Jump to content

Trojan.DNSChanger on over 1000 files


Recommended Posts

HI. I'm new to malwarebytes so I don't know if I did the right thing.

Malwarebytes found over a thousand "Trojan.DNSChanger" infections in one directory. I had all kinds of freeware videotools in it like virtualdub ect.

So I removed them all..

I downloaded malwarebytes because I had many "ctfmon's" running and spybot's tools suggested removing them but I thought malwarebytes would do it if anything found in scans..well of course it did not say anything about the ctfmon thing...

Anyways , hope I was not SO infected? :rolleyes:

Link to post
Share on other sites

  • Staff


Do you still have the latest scanlog? Please post it.

It's present here: C:\Documents and Settings\Your username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Please post the last 2 logs.

Also, let me know what folder that was? Because since you're talking about "videotools" and detection was Trojan.DNSChanger, it smells like it's one of these malicious pron video codecs you installed - which install malware. The multiple ctfmon references you are talking about make sense in that case, because some of these codecs do create these ctfmon files (not the real one).

Btw, I think the "over 1000 files" is a bit exagerated. :rolleyes:

Link to post
Share on other sites

  • Staff

That folder is also being used by fake videocodecs which then installs malware. Is this the standard name of the folder after installing whatever you have installed? Or did you create/rename that folder yourself in the program files?

Anyway, I will pass it on so detection will be removed. So this should be fixed in next update. :rolleyes:

Edited to add.. In case you suspect malware present as well (because you were having your doubts as I read your first post), Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.