Win32/Renos.DZ virus/malware

reefoid

reefoid

reefoid

Associate
Joined
18 Oct 2002
Posts
2,055
Location
Southend-on-Sea
OK, I seem to have acquired this little git on my laptop (running Vista Home Premium SP1) last night. Its a right bugger and I just can't get rid of it.

Symptoms:

  • Browsers (Chrome and IE8) opening up at random and displaying links to dodgy downloads
  • Windows defender is stating a very high risk and I'm infected with Trojan Downloader Win32/Renos.DZ
  • When I do a Google search in either browser, the first result I click on opens up www.kdirectory.co.uk with a load of dodgy links.

What I've tried so far:

  • Told Windows Defender to remove the infected object. This works for about 30 minutes, but then its back again.
  • I'm running AVG Free on the laptop. Obviously this didn't pick up the original infection. Did a full system scan, nothing found.
  • Tried to install Hijack This, but laptop blue screens towards the end of the installation. Having researched the issue, seems this is a common problem with this infection.
  • Tried to download Malwarebytes, but both Chrome and IE tell me their web page is not available, although I can access it fine from my XP machine. Installs OK from memory stick, but won't run.
  • Installed Ad-Aware OK, but can't use it as the update feature doesn't work, again this works fine on my XP machine.

I've had a look around for a fix and tried a couple of things, but neither worked. I think I may be getting to the stage where I need to re-install. I've backed all my data up in readiness, but would like to avoid re-installing if necessary.

One thing I have noticed is that my hosts file only has the following entry:

::1 localhost

Shouldn't this be 127.0.0.1 localhost?

Anyone come across this infection before and successfully got rid of it?

Thanks
 
Have you tried Spybot Search and Destroy? Other malware software - although if you can't update then that might not be so great.

I found this whilst having a quick look:

http://www.computing.net/answers/security/win32renosdz-cant-get-rid-of-it/26277.html

Looks to be someone with the same problem and although there are many steps it seems to get resolved in the end, only skim read it though.

A few people recomend using Avast Antivirus, Kaspersky and Antivir. Have you got any of these programs? If not try and get a copy and do a full system scan.

Good luck!
 
Thanks Knubje, hadn't seen that page. Seems like it worked for that bloke so going to give it a go now.
 
As bledd and myself has said a few times.... :p


turn off system restore
remove avg & install nod32 trial (& update)
run ccleaner to remove all temp files etc
go into safe mode and do full scan

Also worth resetting all IE settings back to default.
 
I wonder what else you have on there? :eek: :eek:

Some malware will remain stealthy and silently transmit your information to the mother ship.

It would be wise to format -> reinstall --> secure --> change all passwords, if you do anything sensitive on that system. e.g. online banking

Secure it properly this time. Standard User and UAC are there for this very reason. ;)
 
eXor said:
I wonder what else you have on there? :eek: :eek:

Some malware will remain stealthy and silently transmit your information to the mother ship.

It would be wise to format -> reinstall --> secure --> change all passwords, if you do anything sensitive on that system. e.g. online banking

Secure it properly this time. Standard User and UAC are there for this very reason. ;)
Click to expand...

NOD32 is scanning now. Hopefully nothing else on there, this is the first infection I've had for about five years. I am a standard user and UAC is on so not sure where this has come from. My son was on the laptop for about 5 minutes yesterday so suspect it was him!!!
 
Try using Spybot as said before - www.spybot.com
Its a shame that no anti-virus has a 100% detection rate, and there's not one tool that specialises in Virii, trojans and other malware.

And get rid of that dodgy Hosts file entry.
 
sigh..

disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription
 
bledd. said:
sigh..

disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription
Click to expand...
:D
 
Thanks for all of your advice guys, not going well though. Keep getting bluescreened when NOD32 is scanning.

I'm going to bite the bullet and re-install. I need the laptop for a site visit tomorrow so can't take the risk it won't be clean by then.

bledd. said:
sigh..
Click to expand...

Sorry if I'm boring you bledd:p
 
You must log in or register to reply here.
Back
Top Bottom