I acquired the above message on my laptop while fixing a very ill PC for a friend. I was almost impressed with the amount of work that had gone in to developing a virus that fools many into thinking that is is a legitimate programme, and which cleverly makes all the files on the C: drive have the “hidden” attribute- which really means that it looks like all your files are gone unless you know how to set folder options to view hidden files… anyway, that’s where my problems began. I used Malwarebytes as the primary tool to cure the patient, as well as Avira Antivir Personal as my (free) antivirus.
No, I was not fooled. My mother swatted all the flies off when I was a mere infant, but yet I got this confounded message and only many hours later have I cured it- thus this post as a cure is difficult to find.
PART 1
Firstly, install malwarebytes and perform an update. It may be neessary to boot into safe mode. Pressing F8 between from boot up before Windows starts, the computer will loads a menu with several choices. Select “Safe Mode with Networking”. If you cannot get into the F8 menu with a USB keyboard, one solution is to go into the BIOS and enable USB Keyboard Support, or use an old PS2 keyboard. Now, after running the updated Malwarebytes, perform a full system scan and boot into Windows normally to fully remove the virus.
Now is the clever bit on the part of the virus creators- no matter what I did I was still getting the same message. The virus had very cleverly changed Network settings and it seems that if an infected computer is on your network, it can spread!
PART 2
Lets see if resetting the router makes any difference. If you cannot get this information or are not comfortable fiddling with your router, you might skip on to the next part (which worked for me btw).
Router Reset- Please read this if you want more information on this relatively new type of infection. Make a note of the default username and password for your router- there is a recessed reset button on many routers.
“If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled “reset” located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)”
This is a slightly more difficult part.
First get to the routers server. To do that type http:\192.168.1.1 in the address bar and click Enter.
You get the log in window: Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
You have to fill in the log in password your ISP has initially given to you.
You can also call your ISP if you don’t have your initial password.
Don’t forget to change the routers default password and set a strong password.
Take a note of the password and keep it somewhere safe for future reference.
PART 3
Please make sure of the following settings:
Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
- Select the General tab.
- Double click on Internet Protocol (TCP/IP).
- Under General tab:
- Select “Obtain an IP address automatically”.
- Select “Obtain DNS server address automatically”.
- Click OK twice to save the settings.
Reboot if you had to change any setting.
PART 4
To Flush the DNS cache:
- Click the Start logo in the bottom left corner of the screen
- Click on Run
- In the command window copy/paste the following
ipconfig /flushdns
- Hit enter
- Exit the command window.
- Reboot
When I rebooted, I was able to get online again- happy days!
It seems that the problems are caused by a virus known as DOS/Alureon.A and it’s been quite successful in propagating it’s evil spawn across the web! It is also commonly identified as a Google Redirect virus, as that’s exactly what it was doing on the original patient I was treating- no matter what one searched for or what link was clicked from the results page, the user was redirected to spam and infected websites. Another useful tool for this problem seems to be Eset’s Scan, another free tool. It appears to be effective in helping with the actual virus that causes the problem as well.
I hope this helps others that have this problem. Good luck