[Essexboy]

Are you still getting alerts on dnsapi ?

Click here and select the blue Run ESET Online Scanner button:


If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• A link to esetsmartinstaller_enu.exe will be provided. Make sure to download it to the desktop.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Enable detection of potentially unwanted applications is checked.
• In the Advanced Settings dropdown menu:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Use custom proxy settings is unchecked.

• Now click on Start.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[Advertisements]

I haven't gotten anymore warnings about the dnsapi.dll
I'm still running the eset scanner which is taking a long time! I will repost results when it finishes. So far 1 threat, Win32/Systweak

[mistywjd]

I haven't gotten anymore warnings about the dnsapi.dll
I'm still running the eset scanner which is taking a long time! I will repost results when it finishes. So far 1 threat, Win32/Systweak

[Essexboy]

OK, it is just the MD5 for your copy of the file is fake. Hence my supposition that it is altered in some way

[mistywjd]

Okay, is it something to do with my onedrive folder? hope not...

 

I copied exported this from eset to txt file:

C:\Users\Wendy\OneDrive\Setup_WinThruster_2015.exe Win32/Systweak potentially unwanted application
 

And here is the scan log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f26c24c3f16a644b8490b393cd5a3570
# end=init
# utc_time=2015-10-11 06:11:02
# local_time=2015-10-11 02:11:02 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26183
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f26c24c3f16a644b8490b393cd5a3570
# end=updated
# utc_time=2015-10-11 06:14:47
# local_time=2015-10-11 02:14:47 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f26c24c3f16a644b8490b393cd5a3570
# engine=26183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-11 08:22:37
# local_time=2015-10-11 04:22:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 7147369 0 0
# scanned=282233
# found=1
# cleaned=0
# scan_time=7669
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\Wendy\OneDrive\Setup_WinThruster_2015.exe"
​

[Essexboy]

Delete that from your one drive as that may have been the culprit... One last check

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

[mistywjd]

Okay, now i feel like i dont know what to do... i ran malware bytes. it found 8 registry keys that it removed. restarted and now Malwarebytes wont open for me to get the log, and windows defender is starting to try and quarantine my dnsapi.dll again..... is this hopeless? I feel like I'm somehow back to where I started?

[Essexboy]

There is a solution, replace all windows files which will include the infected dnsapi
 
First thing to do if we go this route is to ensure that you have the licences for any programmes that you have purchased
 

If you're having problems with Windows 10 on your PC, you can try to refresh, reset, or restore it. Refreshing your PC fixes software problems by reinstalling the OS while preserving the user data, user accounts, and important settings. All other preinstalled customizations are restored to their factory state. In Windows 10, this feature no longer preserves user-acquired Windows apps.

A refresh will only affect the partition that Windows 10 is installed on.

Have a read over option 2 on this page and let me know how you feel about it http://www.tenforums...ndows-10-a.html

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.