bezadm Posted December 16, 2015 ID:1007316 Share Posted December 16, 2015 Hi, I realized a month ago that my MS Security Essential has issued an alarm that "dnsapi.dll" under [Windows]\system32 and [Windows]\sysWOW64 is patched by a trojan. Removing it resulted in loss of internet connection in web browsers and Skype. So each time I had to recover the infected dll. It seems the trojan has removed the original Windows file for good. I have not tried to see how Malawarebytes deals with the infected file after it prompts me about the scan results. I have noticed many users have trouble restoring the original file. I have no restore points from before the infection took place. addition.txt, and frst.txt attached. utorrent not running as advised (it is a portable version only, I deleted the folder and I do not keep it resident). Please advise the best method to restore the original file. Thanks.BehzadAddition.txtFRST.txt Link to post Share on other sites More sharing options...
Firefox Posted December 16, 2015 ID:1007332 Share Posted December 16, 2015 Hello and Welcome! Well we would really like to help you further if we could but since the logs show that this computer has entries designed to steal and/or pirate software (from Microsoft, ACDsee and Adobe) we will not be able to assist you without you removing and/or uninstalling the pirated software. This topic will be closed by one of the Admins or Mods due to evidence of cracked or pirated software on this system. Piracy Policy Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 16, 2015 Root Admin ID:1007376 Share Posted December 16, 2015 127.0.0.1 acdid.acdsystems.com127.0.0.1 clients.babylon.co.il127.0.0.1 acdid.acdsystems.com127.0.0.1 adobeereg.com127.0.0.1 www.adobeereg.com127.0.0.1 activate.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com<snip>Task: {C650956F-0941-4256-9D9C-285D55E4438D} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] () Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 16, 2015 Root Admin ID:1007377 Share Posted December 16, 2015 This topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Link to post Share on other sites More sharing options...
Recommended Posts