How to remove mydnswatch.exe

mydnswatch.exe

Last Updated on Tuesday, 22 February 2011 08:44 Tuesday, 22 February 2011 08:28

The file name mydnswatch.exe has appeared in a virus analysis report. You can see it on this link

The installer of this virus is of about 356 KB. It escapes from being identified by antivirus programs.
It connects to other harmful sites and download more harmful files.
It makes some changes to Internet Explorer's Fishing Filter and Recovery Settings. You can see the exact changes in the report mentioned above. The remedy is either manually undo the changes from registry or Uninstall and then download and do a fresh installation of Internet Explorer

It creates mydnswatch.exe and other files on the infected computer that you need to search and delete. You should end running processes named mydnswatch.exe from Task Manager. And also remove the file's entries from windows startup.

Warning: It is possible that some legitimate software may be using the same file names as that of the virus files. You do not have to delete these files if they belong to some legitimate program installed on your computer. Use Windows Defender or SysInternals Process Explorer to differentiate between them. The information in this article is presented without making any claims regarding its usefulness or otherwise. If you have any objections or questions, please send a note by adding a comment at the end of this page, or mail on support(at)comprolive.com

Preventive measures

Most of the viruses enter your computer when you visit some harmful website. If you use a browser plugin that warns you about harmful websites, you can prevent this from happening. A popular browser plugin is called Web Of Trust (WOT), you can install it from its website on this link.
Some of the viruses are downloaded in Internet Cache or in the Temp folder of the windows. The viruses get activated when these files are executed. You can reduce the risk of virus infection if you empty your browser cache and remove windows temp files occassionally, ideally at the end of a browsing session or before closing down your computer. Some programs like CCleaner can be set to do these things automatically. You can download CCleaner for free from this link
Do not leave your computer infected and insecure. If you doubt that there could be some undetected virus on your computer, don't leave it like that. Format the hard disk and reinstall windows and all other programs. That is the sure way to clear doubts.

Using System Restore

If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will be an easy way to undo the changes done by the virus

Using system restore in windows XP
Using system restore in windows Vista
Using system restore in windows7

Boot in safe mode

Sometimes you can not delete a file. You should boot in safe mode and then try to delete it.

How to boot in safe in windows XP
How to boot in safe mode in windows Vista
How to boot in safe mode in windows7

View Hidden Files

You need to enable to view hidden files and folders before searching.
How to Enable to View Hidden Files and Folders in Windows XP
How to Enable to View Hidden Files and Folders in Windows Vista
How to Enable to View Hidden Files and Folders in Windows7

Remove Processes from Task Manager

Press Ctrl Alt Del keys to open the Task Manager.Select Processes tab. You will see a list. Look for the names mydnswatch.exe in it. Select if found and press the End Process button. It will ask for your confirmation to end that process. Select Yes. You can end one process at a time. You can find out if a process in Task Manager is good or bad by using Windows Defender in XP and Vista. It shows the path of a process and its publisher. Harmful processes may be shown under Unknown Publisher in windows defender. Whereas in Windows7 you can find that out from the task manager itself

How to use Windows Defender in windows XP
How to use Windows Defender in windows Vista
How to use Windows Defender in windows7

Or you can use Sysinternal's Process Explorer. How to use Sysinternal's Process Explorer

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box.
In xp by clicking on Start > run . The windows startup is reversible. You can check / uncheck any entry from windows startup any number of times.

Open system configuration window.Click on the Startup tab. You will see a list all the programs that are scheduled to start with windows. Expand the middle column using your mouse pointer. That will show you the full path of the program. Locate and uncheck the boxes in front of these names "mydnswatch.exe" (also look for any other suspicious names)Press Apply , Press Close/Ok , Select "restart" at the next prompt

Deleting files

The computer will restart now. Delete the following files and folders. Boot in safe mode or boot in the dos prompt if needed. You can use windows search utility to search for mydnswatch.exe

Files
C:\mydnswatch\config.bin
C:\mydnswatch\mydnswatch.exe

Installer File
[file and pathname of the sample #1]

(We do not know the name or the location of sample #1, it could be in your default download location or on the desktop or in a Temp folder. The files and folders in the Temp folder can be automatically removed, if you use a freeware temp files/ registry cleaner software like CCleaner)
Folders
C:\mydnswatch

Repair Hosts File

To repair/ edit the hosts file. Login as administrator. open the following file in notepad
C:\ WINDOWS \system32 \drivers \etc \hosts
remove anything other than 127.0.0.1 Localhost, and save and close the file.

Registry Keys

Some of the registry keys will be automatically removed if you run Registry menu of CCleaner. For others you can see the report mentioned at the beginning of this article .

Using CCleaner

You can easily remove the files in the temp folder by running CCleaner. You can set CCleaner to run automatically each time the computer starts. Do not forget to run CCleaner > Registry menu to remove the obsolete registry entries.