Win32:DNSChanger-SF [Trj]

so im a noob to this forum and im sure i will get hounded for this but…

i was running my virus programs Avast 4.8 home and Symantec… both freshly updated

Avast found Win32:NDSChanger-SF [trj] in 2 folders that are both part of symantec… directory is C:/program files/common files/symantec shared/virusdefs/20080329.003 and 20080330.003 the file is virscan9.dat

these files cant be moved, they cant have there “read only” status revoked, and why would one virus program see another virus program’s file as a virus?

Well you already said it so I won’t.

They see each others files as infected because they are signature/script samples of the real thing (okay maybe not live samples, but you get the idea). This is so the av can compare what it is scanning to something so it can determine if it’s infected or not.

virscan9.dat is part of norton’s data base, where said samples are kept. Most AV’s encrypt their files to prevent this from happening.

ok, now i feel better… thank you


Welcome to the forums, 1000z.

And if you keep running 2 resident AV services, you will have much worse problems eventually.


Win32:DNSChanger-SF [trj]… My antivirus still detected this virus eventhough i quarantine it in the chest… Intially, i was updating my Norton Internet Security update when the virus came about… What is this virus about? How do I reasolve this?

Thanks

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

can anyone help me to determine if I can delete the dnachanger virus from my system files. it is infecting my system32/kdypg.exe file. avast finds it but asks me to delete it. repair does not seem to work. it is a roorkit/malware infection that slows my computer. i am worried that it i just delete it my operating system may not function properly. thanks

Try the usual free adware/spyware scanners.

Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free

Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.

Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.

Did you follow the steps on reply #5?