Jump to content

Recommended Posts

Hello, Please can someone help me. I ran Roguekiller on my laptop and it has found  a PUM.Dns. After searching the Internet I am concerned by the comments I read whether its a virus or dangerous. Please could someone advice me whether its safe or the removal process. Also if it is safe to use my pc. Thank you for and help or advice in advance. 

Link to post
Share on other sites

Hello DWSmith and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:

  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options: > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans" is checkmarked under "Optional scans"

    frst%20a.jpg

  • Press Scan button to run the tool....

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The tool will also make a log named (Addition.txt)  Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....

Link to post
Share on other sites

Hello Kevin.

Thank you for your speedy response.

I already performed all the following on my PC prior to your response,

I have also listed some issues I have encountered the past few days.

I checked the IP address of PUM.Dns ... A pharmacutical company in North Dakato USA......Details attached

Windows Defender notifications : Controlled folder keeps blocking changes to files.

Windows Security Update froze for 2 hours last update. 12/07/18 

System Restore Attempted several times....
Did not complete successfully. Failed scanning drive C:\
Files and Settings not changed. 
Error(0x81000204)
Ran chkdsk/R  ... Flickered  on for split second.

Ran JRT Tool..No issues
Ran Adware...No Issues
Ran Scan....No Issues
Ran Malaware...No Issues
Ran CCleaner several times...On StartUp Menu some of the Files are contained inside "quotes" 
is this correct ? .... Attached

 

Ran Rougekill... Several PUM.. deleted.. Txt file attached
Re ran... PUM.Dns still there...Txt files attached

CCleaner Quote Files.txt

CCleaner startupschedule.txt

CCleaner Windows startup.txt

CCleaner.txt

Malwarebytes Threat Scan.txt

Malwarebytes Topic Link.txt

PUM.Dns.txt

Rogue1.txt

Rouge2 .txt

Link to post
Share on other sites

I see no presence of Malware or Infection in the FRST logs. The dns server address you mention "40.33.1.66" is not malicious, there is no evidence of spamming or any untoward actions whatsoever. It is still on your system because you chose not to remove it with RogueKiller

Quote

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21dacc90-e093-427f-8cbc-5447c581b6cf} | DhcpNameServer : 40.33.1.66 ([United States])  -> Not selected

I have no idea why that address is on your system, my own action would be to remove it if I was not aware of any reasons for its presence.....

Regarding Windows Defender Controller Folder Actions,

Quote

Windows Defender notifications : Controlled folder keeps blocking changes to files. 

That is as per design... https://support.microsoft.com/en-us/help/4046851/windows-10-controlled-folder-access-windows-defender-security-center

If you are having trouble with System Restore (Normally turned off windows 10) or any other system actions then consider system refresh...

https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

Run the following check and post the results for me to review;

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..?

Thanks,

Kevin

 

Edited by kevinf80
Link to post
Share on other sites

Hi Kevin.  The PUM was on my PC as it didnt remove first time, however successfully removed now. 

Command prompt ran no corruption detected,  Thank you so much for your time and help. Much appreciated .

Link to post
Share on other sites
You`re very welcome Diane, and thank you for the kind donation. Continue...
 
Right click on FRST here: C:\Users\diane\FARBAR\FRST64.exe and rename to uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.