Need Help removing DNSchanger virus.
Posted on 2008-10-20
I have somehow gotten a virus on a server machine. I am fairly certain this is a DNS changer "rootkit" virus. It automatically changes my DNS servers to invalid values. I found the references in the registry to a kmgql.exe (Not the exact file spelling) file which is associated with the virus, as well as references to change the DNS servers to invalid ones. If I removed the keys they just came back.
I tried to start the machine in safe mode, and now it just restarts over and over with the error:
"When trying to update a password the return status indicates that the value provided as the current password is not correct."