Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Not able to download from download.microsoft.com

by jficque Nov 8, 2008 12:05AM PST

I have a problem that I can't figure out. When I go to windows update on the start menu I get sent to www.msn.com.

Also when I click on Microsoft update it just grinds and grinds.

Also when I go to the windows updates web page and try to download something manually it validates my machine and presents a clickable download button. When I click on it I get a very small windows pop up that says page not found.

I can not download anything off of Microsoft's site.

When I go to update superantivirus I get an error that says "There is an error trying to retrieve definitions" "Make sure your firewall is not blocking superantispyware.exe from accessing Internet"

When I go to update adaware I get can' find Internet connection.


I had already ran the Malwarebytes scan and got this:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.

Those IP addresses are to download.microsoft.com
Here is the nsloop up results:

C:\>nslookup download.microsoft.com
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.165: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.23: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 1.2.3.4: Timed out
*** Default servers are not available
Server: UnKnown
Address: 85.255.112.165

Non-authoritative answer:
Name: download.microsoft.com.san.rr.com
Address: 99.198.101.4

Also I did this:

C:\>ping -n 1 download.microsoft.com
Ping request could not find host download.microsoft.com. Please check the name a
nd try again.

I have two computers doing this with the download site. Both attached through the internet on a linksys router.


Any help would be much appericated since this is driving me nuts.

John

Discussion is locked

14 Posts
- Collapse + Expand Details
- Collapse -
xxxx
by jficque Nov 8, 2008 12:41AM PST

From some reason the only way I can get to the internet is with the Router. I can not get a connection to the internet with either machine if I wire directly to cable modem, only if they go through the router.

I just started using this router about a month ago or so.............

John

- Collapse -
You've Seen Your Other Discussion?
by Grif Thomas Former Forum moderator Nov 8, 2008 3:58AM PST
- Collapse -
Yes Carol told me to repost in this forum Bill closed other
by jrfaug06 Nov 8, 2008 4:02AM PST

topic.

- Collapse -
That was the old thread. Ignore Bill. From another site.
by jrfaug06 Nov 8, 2008 4:04AM PST

Can you help me??

- Collapse -
I also would give......
by Marianna Schmudlach Nov 8, 2008 6:05AM PST

SuperAntiSpyware a try, as it could be, MBAM didn't remove "everything" ?

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

Did it help?

- Collapse -
Hi
by jrfaug06 Nov 8, 2008 6:25AM PST

I tried superantispyware. No dice. Everytime I run Malwarebytes in safe mode, I did it 3 times in row and reboot These:


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.

Always show back up when I reboot it and run malwarebytes in safe mode

Any ideas?

John

- Collapse -
Superantispyware
by jrfaug06 Nov 8, 2008 6:26AM PST

is blocked from updating too.

- Collapse -
........ probably because.....
by Marianna Schmudlach Nov 8, 2008 7:17AM PST

85.255.112.165 85.255.112.23 1.2.3.4 is still in there......

Do you have CCleaner?

IF NOT, download from here: http://majorgeeks.com/download4191.html

# Now run Ccleaner with the default options (that means don?t change anything) to clean out temporary files.
# Only use the default settings on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.
# Also it is highly recommended to login to all other User Accounts on the PC including the Administrator account (on Win2K,XP and Vista) which will only show when you boot in safe mode.

* Run CCleaner on each account. This can greatly reduce scan time and log sizes.
* If you don?t see Ccleaner?s link when logging into the other accounts, just go to the C:\Program Files\Ccleaner folder and double click on the ccleaner.exe file to run it. You can also create a shortcut to the file on the Desktop of your other user accounts to make it easier to run in the future.

As to "why" the "infection" is coming back........... read post no.4
from this thread:
In my case it had actually changed the settings on my router which is why it affected all 8 machines that connected through the router. As soon as i removed those settings and returned it back to automatically get them from the ISP, everything was fine.

http://forums.majorgeeks.com/showthread.php?p=1234119

- Collapse -
I have ccleaner
by jrfaug06 Nov 8, 2008 7:38AM PST

I ran it a million times. Still same issue.

John

- Collapse -
I wrote post number 4
by jrfaug06 Nov 8, 2008 7:39AM PST

xx

- Collapse -
Hi Sorry I thought
by jrfaug06 Nov 8, 2008 7:41AM PST

you mean post in this thread. That link goes no where. Just brings up blank page.

- Collapse -
NOT your post...........
by Marianna Schmudlach Nov 8, 2008 7:53AM PST

but..... will c\p the reply:

How to get rid of trojan.dnschanger/zlob.dnschanger

To all those who have been infected with the trojan.dnschanger as i was these last few days. I couldn't quite understand why if i ran Malwarebytes, cleared the infections then restarted my computer WITHOUT a network connection, the infection seemed to be cleared. Then AS SOON AS i connected to the internet it would come back again. Finally the obvious dawned on me, it had actually changed the settings of my internet connection. It had caused it to connect with its own DNS records instead of Automatically getting them from the ISP.

In my case it had actually changed the settings on my router which is why it affected all 8 machines that connected through the router. As soon as i removed those settings and returned it back to automatically get them from the ISP, everything was fine.

So, to get rid of this unbelievably annoying infection, disconnect from the internet, run Malwarebytes to clear any remaining infections, and remove the amended dns settings. Restart your computer, connect to the internet, perform a final Malwarebytes quick scan to make sure it has gone and then continue with your life happy in the knowledge you have overcome another annoying infection

- Collapse -
Problem solved
by jrfaug06 Nov 9, 2008 7:22AM PST

I ended up having to buy a new router because my old one was fried by the dns.changer

John

- Collapse -
Ouch......
by Marianna Schmudlach Nov 9, 2008 7:33AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info