Jump to content

False Positive for DNS changer


martellcartel

Recommended Posts

hi. for a while i had problems with DNS changer but i finally formatted my HDD and restarted my router and changed it's password and i no longer have any connection problems nor do i get malicious advertisments in my browser pages.

 

however Malwarebytes still keep detecting my registery files as DNS changers so i wanted to make sure if it is a false positive or if something was left behind (as i said i don't see any real activity regarding an actual DNS Changer malware anymore)

 

here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/18/2015
Scan Time: 10:43 AM
Logfile: log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.18.02
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Amirhosein

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338301
Time Elapsed: 6 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{D269434C-AF54-401A-9480-F7665A1A51BB}|NameServer, 217.218.155.155 217.218.127.127, Good: (), Bad: (217.218.155.155),Replaced,[4812df525734ec4afc3f601311f48080]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{D269434C-AF54-401A-9480-F7665A1A51BB}|NameServer, 217.218.155.155 217.218.127.127, Good: (), Bad: (217.218.127.127),Replaced,[075331000b8046f02b0f7df6778eba46]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

Hi,

 

I suggest you change the DNS Settings set by your ISP to either OpenDNS or Google DNS

https://store.opendns.com/setup/#/familyshield<== opendns

https://developers.google.com/speed/public-dns/docs/using?hl=en <== Google dns

 

If that fixed it, I suggest to contact your ISP and make them aware of their DNS servers.

Link to post
Share on other sites

hi thanks i tried google DNS before but that didn't help however:

 

it seems my PC is clean now. i always clean my PC after i detect an infection (deleting cookies etc) and somehow this time it actually had an effect and worked since even Malwarebytes doesn't detect anything suspicious anymore.(scanned several times after resetting PC). maybe it has something to do with the fact that i changed my router's password and upgraded it's firmware so DNSChanger couldn't change the setting this time or something like that. i might be wrong though i am no expert. either way everything seems ok now but if it happened again i will change my DNS and will contact my ISP. thanks again miekiemoes.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.