evasion

You don't need to uninstall the program, just shut it down. At the right end of the taskbar near the clock find malwarebytes icon, usually you have to left click the up arrow. Right click on the icon and select Quit Malwarebytes (or something similar, I have already shut it down). This will not uninstall the program, so after the next restart repeat the steps unless the problem is solved.

rdsrv.com page from yesterday was one-time glitch. I opened the router's web interface and browsed through pages. DNS field was set to 5.104.175.151. That was problematic I guess. After reset to Factory Default Settings the same field is now 19x.xxx. ... don't remember exactly. ismydnshijacked.com detects 74.125.xxx.xxx at Google which is reasonable since I ran DNS jumper as you advised me to do. Thank you very much, Duan

Yes I ran Delfix. Everything was fine yesterday. I have a script to open Firefox with a trusted site (start firefox.exe http://www.investing.com/economic-calendar/) I started the script, it opened the page, and then second tab appeared with http://www.rdsrv.com/...address. https://www.ismydnshijacked.com/ reports again IPs that are marked red. They are 5.104.175.151 as before. Then I wrote a previous post, but there were no more redirections. After a reboot, https://www.ismydnshijacked.com/reports that all five IP addresses are from Google. However the tile reads Everything appears to be fine, but the check was incompleteThere were no redirections after the reboot. Maybe I should restart the router with Factory Default Settings instead Current Settings as I did before.

The problems are back today.

I don't see any problems or suspicious behaviour. Thank you very much.

I ran all these tools. With Junkware Removal Tool I was not meticulous. JRT0.txt is log after the first run without Run as administrator option and Firefox running in the background. JRT.txt is log after the subsequent run with all procedures properly executed. At this point everything is working without signs of infection. Best wishes, Dusan Malwarebytes20150505.txt AdwCleanerS0.txt JRT.txt JRT0.txt mrt.log

Huh, I got router from my internet provider. There was no need to mess with parameters, true plug'n'play. They have two addresses for their DNS servers listed in the support page but I didn't need to use them. It is better now. Strange pages do not appear anymore. The problem with the dictionary that I mentioned in the first post still persist. Maybe it is not anything severe. I ran FRST and the logs are attached. Thanks, Dusan Addition.txt FRST.txt

In the router web interface there is section "DNS" with the following options: DNS Relay: Use Auto Discovered DNS Server Only Use User Discovered DNS Server Only Auto discovered DNS is active now. Also there are fields for primary and secondary DNS server. Is it necessary to change this option to User Discovered DNS?

I have changed the router password. Under Maintenance -> SysRestart there are options System Restart with: - Current Settings - Factory Default Settings I have done restart with Current Settings. ------------- Result form virustotal: SHA256: af27ed34d150aa4fc94b6edce0dd3cafdbac61b15b0b8d9ce25ccc20ee9441a3 File name: adiusbawx64.sys Detection ratio: 0 / 56 Analysis date: 2015-05-04 17:20:19 UTC ( 0 minutes ago ) Probably harmless! There are strong indicators suggesting that this file is safe to use. ------------- I have somewhat better result from DNSCHECK (dnsresult2.txt file) but still two out of five IPs are rogue. ------------- It is a scant help for my router. Should I perform restart to factory default settings instead of current settings? All the symptoms of infection are still present. Dusan dnsresult2.txt

I have run FRST -> Fix, Fixlog.txt is attached. --------- DNSCHECK result is in the file "dnsresult.txt". Recently I couldn't connect to the internet and received some error about DNS. I have contacted my Internet Provider. They instructed me to enter 192.168.1.1 into the browser to get access to ZyXEL ADSL modem. I was told to go to Interface Setup/Internet page and change username and password. The problem was resolved. Now I guess this was a related issue. I use Virtual machine with Microsoft Hyper-V manager. Ubuntu Linux is installed. Virtual switch is set to External network with "Allow management operating system to share this network adapter" option checked. Is guest OS in geopardy as well? ---------- Log from RogueKiller is in the file RKreport_SCN_05042015_154944.log. Thanks a lot Fixlog.txt dnsresult.txt RKreport_SCN_05042015_154944.log

Hello, About ten days ago Firefox started to open unwanted pages. Looking in the browsing history it all started, say, on 22. april and those urls are for example http://www.reimageplus.com/lp/slm/index.php?tracking=tlvivots&banner=${TAG_ID}&adgroup=${PUB_ID}&ads_name=direct&keyword=direct&context=TR_02FBVMRzz29A6HA0 https://myflixhd.com/registration?&theme=tiger&chan=&pubid=&sid=&a_bid=72491354&a_aid=51e41a1648fe5&data1=&prgid=&cpnid=&clickid=TR_02C2M0Uzz2AOUH45&subid=&page=flowplayerregister&g=b41a6a301305c122f51ed4fdc406c976&&ref=1430408865 and others. Also for couple days error 403 had appearing in web pages where ads should be. This symptom is gone now. At the same time an online dictionary that I use often changed behavior. Box with output text shows result of the translation and then instantly disappears. Malwarebytes doesn't find any infection. I have attached logs from FRST. Is there a solution to this problem, and how dangerous is it? Many thanks! Addition.txt FRST.txt