Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DNS Changer Help

Started by Chargr , Mar 30 2009 08:24 PM

  • Please log in to reply

#1
Chargr
Posted 30 March 2009 - 08:24 PM

Chargr

    New Member

  • Member
  • Pip
  • 1 posts
I'm trying to get my Windows XP desktop back up to take on trips. But I recently noticed I have a DNS.Changer on it. And it may be the reason why Windows Update is not working, or why can't download/update from certain Anti-Spyware or Virus site(s).

I did some research before posting and scanned with Malwarebytes Anti Malware, this is what I got from my first quick scan:

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 2

3/30/2009 6:30:44 PM
mbam-log-2009-03-30 (18-30-44).txt

Scan type: Quick Scan
Objects scanned: 77745
Time elapsed: 19 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 4
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vac.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6a3935f-8fe4-49a4-b987-a1c09e53589f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{150ea8e7-a97c-4816-ad02-4865eef8c5ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{baba5bdb-4eff-48db-b443-679651d37128} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdc0999c-999c-4ee1-875b-5c3542641768} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoAccessCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{109bb542-3b08-498e-806b-d8f2a2b07f23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7301e093-32b1-4a91-b97c-4e54720c1530}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{109bb542-3b08-498e-806b-d8f2a2b07f23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7301e093-32b1-4a91-b97c-4e54720c1530}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{109bb542-3b08-498e-806b-d8f2a2b07f23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7301e093-32b1-4a91-b97c-4e54720c1530}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.165,85.255.112.195 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.


I got about 6 viruses I think, and removed them all, did a restart. But I'm still experiencing the problem. I also did another scan and got nothing that time: (I thought I removed it?)


_________________

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 2

3/30/2009 7:17:43 PM
mbam-log-2009-03-30 (19-17-43).txt

Scan type: Quick Scan
Objects scanned: 77758
Time elapsed: 34 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


When I click Windows Update, it never shows up. Nor can I download anything from Microsoft. I even tried to delete it with Avira, but that did not work.

btw I took a look at other topics, but could not tell the difference between Zlob.dns changer or my error

Thanks for your support.

Edited by Chargr, 30 March 2009 - 08:28 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP