Jump to content

Trojan.DNSChanger


Rokowski

Recommended Posts

Hello!
So today i ran malwarebytes for a full system scan and after half an hour when it finished it told me that it found 2 malicous registry keys; one of them was 
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer
and
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3E81DDBA-D96E-4341-8C52-4B0DB92007D4}|DhcpNameServer

 

so when it finished i removed both and mbam asked me to restart pc, and so I did. After it booted up i opened chrome and some websites, and i noticed that it won't load, ran ipconfig /flushdns , ipconfig /renew and got my network connection back.

Ran malwarebytes full system scan again and after a whole scan i got report that it found same addreses..

 

 

I hope that someone can help me how to solve this problem.

Thank you in advance, Rok!

Link to post
Share on other sites

Can you please provide the logs from the detection?

 

Also what ip did it detect?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10.6.2015
Scan Time: 19:39:51
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.10.04
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x86
File System: NTFS
User: Rok
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376061
Time Elapsed: 31 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, 84.255.209.79 84.255.210.79, Good: (), Bad: (84.255.209.79),,[b9534f6aa8e213237d1d4ff08c7a07f9]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3E81DDBA-D96E-4341-8C52-4B0DB92007D4}|DhcpNameServer, 84.255.209.79 84.255.210.79, Good: (), Bad: (84.255.209.79),,[b25af0c918723ef83d5de85747bf1be5]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.