Jump to content

Recommended Posts

Malwarebytes, and more specifically Malwarebytes Anti-Rootkit finds these two on every scan after a reboot, even though I clean 'em up:

 

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMENTERS|DhcpNameServer (Trojan.DNSChanger)

 

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMENTERS\Interfaces\{75681A51-D6AB-4133-BB46-F8CCCE30CB93}|DhcpNameServer (Trojan.DNSChanger)

 

Apparently they are some sort of registry keys, but I have no idea what is causing them on every restart (especially if the computer is connected to the internet).

 

I've struggled with this for months now, and I thought I had it fixed by resetting the router but apparently didn't solve it. So, the question goes: What is this, how do I fix it and what causes it?

 

(I've tried running the following programs and the problem still remains:

Malwarebytes

Malwarebytes anti-rootkit

adwcleaner

combofix

defogger

HitmanPro

JRT

Minitoolbox

GMER

Norton stuff

rkill

TDSSKiller

and few more.)

 

Much appreciated!

 

Link to post
Share on other sites

Forgot to mention what it causes.

Every now and then, internet feels somewhat slow. Sometimes pages don't load, some sort of DNS_probe_error according to Google Chrome. Previously had some advertisements popping up on some computers connected to the local network.

 

Would've used edit, but didn't find the button.

Link to post
Share on other sites

Hello and :welcome:
 

I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A trained malware expert will assist you with looking into your issue.

 

>>Until then, I would suggest not performing any additional self-medication. Many of those malware removal tools you've tried are quite powerful and are designed for use only with expert guidance.  Using them without expert help can damage the system and complicate recovery.

Thanks,

Link to post
Share on other sites

Thank you for your quick reply.

 

It wasn't the mediahint. Anyhow, what are the odds the problem is within my modem+router system? I'm just thinking whether to go through the trouble of formatting my pc or could there be an easier solution?

 

Are DNSchangers or similar capable of "hijacking" a router/modem? Could perhaps, some sort of advertisement on some page cause this, without perhaps, even clicking the ad? 

Or is there a trojan of a sort somewhere in my computer? I like to think of myself as a more of a professional than an amateur when it comes to computers, so there is no way I had even semi-intentionally installed a virus myself.

 

Could this be a falsepositive? 

Link to post
Share on other sites

Hi: :)
 

Could this be a falsepositive?

 

Alas, we don't handle either False Positives or possible malware related work here in this particular section of the forum.

 

If you think this could be a False Positive detection by MBAM, I suggest the following:

Otherwise, I suggest that you may want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.