET page? Then what happens if you click the Green download button?

Ponders

he did say that Norton should have pick up the trojan? but it clearly didn't, or we wouldn't be in this mess in the first place, would we?

It should pick up the trojan - that's what you pay for. But it's a waste of your money. I would get rid of it and run a virus scanner that actually cleans your machine. Can you download and install Microsoft Security Essentials?

CNET page wouldn't open, but one called filehippo did (hooray) & I've downloaded & run spybot now - it didn't find anything

Have also run Windows Defender - also OK

can't access Microsoft pages, hamster

Can you get a program called HijackThis from the Trend Micro website? Can you post the log from a HijackThis scan on to here so I can take a look?

Oh yes, and if you can also get hold of TDSSKiller from Kaspersky's site, and run that, it'd help.

filehippo has a link to HijackThis 2.0.4 - am I OK to download that? (I'm a bit wary about overloading with security things so that they get in each other's way )

Hijackthis isn't a resident program, you run it, do the scan, export the log and copy and paste it here.

oh, ok - thank you, hamster - I'll give it a go then

all it's offering me is Repair errors or Remove Hijackthis

no scan

???

Did you get the HiJackThis Setup Wizard screens, where you accept the licence agreement?
You then click on the Finished button to exit the wizard.
Then you went to your start menu and selected HiJackThis, then clicked on HiJackThis. It then comes up with a Welcome to HiJackThis screen with gives various options, the first being "Do a system scan and save a log file"

I've just downloaded via FileHippo and run to that stage on a Windows Vista system, so you should have got the same.

If you did not... I wonder what you actually downloaded. The download button on the Filehippo Website is towards to right of the page.

Ponders - if you can get a local IT person to come to your home, that may be worth doing. Get them to give a cost estimate first. Explain to them the trouble you are having.

flatpack - it seems odd to me that some sites work and others do not. If the DNS settings are now right on the router and computer, what do you reckon is causing the problem? Maybe it has nothing to do with DNSChanger Malware.

I did get to that page eventually, nick (insert technonumpty emoticon here) but then it needed the administrator to change some setting or other & that was too techie for me so I uninstalled it

it seems odd to me that some sites work and others do not. If the DNS settings are now right on the router and computer, what do you reckon is causing the problem? Maybe it has nothing to do with DNSChanger Malware

yes, this is what DH is thinking - he asked me again to say thanks very very much for all your time & input (very sincerely, rare for him re MN ), & also to ask you if you think this might actually now be an AOL issue & nothing to do with DNS? (also he has done a registry (?) search for the malware DNS code & there is nothing matching)

There could perhaps be an connection issue on the AOL network, some routing problems, but I'm really not sure. Beyond my technical experience I'm afraid (I'm a nanny these days, been a while now since I did IT support - children are so much easier than computers ).

well I did wonder, given your posting name anyway you have been a fantastic help today & very reassuring - DH was v impressed that your advice matched what he got from AOL! I bet you are a wonderful nanny too.

he's up to here with it atm so he says he'll ring AOL again tomorrow. I will need to do a bit of banking tomorrow, I may be able to do it by phone but he will leave his spare laptop connected to his work system so that I can try it that way if the phone thing doesn't work (& failing all that I could actually walk to a branch )

if we ever get it sorted out I'll try to remember to post here about it

oh, forgot to say, DH sent me your Avira DNS Repair link as a download in an email earlier, & it said

"The DNS settings of your system have not been manipulated by the DNSChanger"

so that all looks ok now!