Web Forum - Re: Can't use internet anymore

Forum Index > Re: Can't use internet anymore

	Author	Topic: Re: Can't use internet anymore
	mportela	Can't use internet anymore on 11/02/2009 04:29 (UTC) I installed treewalk, however NOD32 accused a virus and I chose to ignore the alledged virus file install. I confess i got spooked and immediatly uninstaled treewalk. Now I am unable to use any internet services. Can you please help me restore this major problem?
	Axn... View details	Re: Can't use internet anymore on 11/02/2009 08:38 (UTC) mportela wrote: > I installed treewalk, however NOD32 accused a virus and I chose to > ignore the alledged virus file install. I confess i got spooked and > immediatly uninstaled treewalk. Now I am unable to use any internet > services. Can you please help me restore this major problem? No problem, we can help you with that annoying false positive! Please download this zip file and extract it to a folder on your desktop (or where ever you like): http://treewalkdns.com/instsrv/instsrv.zip 1. Run (or double-click) "instsrv_.cmd" (You might need to turn your A-V off temporarily for any of these steps) 2. Start the uninstaller again! 3. Re-install TreeWalk with your A-V off 4. Run a scan afterwards, using your A-V 5. If it detects the new version of "instsrv.exe", set your A-V to ignore it! 6. If this is not an option, then keep the link or zip file for later use too Or, check the files with an online Virus Checker beforehand, just to calm your nerves! This newer version from Microsoft shouldn't create any more FPs. OK -- this list is not perfect either, but I was in a hurry... Personally, I say try TreeWalk -- you'll love it! Regards, Axn... (Delete caps and dash for reply) - TreeWalk DNS http://treewalkdns.com/index.htm - CF Plugins http://confetch.com/index.htm - Forums http://forums.treewalkdns.com - News news://news.treewalkdns.com
	Axn... View details	Re: Can't use internet anymore on 11/02/2009 09:08 (UTC) Axn... wrote: > mportela wrote: > > > I installed treewalk, however NOD32 accused a virus and I chose to > > ignore the alledged virus file install. I confess i got spooked and > > immediatly uninstaled treewalk. Now I am unable to use any internet > > services. Can you please help me restore this major problem? > No problem, we can help you with that annoying false positive! > Please download this zip file and extract it to a folder on your > desktop (or where ever you like): > http://treewalkdns.com/instsrv/instsrv.zip > 1. Run (or double-click) "instsrv_.cmd" (You might need to turn > your A-V off temporarily for any of these steps) > 2. Start the uninstaller again! > 3. Re-install TreeWalk with your A-V off > 4. Run a scan afterwards, using your A-V > 5. If it detects the new version of "instsrv.exe", set your A-V > to ignore it! > 6. If this is not an option, then keep the link or zip file for > later use too > Or, check the files with an online Virus Checker beforehand, > just to calm your nerves! This newer version from Microsoft > shouldn't create any more FPs. > OK -- this list is not perfect either, but I was in a hurry... > Personally, I say try TreeWalk -- you'll love it! 7. IMPORTANT! Make sure you got the TreeWalk Installer from either: (in zip format) http://treewalkdns.com/download/051111twdns.zip (in exe format) http://treewalkdns.com/tw_exe/twdns821.exe ...or the ConFetch site. If you got it from somewhere else, please let us know from where, and save the file for us. If this is the case, we may need to inspect it, but don't send it us unless it is requested from you later! Thank you... Regards, Axn... (Delete caps and dash for reply) - TreeWalk DNS http://treewalkdns.com/index.htm - CF Plugins http://confetch.com/index.htm - Forums http://forums.treewalkdns.com - News news://news.treewalkdns.com
	ObiWan View details	Re: Can't use internet anymore on 12/02/2009 15:52 (UTC) > I installed treewalk, however NOD32 accused a virus and I chose > to ignore the alledged virus file install. I confess i got spooked and > immediatly uninstaled treewalk. Now I am unable to use any internet > services. Can you please help me restore this major problem? Did you uninstall treewalk regularly or did you just remove its folder ? Also, did you allow the uninstaller to fully run or there was some "barf" from the A/V program which denied some operation ? See... during installation TW sets itself as the primary and only DNS (you'll see that looking at the network properties) so, if you uncorrectly uninstall it, the DNS will still be pointing to 127.0.0.1 but there will be "nothing" listening and answering on that address To solve the issue you may manually reset your network properties to point to the correct DNS server(s) and then, if you want you may reinstall treewalk; notice also, that correctly uninstalling it will restore the previous DNS settings, so, usually you won't experience an issue like the one you reported * ObiWan DNS "fail-safe" for Windows 2000 and 9X clients. http://www.treewalkdns.com Support and discussions forums/groups http://forums.treewalkdns.com news://news.treewalkdns.com 408 XP/2000 tweaks and tips http://www.treewalkdns.com/tq/Tip_Quarry.htm
	ObiWan View details	Re: Can't use internet anymore on 12/02/2009 15:53 (UTC) >> I installed treewalk, however NOD32 accused a virus Almost forgot; NOD32 probably flagged the UPX compressed files used by TW as "suspicious" due to the fact that such a runtime compressor is also used by malware; that's why it popped up claiming there was an issue with TW * ObiWan DNS "fail-safe" for Windows 2000 and 9X clients. http://www.treewalkdns.com Support and discussions forums/groups http://forums.treewalkdns.com news://news.treewalkdns.com 408 XP/2000 tweaks and tips http://www.treewalkdns.com/tq/Tip_Quarry.htm
	Axn... View details	Re: Can't use internet anymore on 13/02/2009 02:29 (UTC) ObiWan wrote: > >> I installed treewalk, however NOD32 accused a virus > > Almost forgot; NOD32 probably flagged the UPX compressed > files used by TW as "suspicious" due to the fact that such a > runtime compressor is also used by malware; that's why it > popped up claiming there was an issue with TW Yes -- UPX is awesome. It crunched the W2K ResKit version of instsrv.exe down to 18,944 bytes from 32,256 bytes and "instsrv.exe" still works fine! Kapersky's Online Scanner says it's okay too. But VirusTotal gives this for that re-packed version (which is otherwise OK)[18,944 bytes]: File instsrv.exe received on 02.13.2009 02:55:59 (CET) Result: 4/39 (10.26%) Antivirus Version Last Update Result <snipped all but the FPs> Authentium 5.1.0.4 2009.02.13 W32/Rootkit-PX!Eldorado eSafe 7.0.17.0 2009.02.12 Suspicious File F-Prot 4.4.4.56 2009.02.13 W32/Rootkit-PX!Eldorado <### note the NOD32 result doesn't complain here> NOD32 3849 2009.02.12 - TrendMicro 8.700.0.1004 2009.02.12 PAK_Generic.001 http://www.virustotal.com/analisis/cc51fa231540deb7cb912840b85fc19e The results today for TW's instsrv.exe is this [15,360 bytes]: File instsrv.exe received on 02.13.2009 03:04:56 (CET) Result: 17/39 (43.59%) Antivirus Version Last Update Result <snipped all but the FPs> a-squared 4.0.0.93 2009.02.13 Trojan-Spy.Win32.Small.ih!A2 AhnLab-V3 5.0.0.2 2009.02.12 Win-Trojan/Xema.variant BitDefender 7.2 2009.02.13 Virtool.2041 eSafe 7.0.17.0 2009.02.12 Win32.Small.ih Fortinet 3.117.0.0 2009.02.12 Misc/Instsrv GData 19 2009.02.13 Virtool.2041 K7AntiVirus 7.10.628 2009.02.12 Trojan.Win32.Malware.1 McAfee 5524 2009.02.12 Generic.dx McAfee+Artemis 5524 2009.02.12 Generic.dx NOD32 3849 2009.02.12 probably a variant of Win32/Agent nProtect 2009.1.8.0 2009.02.12 Trojan-Spy/W32.Small.15360.C Sunbelt 3.2.1851.2 2009.02.12 Trojan-Downloader.Generic Symantec 10 2009.02.13 Trojan Horse TheHacker 6.3.1.9.254 2009.02.12 Trojan/Spy.Small.ih TrendMicro 8.700.0.1004 2009.02.12 TROJ_SMALLTRO.LD VBA32 3.12.8.12 2009.02.13 Trojan-Spy.Win32.Small.ih ViRobot 2009.2.12.1603 2009.02.12 Spyware.Small.15360 http://www.virustotal.com/analisis/a9d593c177f9726a72ada1870fe9f8ae This is for the W2K ResKit version [32,256 bytes] and is the version in the zip file with instsrv_.cmd: File instsrv.exe received on 02.13.2009 03:21:25 (CET) Result: 0/39 (0%) http://www.virustotal.com/analisis/69c756d76218669ba22298d54f030abb ...six months ago this was even flagged by an A-V product... Yep! They don't know how to treat the packer!!! What do you think should be done, ObiWan? Regards, Axn... (Delete caps and dash for reply) - TreeWalk DNS http://treewalkdns.com/index.htm - CF Plugins http://confetch.com/index.htm - Forums http://forums.treewalkdns.com - News news://news.treewalkdns.com
	ObiWan View details	Re: Can't use internet anymore on 18/02/2009 10:00 (UTC) > What do you think should be done, ObiWan? well... packed or not, the instsrv is still flagged by some product as "suspicious" just because some malware use/used it to install itself "as a service"; so even un upx-ing the files won't be a solution; add to this that some of the latest worms change the DNS settings of the machine (and the setup does that to point the dns to the localhost) and you'll see that there isn't so much which can be done I think that the only thing to do would be placing a "bigger" note on the download page explaining that some AVs may incorrectly flag the package as malware * ObiWan DNS "fail-safe" for Windows 2000 and 9X clients. http://www.treewalkdns.com Support and discussions forums/groups http://forums.treewalkdns.com news://news.treewalkdns.com 408 XP/2000 tweaks and tips http://www.treewalkdns.com/tq/Tip_Quarry.htm
	Axn... View details	Re: Can't use internet anymore on 19/02/2009 04:27 (UTC) ObiWan wrote: > > What do you think should be done, ObiWan? > well... packed or not, the instsrv is still flagged by some > product as "suspicious" just because some malware > use/used it to install itself "as a service"; so even un > upx-ing the files won't be a solution; add to this that > some of the latest worms change the DNS settings > of the machine (and the setup does that to point the > dns to the localhost) and you'll see that there isn't > so much which can be done OK! The (momentarily) clean one can be kept around for emergencies. > I think that the only thing to do would be placing a > "bigger" note on the download page explaining > that some AVs may incorrectly flag the package as > malware Done! Here: http://treewalkdns.com/downloads.htm#avoff ...here: http://treewalkdns.com/faq/a-tw_newuser.htm ...and: http://treewalkdns.com/faq/a-script_block.htm ...there! Too big? Regards, Axn... (Delete caps and dash for reply) - TreeWalk DNS http://treewalkdns.com/index.htm - CF Plugins http://confetch.com/index.htm - Forums http://forums.treewalkdns.com - News news://news.treewalkdns.com
	Morpheus	Re: Can't use internet anymore on 14/02/2010 14:01 (UTC) Disappointed will have to look elsewhere, you need to sort this trojan thing out, Im not going to use this sofware...sorry dude
	ObiWan View details	Re: Can't use internet anymore on 14/02/2010 14:11 (UTC) > Disappointed will have to look elsewhere, you need to sort > this trojan thing out, Im not going to use this sofware...sorry dude Up to you, no problem here; it's a KNOWN false positive (and you can verify that by yourself) but if you don't feel comfortable with that, no problem here, all in all installing or not a given s/w on YOUR machine is (and HAS to be) YOUR choice * ObiWan DNS "fail-safe" for Windows 2000 and 9X clients. http://www.treewalkdns.com Support and discussions forums/groups http://forums.treewalkdns.com news://news.treewalkdns.com 408 XP/2000 tweaks and tips http://www.treewalkdns.com/tq/Tip_Quarry.htm