New Security Risk , Has to do with DNS!!

[DomainScoop.Com]

Recently someone designed a program which attacks your computer. I dont know, but lately lot of people were affected including me.

What this program (virus) does is, redirects you to random sites. For example, if you going to google, and search something, it will redirect you to different sites via "results5.google.com" and sometimes, uses, gugle.com etc.

Although, I have tried number of different anti virus, anti spywares, for example, avg, norton, microsoft , etc etc, top of the line ones, including combofix, etc, malware bytes, you name it, but did not resolve the problem at all.


So may be the program was removed from my pc after a scan and stuff, but program continue to exist, redirection to random sites.


So after researching and reading on google and many forums, after 2 WEEKS, i was tortured by this piece of crap, redirection, and began to avoid using my computer, i was so upset. I found the problem was with my network only. When I went to my neighbors, my laptop was working fine, but when i come back home, it was again redirecting.


So "rESULTS5.GOOGLE.COM " problem was with ROUTER ITSELF. Yes guys, ITS ROUTER.

When I checked the DNS of my router, it was 213.xxx.xxx something, and I did ip trace on this IP, and it came up as RUSSIAN FEDEARTION Which gave me sign, i was hit by virus, and it changed my router IP.

It was very smart program, because u can never find out , because the problem does not lie in your machine, it lies in your router.

SOLUTION- RESET THE ROUTER TO FACTOR SETTINGS, by logging to IP listed on your back of your router, and click on Factory settings, and it will reset.

2. Go to command prompt, and type this command

Ipconfig /flushdns

There is space after Ipconifg, keep in mind.


3. Now follow the router set up steps again, like u buy the new router, and put up security and name your router etc.


This should fix the problem of redirection. It was easy for me to actually fix it once i knew what was wrong, because it was to do with DNS, and we domainers know how to deal with DNS.

Good luck, if anyone experencing, Results5.google.com redirection, this shud be ur solution.

Even though firefox has addon to fix this problem, but that is not your permanent solution, you may be giving your information passwords logins to machines that are listed as Russian Federation.


Good luck.

 

[draggar]

Many people ignore the security of their home routers (wireless mainly). Every day I see a wireless home network named "LinkSys" or "NetGear" etc.. meaning that they never changed the SSID - I'm willing to bet they never changed the password, too.

So, I could easily connect to their unsecured network, log into the router, and lock them out of their own router. Or, I could leave it as is and do a ton of illegal browsing and who will get in trouble for it? Not me.

You can easily avoid 99.99% of this with some simple steps:

Change the SSID.
Turn off broadcasting the SSID
Encrypt the network
Change the administrator password <- This is the most important.
When all your computers are connected (wired and/or wireless) turn off acceptance / auto-accept.

Al this can usually be done in less than 30 minutes, maybe 60 with an inexperienced user (the manual helps wtih this).

 

[Gerry]

Unforunately for me, I was hit wi th a virus or worm which crashed my entire pc yesterday.

The is no data on the hard drive.

I could not stop it and even turning off the pc did not help.

I lost about seven years of data, documents, graphics, research, study materials, etc,

Some graphics survive on an external drive.

I have never experienced any thing like this.

My pc was essentially rendered useless.

 

[south]

Unforunately for me, I was hit wi th a virus or worm which crashed my entire pc yesterday.

The is no data on the hard drive.

I could not stop it and even turning off the pc did not help.

I lost about seven years of data, documents, graphics, research, study materials, etc,

Some graphics survive on an external drive.

I have never experienced any thing like this.

My pc was essentially rendered useless.

Did you reformat & reinstall? If not, chances are good you can recover your data.

 

[Johnn]

Unforunately for me, I was hit wi th a virus or worm which crashed my entire pc yesterday.

The is no data on the hard drive.

I could not stop it and even turning off the pc did not help.

I lost about seven years of data, documents, graphics, research, study materials, etc,

Some graphics survive on an external drive.

I have never experienced any thing like this.

My pc was essentially rendered useless.

Normally you can restore the data:
1. Try to boot it in safe mode and restore to an early date (Press F8 at start up time)
2. Run the upgrade OS if you have the CD (Press F12) and select the repair option.
3. Remove the hard drive and buy an enclosure to connect to a laptop/desktop via USB cable or connect the drive as a second drive to another pc and save the data.

 

[south]

John is correct, these steps will often work. However, if you have files that have actually been deleted, do NOT do step 1 or 2. Using windows repair will copy files to your hard drive, and most likely overwrite data that might have been otherwise recoverd. Step 3 is probably safe. For your best chance, pull the hard drive, do not copy anything to it, and send it to a reputable data recovery company (Ontrack is the best, but not cheap). If it is only software, and the drive is mechanically functional, a competent local tech might be able to get you data recovered as well. I could probably do it also if nothing has been overwritten, and the drive is still spinning.

 

[Gerry]

Normally you can restore the data:
1. Try to boot it in safe mode and restore to an early date (Press F8 at start up time)
2. Run the upgrade OS if you have the CD (Press F12) and select the repair option.
3. Remove the hard drive and buy an enclosure to connect to a laptop/desktop via USB cable or connect the drive as a second drive to another pc and save the data.

Unforunately, the ONLY mode I was able to run was PC recovery which took the entire drive to the first day I bought the PC.

I have disconnected the PC and done nothing else to it.

It is a horrible way to justify buying a newer more up to date PC.

 

[south]

Unforunately, the ONLY mode I was able to run was PC recovery which took the entire drive to the first day I bought the PC.

I have disconnected the PC and done nothing else to it.

It is a horrible way to justify buying a newer more up to date PC.

Ouch.

But it depends on what the recovery cd does. Some have a non destructive mode, which only replaces the operating system, but if it did a full format, you are mostly screwed. Even so, you might still be able to get some back, but most likely only fragments of information, and it would be both labor & cost intensive.

 

[Gerry]

John is correct, these steps will often work. However, if you have files that have actually been deleted, do NOT do step 1 or 2. Using windows repair will copy files to your hard drive, and most likely overwrite data that might have been otherwise recoverd. Step 3 is probably safe. For your best chance, pull the hard drive, do not copy anything to it, and send it to a reputable data recovery company (Ontrack is the best, but not cheap). If it is only software, and the drive is mechanically functional, a competent local tech might be able to get you data recovered as well. I could probably do it also if nothing has been overwritten, and the drive is still spinning.

That is precisely what someone else told me - DO NOTHING, don't attempt to save or write anything as the new data will look for the first available space to write and will write over data.

I was told that IF it is only software that it MIGHT be recoverable.

I guess for the most part I was pretty glum yesterday coming to the realization that I may have lost many documents including personal info like years of tax returns.

My reluctance now is to have someone mess with the drive, see that data and use it.

---------- Post added at 09:49 AM ---------- Previous post was at 09:47 AM ----------

Ouch.

But it depends on what the recovery cd does. Some have a non destructive mode, which only replaces the operating system, but if it did a full format, you are mostly screwed. Even so, you might still be able to get some back, but most likely only fragments of information, and it would be both labor & cost intensive.

There was no CD, per se. It was a program auto loaded.

The ONLY FUNCTIONAL option I had when the HP Blue Screen came on was <F10 - PC Recovery>.

---------- Post added at 09:51 AM ---------- Previous post was at 09:49 AM ----------

Its odd that I see this thread now after having undergone this yesterday.

What ever it was, each time I attempted to do something, it would come up as a warning box with an .exe extension which I know is not good. It appeared over and over and over again on every program and page.

 

[south]

That is precisely what someone else told me - DO NOTHING, don't attempt to save or write anything as the new data will look for the first available space to write and will write over data.

I was told that IF it is only software that it MIGHT be recoverable.

I guess for the most part I was pretty glum yesterday coming to the realization that I may have lost many documents including personal info like years of tax returns.

My reluctance now is to have someone mess with the drive, see that data and use it.

---------- Post added at 09:49 AM ---------- Previous post was at 09:47 AM ----------

There was no CD, per se. It was a program auto loaded.

The ONLY FUNCTIONAL option I had when the HP Blue Screen came on was <F10 - PC Recovery>.

You could still attempt a recovery, but (if the files were actually deleted), you would likely only get fragments. If the files were never actually marked for truncation (deleted), they might still be somewhere on your drive, assuming the recovery was non-destructive. Many variables, and if's. I do these quite regularly, and if nothing has been overwritten, the odds are usually quite high, 90-95%.

 

[draggar]

I've recovered data after a reload of the OS / data. It's not easy but it can be done (and it's not 100%).

At work we have a few of these at our disposal, I've used Get Data Back(for NTFS) the most with OK success. It's a lot higher with just bad sectors but I have been able to get back data once or twice after an OS load.

 

[south]

Yes, GDB is awesome. Sometimes a bartpe or knoppix cd can be a big help too, if you only have the one computer available.

 

[Johnn]

For your next PC:
1. Install SpyBot
2. Make a folder under C: drive called DOC (or whatever you prefer). Save all your files to this folder - You can also create sub folders under this one.
3. Back up to external hard drive - you can set automatic backup daily

 

[Gerry]

3. Back up to external hard drive - you can set automatic backup daily

That I was doing for some of the graphics and images because they were such gb Hogs.

But many are gone.

Honestly, we are talking thousands of images (raw,jpeg,png,gif), graphics, and docs.

I thought I was doing data and documents as well but apparently had not selected that option.

 

[Poohnix]

I never put *anything* on the local computer any more, except OS and the software itself, for which I keep a backup to be able to restore everything with all custom settings.
All other user data, documents files etc. are saved on network storage.

.

 

[draggar]

2. Make a folder under C: drive called DOC (or whatever you prefer). Save all your files to this folder - You can also create sub folders under this one.
3. Back up to external hard drive - you can set automatic backup daily

You can get external drives now in excess of 1-2TB. Transfer rates with USB 2.0 is great, too. No need to use one for backup, just use it to store your data on it. Just make sure it is not insulated (get one with a metal case, not plastic).

A second HDD in your PC is also an option if you have the room.

Yes, GDB is awesome. Sometimes a bartpe or knoppix cd can be a big help too, if you only have the one computer available.

The only problem with these is that they don't like encryption (higher rate that they can't recover the files) and it takes a LONG time to analyze the drive and try to recover (plus the drive needs to be a slave, not the primary). On rare instances I need to do this it takes over a day to try to recover a drive (most of our drives are between 60 and 80 GB - sometimes up to 120GB, the new PCs have 250 in them).

 

[Gerry]

I am getting ready to use the 2tb external that I have purchased.

I'll take the data on the 500gb drive I currently have set up, transfer it, and have the 500gb free to use elsewhere.

The new PC comes with a 1tb drive.

I am perhaps more pissed at myself than anything for being selective on which items to back-up rather than have the entire contents backed up.

One thing I am doing with this new PC is breakin the chains with Windows. Other than the Windows 7 OS, I will not be uploading any other windows products. I would normally install tons of their stuff. But, instead of Windows Office I now have OpenOffice.org running. Instead of all the Windows Office professional authoring tools, I will have my Adobe suites (CS3 and CS5). I have not used Internet Explorer in years and have never had an outlook account.

The old PC is still a work horse so I can still use it for many of my graphics and photoediting projects.

I had many paid downloads on the other PC (like photomatrix, etc) that I do need to try and recover or contact the site and re-download.

Essentially, an enormous pain in the ass and waste of nearly 2 days now setting up the current system and download/upload porgrams and discs.

 

[Dale Hubbard]

You might try a bootable linux CD that works in RAM: http://www.damnsmalllinux.org/

See if that can 'see' any files on your HD. Then try copying those files to a memory stick or external HD using the linux OS in memory.

Set the CD/DVD drive to boot first in the BIOS.

 

[DomainScoop.Com]

Many people ignore the security of their home routers (wireless mainly). Every day I see a wireless home network named "LinkSys" or "NetGear" etc.. meaning that they never changed the SSID - I'm willing to bet they never changed the password, too.

So, I could easily connect to their unsecured network, log into the router, and lock them out of their own router. Or, I could leave it as is and do a ton of illegal browsing and who will get in trouble for it? Not me.

You can easily avoid 99.99% of this with some simple steps:

Change the SSID.
Turn off broadcasting the SSID
Encrypt the network
Change the administrator password <- This is the most important.
When all your computers are connected (wired and/or wireless) turn off acceptance / auto-accept.

Al this can usually be done in less than 30 minutes, maybe 60 with an inexperienced user (the manual helps wtih this).

Its true, but I had it password protected, which still leaves me "how were my DNS changed, when I had it Password Protected?

 

[Theo]

What brand/model was the router? To make changes to an internal IP a router uses, the malicious software needs to run on your PC, it can't happen from the outside.