Ok i have a problem i can't connect to www.msnplus.net and other pages as well , but my main interest y msn plus. Though that's not all, i was seraching for answers and i couldn't find anything that made sense to me, i found something on etrust antivirus, but it's through subcription and ...ok long story no check out these screenshots i took, and the following explanation from etrust. I'm beggin for someone to help me, i'm getting nuts!!! with this problem. Thousand thanks! [URL=http://img96.echo.cx/my.php?image=connectionie0wg.jpg][IMG]http://img96.echo.cx/img96/6122/connectionie0wg.th.jpg[/IMG][/URL] [URL=http://www.imageshack.us][IMG]http://img96.echo.cx/img96/6122/connectionie0wg.jpg[/IMG][/URL] ================etrust response==============>> res://C:\WINDOWS\SYTEM32\shdoclc.dll\DNSERROR.HTM... Description Win32.Dluca.J is a downloading trojan. Method of Infection When executed, Dluca.J deletes the file %Temp%\qdelwbi.tmp and copies itself to: %System%\uyhwzrqi.exe. It then modifies the following registry entry to ensure that this copy is run at each Windows start: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\uyhwzrqi = "%System%\uyhwzrqi.exe /install" Note: '%System%' is a variable location. The trojan determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:\Winnt\System32; for 95,98 and ME is C:\Windows\System; and for XP is C:\Windows\System32. Return to top Payload Modifies System Settings Dluca.J changes the default search settings for Internet Explorer on an affected machine. It redirects any URL containing one of the following strings to a search page in the domain 204.177.92.207: 216.177.73.139 res://c:\windows\system32\shdoclc.dll/syntax.htm res://c:\windows\system32\shdoclc.dll/dnserror.htm res://c:\windows\system32\shdoclc.dll/navcancl.htm res://c:\windows\system\shdoclc.dll/syntax.htm res://c:\windows\system\shdoclc.dll/dnserror.htm res://c:\windows\system\shdoclc.dll/navcancl.htm http://sitefinder.verisign.com/ eps.new.search.new.net/apps/eps www.commonname.com/en/powersearch aolsearch.aol.com hot.aol.com www.searchresult.net ieautosearch ad.doubleclick.net/adi/sp.3236/;kw= www.ignkeywords.com auto.search.msn.com The following domain contains a file which may be accessed, however at the time of writing it contained nothing: 204.177.92.191 Dluca.J downloads files from a list it retrieves from a web page. It is also able to update itself in this way. Return to top Additional Information Dluca.J also adds these values to the registry: HKCU\Software\PrimeSoft\qsearch\CCINFO = "ECR#1B1C" HKCU\Software\PrimeSoft\qsearch\VNPIN = "ECR#4A5B0AD058D0A8" HKCU\Software\Program Data\SSET = "ECR#2F307BB136B2C9EA" Analysis by Paul Taylor

http://img96.echo.cx/my.php?image=connectionie0wg.jpg http://img119.echo.cx/my.php?image=connection9bi.jpg Those are the screen shots. Thanks again. D.

The best thing to do is download TDS-3. (That's a direct link to the 5.2MB file.) Once it's installed, reboot your computer in Safe Mode. Fire up TDS-3 and select Full System Scan from the System Testing menu. That might take a while but the bottom message area will notify you of any trojans it finds. If I remember rightly, you can then select and remove each one or all of them. Then click Start and Run; type in this exactly: notepad c:\windows\system32\drivers\etc\hosts Click OK. Select everything in that file and delete it. Then put this one line: 127.0.0.1 localhost Save the file and exit Notepad. You should now try restarting your computer and let Windows boot normally. You could now try browsing with Internet Explorer and see if your problems are fixed. However, I recommend you download Firefox, a far superior and more secure browser. You won't regret it. If you can browse the Web, you're half-way there. Now download and install some of the programs listed on this page. The top three are the most important. Once you're into each one, make sure you update it to the latest reflists. Then initiate a full system scan. Finally, download this file (less than 60KB) and run the Startup.exe inside. Go through each tab, right-clicking each startup entry that you really don't and selecting delete. Be really brutal, they are slowing down your computer's bootup speed considerably. I hope this helps, James Free PC Help forums MiniApache

Sorry the following sentence... "...right-clicking each startup entry that you really don't and selecting delete." ...should read: "...right-clicking each startup entry that you really don't need and selecting delete." Free PC Help forums MiniApache

Thank you James. I'm going to do all that right away. Btw, i have Firefox off course, because i know IE really sucks. You see, but the problem is that ALSO even in Firefox the same website msnplus does not work, as well as other.. now i think that what you told me is going to work, so thanks again. i'll post after i've done all that i'm going to take screenshots of all that, and post them on my site, so that if someone has the same problem they can fix it. Ciao. D.

OMG it works!!!!! James i owe u that one!! lol! God this feels good... Ok i walk you through it.. First i dloaded the program you told me TDS-3. I installed it. Everything went great, i restarded it in save mode, then put it to scan and it gave me 1 spyware (non of those were Win32.Dluca.J or anything similar) everything was some .exe like limewire, and firefox setups of the two latest versions. I didn't erase them because i dloaded those from their respective sites, and i don't think there's anything wrong with them. Ok so i started to think man this is not going as you told me but is ok because i haven't make the changes to the HOSTS file. Then i when to star\run and open HOSTS on notepad, erased everything and wrote the line 127.0.01 localhost. After that i said, if this doesn't works i'll go to play soccer, to relax a bit (or else i'll tost this cpu our the window,and then kick it a bit more lol) thankfully! it worked i went to IE and searched for msn plus site on google, and it when like roses, beautiful, just straight in the main page of the site. Thank you very much for your help. some screenshots: http://img226.exs.cx/gal.php?g=solvedfire3fm.jpg There's the gallery , there are two screenshots of before (when it didn't work) and two of the "after" (right now, when it works) and one of the program TDS-3 when i opened. I forgot to take more screenshots of the whole process. Thanks again D.