Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: New trojan in mass DNS hijack  (Read 4512 times)

0 Members and 1 Guest are viewing this topic.

Computer Hope Admin

    Topic Starter
  • Administrator


    • Prodigy

    Thanked: 248
    • Yes
    • Yes
    • Yes
    • Computer Hope
  • Certifications: List
  • Computer: Specs
  • Experience: Guru
  • OS: Windows 10
New trojan in mass DNS hijack
« on: December 08, 2008, 02:37:07 PM »

Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems.

Link
Logged
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

evilfantasy

  • Malware Removal Specialist


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: New trojan in mass DNS hijack
« Reply #1 on: December 08, 2008, 03:51:55 PM »
I dealt with this exact rootkit a few days ago. It's a nasty bugger!! I'm highly suspicious it is a new variation of the TDSSSERV rootkit which is wrecking many a PC.

Here is a shortened version of what to do. Note I had to use The Avenger to finally delete the driver.

c:\windows\system32\drivers\ndisprot.sys <- Delete bad driver

Then use the ipconfig /flushdns command and possibly even reset your router.

Now use malwarebytes and then your antivirus to remove the remaining infections.
« Last Edit: December 08, 2008, 06:22:06 PM by evilfantasy »
Logged
Pages: [1]   Go Up
« previous next »