My boss got a series of emails and letters from Comcast instructing him to fix hid DNS server bot issue due to the DNS Changer Bot problem they encountered. If he didn't do what they wanted his internet service would be disconnected or interrupted. He asked me to do the "do-it-yourself" process to correct the problem because I am better with computers than he is.NOTE: He is running Windows Vista on an Acer Desktop Computer.
So I went to the site Comcast said to go to: http://xfinity.comcast.net/constantguard/botassistance/dnsbot, got started on the DIY guide in which the first step is to download and run Norton's Power Eraser : "Download Norton Power Eraser:http://security.symantec.com/nbrt/npe.aspx". I did this and followed the instructions on Nortons site, and its tutorial to the "t". I even created a manual Restore Point and Backed up his personal info to my 1TB just in case something went wrong. When it forced the restart, and reloaded I got the blue screen of death saying that windows was being shut down due to an error that may harm the computer. I could start the computer in Safe Mode but I could not get it to connect to the internet in Safe Mode. I ran all the necessary tests on the memory and integrity through Safe Mode and nothing comes up corrupted or wrong. I cannot start up the computer normally - only in Safe Mode.I do see the Norton Power Eraser Log but I'm not sure if it deleted something that was needed for normal start-up - I'm assuming it did, because it's the only thing different before the computer crashed.
Tried the F8 trick to restart from the Last Good Configuration - NO GO. Tried restarting it in Debug mode, NO GO. Tried to boot using "msconfig" and only boot using certain programs from Microsoft only, NO GO. Tried to do a System Restore in Safe Mode (via Command Prompt), NO GO.I have tried all these things in Administrator mode and in the regular user mode, NO GO.
I'm at a loss at this point - I've been on many forums and cannot find anyone that is using Windows Vista who has a fix for this. It is clearly because of this Eraser tool but it won't let me go back to my restore point, it gives me another error code, in addition to the BSOD error codes. If anyone can help I would appreciate it - if you need the Norton logs, Error codes, etc. please respond and I'll be happy to post.
Ouch, I thought mine was a pain. I would honestly suggest if you have another computer to log into, start a chat with security expert. Also, all computers and router must go through the process. I haven't seen anything on Vista so my best guess would be to contact support or the number for the security team itself (Not the paid assistance). It's possible that the program can't be used on Vista
Comcast security supoort line:
On another computer, you could start a chat with norton's themselves and see if they can help once it's got the error. I found them extremelt more helpful but I did allow remote access which i generally wouldn't do. They checked my fix to the dns changer bot, reinstalled nortons (ours was stuck and reporting it expired), and did it all for free, something comcast should be doing
Yeah, I have been doing chats with every tech support I can think of - including Norton and Acer and Microsoft, and have 3 forum chats going too. Trying to go through the troubleshooting tips now - but Comcast has not been any help - was on hold forever when I called. If the NPE was not compatible with Vista, maybe that should have been mentioned at some point because I truely think that is what it was.
UPDATE: I was able to bypass the BSOD by simultaneously clicking F10 and Alt while computer was booting up. This allowed me TEMPORARILY to boot up normally (not in safe mode). I was logged in for 3 hours, in which I did a system restore to 3 days ago, ran 3 anti-virus and anti-malware programs (microsoft's pc fix, AVG, and Malware Bytes), removed 7 or 8 Trojans. I searched extensively for the Norton program but it was no where to be found. I then did a restart (because I was prompted after all the spring cleaning I was doing) and guess what....BSOD again with the same error codes.
I will post all logs and back-up material when I get home - maybe Comcast may want to help me out here on the forums...but I highly doubt it at this point, sort of disappointed from a service aspect.
ComcastJordan generally seems to help with issues. If you click his name, I think you can ask email him personally. He said he had been away a couple of days so he might beable to give you better information now.
I saw your posts on the Norton Forums and noticed that Quads has responded - he's very good in this area. Just a word of caution, be careful working with diffrent forums, especially with malware removal. If you get into the actual malware removal with an expert and seek help from more than one source at a time - you may find yourself with no help at all.
A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'
From your original post it is unclear whether you performed any repairs using NPE after the scan. Did it come back with any specific detections that you chose to repair? If so, the first thing to do is to attempt to undo the last session through NPE from Safe Mode.
If your Safe Mode has no networking you may need to cancel out of NPE's attempts to restore network connections, but even without a network connection you can still get to the main window and use the History feature. After you find your repair session and hit Next, it will show what was removed. You can click on the "hyperlink" for each item to see the exact file path, which would be good to know. Once you have that information just click Undo, and NPE will roll back any changes it may have made to your system.
Not my system...it's my bosses. We live in 2 separate cities in south Florida. He bought a new computer yesterday and router and still came up red on both sites you linked to. It's a bit frustrating. I downloaded the Constand Guard today and one site went green and one site was red and still a bot pop up. Still trying to fix his old computer as well, but that's another story altogether - Norton is helping me with that one.
@JohnMcB: yes it told me to repair, had a list of things hightlighted in red labled "bad". I did try to undo, but was never allowed back into the system after the restart after the removal of the viruses - straight to BSOD. When I was able to get back in for a short time, NPE gave me an error message and would not let me in the program to undue what was done.
I had an old computer crash like that once to, it could be it just couldn't handle
There is a thread where one person got help on Vista system: Constand Guard Am I botted. They have a link that may help.
As for the new router, did you change the factory settings for adniistrator name/ password, and All encriptions. It could be reading same settings for some reason if you happen to use the same information as before even on a new router. This includes if you kept the same name and password you used on previous router even if it was not factory settings
@AGhelp: yes, I'm thinking old computer with already massive virus issues and it just crashed. But it doesn't explain the brand new computer still being detected as a threat on the amibotted site. ;-/
Will look at the link you suggested. New router: didn't change parameters but I did make sure the DNS IP addresses were the being retreived automatically and they were the IP addreses comcast told me that they should be...so dunno.
Factory set DNS settings could reflect same "marked" problem I think since many people often don't change them. Another thing, if you used same information on the new router Name and pass, it's possible that it kept old settings for network although new router. I would also double check the date it last showed bot activity at amibotted. According to a post earlier by a moderator, nome was coming from your network. You can also ask the secuirt and fraud department to double check. According to them, if it's clean and settings changed, they will most likely not see any activity. If it's only showing up on "amibotted", it may be an old alert.
You also want to run the check with a hardwire check to modem. This is suppose to be what determines which computer is infected.
Is the network secure? Could someone else use the network. We had an infringement letter which I suspect may have come from a neighbor when their internet was turned off. We didn't do it, even checked history to double check but we also don't have the software needed for those type of files to even be read.
If an infected computer (ouside your own) is able to connect, you could still be showing alert. However, I have a feeling it's something reading it on the router, whether it's because it's common to use default settings or you used same name/password. I would first hardwire the computer itself and see if the check shows a bot. If gives a date, note it. Reset the router again, and ask security to check your account.
They did a couple of days ago and said nothing was showing up.
Thanks AG for your your help - extremely useful for the new computer. Updated router info and Comcast actually called my boss to inform him that his account was all clear. I appreciate everyone's help on the forum - truly I do. This problem is solved....now on to fixing the old computer :-) but I have another forum helping me with that section of the issue. And yes, I've learned forum etiquette - no multiple postings, but in this case it helped.
No problem, believe me I think I'm learning the same thing about posting. When you have to deal with a problem quickly, you look for help anywhere possible. I honestly think I did the same thing unintentionally. Some things I noticed was deleted so your not the only one. I'm learning as I go as well, was just hard to learn all the forum etiquette when the issue was urgent
Glad everythings fixed and hopefully we've all learned something about being more aware of potential threats.