Tuesday, June 24, 2008

Zlob DNS Changer

You definitely know you are infected with a virus when you browser gets redirected to a wired looking IP address on its own.

There could be many reasons why that happens, one being, the Zlob DNS Changer. Zlob DNS changer usually comes in as a Trojan when you download video codecs from the Internet.

How do you know its Zlob? Run Spybot and you should know for sure if it is Zlob.
If you are sure about Zlob being the culprit, download the following software:

HijackThis
HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.

ATF Cleaner
ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is the next step in the detection and removal of malware. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start.

F-Secure BlackLight
F-Secure® Internet Security 2008TM provides a complete and easy-to-use protection against all Internet threats, whether they are known or previously unidentified.

Installing and Running the Search and Diagnosis Software
After you have downloaded the above software, install them on your machine.
Installing HijackThis
To install HijackThis:
Double-click the .exe file you have download in your local machine and HijackThis does the rest of the step to install itself.
Run HijackThis and view the log. Check for registry entries that you think are weird or do not belong in your machine. Always backup your registry before you start removing registry entries. If your log shows entries as shown below, then you sure have something serious to deal with:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8B5758-CA74-4CFB-BE0E-BE8C21A76C61}: NameServer = 85.255.116.98,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.6
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzwn.exe At this stage, you choose to seek help from the professionals at http://forums.spybot.info/ or if you are feeling very confident and lucky, perform the following steps:
1. Run the ATF Cleaner.exe.
2. Double-click ATF Cleaner.exe to open it.
3. Under Main choose, Windows Temp, Current User Temp, All Users Temp, Cookies, Temporary Internet Files, Java Cache.
4. *The other boxes are optional*.
5. Click the Empty Selected button.
6. If you use Firefox, click Firefox at the top and choose Select All.
7. Click the Empty Selected button.
8. NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
9. If you use Opera, click Opera at the top and choose Select All.
10. Click the Empty Selected button.
11. NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
12. Click Exit on the Main menu to close the program.

Installing Malwarebytes' Anti-Malware
1. Double-click mbam-setup.exe and follow the prompts to install the program.
2. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, and click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select Perform full scan, then click Scan.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Be sure that everything is checked, and click Remove Selected.
7. When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
8. Please post contents of that file & a fresh HijackThis log in your next reply.

Installing F-Secure BlackLight
1. Load F-Secure Blacklight into a new folder C:\Program Files\Blacklight.
2. Start in this folder fsbl.exe and close all other programs.
3. Accept the agreement and click Scan.
4. After the scan is finished close the window.
5. The log will be fsbl-XXX.log in the Blacklight folder. In place of XXX there will be some numbers.
After you run HijackThis, open the log file. The log file should display registry entries similar to the ones shown below:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8B5758-CA74-4CFB-BE0E-BE8C21A76C61}: NameServer = 85.255.116.98,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.98 85.255.112.6
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzwn.exe

To remove these entries, start HijackThis, close browsers and other windows and Click fix checked.
Creating and Executing Batch File
1. Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here)
@echo off
sc stop "Windows Tribute Service"
sc delete "Windows Tribute Service"

2. Double-click on fixes.bat file to execute it.
Viewing Hidden Files (Vista)
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.
4. Delete following file if found:
5. C:\Windows\system32\kdzwn.exe
6. Reboot the system and run Blacklight again.

These steps should remove Zlob DNS Changer completely from your machine. For additional security, ensure your Java Runtime Environment is updated to 6.0 or the most recent version available. Also, reset and re enable your system restore and download SpywareBlaster.

Resolving PDF Problems!

You need to send that PDF file by close of business to your product manager/SME and the file won't just print. What do you do?

Listed here is a set of common PDF issues and solutions:

Pain: When you right-click a Microsoft Office file to convert to Adobe PDF, the application returns the message, "Missing PDFMaker files," and does not create an Adobe PDF file.

Solution: Remove Adobe PDF from the Disabled Items list in the Microsoft Office application.
To manage your Disabled Items list in a Microsoft Office application:
1. Open the Microsoft Office application (Word, Excel, Publisher).
2. Choose Help > About [the application name].
3. Click Disabled Items.
4. Select Adobe PDF from the list, and clickEnable.
5. Quit the Microsoft Office application, and then restart it.

If the error message continues to appear after you enable Adobe PDF, then check the security level for macros in Word:
1. Choose Tools > Macro > Security.
2. In the Security dialog, click the Security tab.
3. Choose Medium or High.
4. Do one of the following:
-- If you chose Medium, then click OK.
-- If you chose High, then continue with steps 5 through 7.
5. Click the Trusted Publishers tab.
6. Check Trust all installed add-ins and templates.
7. Click OK.

PDFMaker and the right-click context menu should function again.

For more, see http://kb.adobe.com/selfservice/microsites/microsite.do

Pain: Images look fine in MS Word, but after converting to PDF, image quality is poor.

Solution: Save your image in JPG or TIFF format and embed the image into your Word document to publish using Adobe PDF printer. PNGs are not suitable for word to PDF conversion, TIFFS work much better. Use high quality print setting while converting to PDF. Also, standardize the resolution settings of your desktop (1024*768) and the DPI setting in your screen capture software.


Watch this space for more!

IBN Top Headlines

Ads

Search the Web:

Need more targeted traffic?
Join TrafficSwarm for FREE!