Jump to content

MalwareBytes a waste of money?

Recommended Posts


I am, or actually my computer is, infected by a trojan named Zlob.DNSChanger, and after googling around trying various more or less serious solutions, I ended up buying and installing the MalwareBytes since it was so wholeheartedly recommended on web pages and in newgroups.

After a qiuck scan MBAM found six instances of the afore mentioned digitital equestrian sports freak.

These where promte deleted, and teh computer rebooted.

To my big surprised blue eyes, the same six registry keys were back in a check up scan after reboot.

MBAM did NOT remove the threat.

What am I to do?



Link to post
Share on other sites

Oh.. I forgot:

The MBAM logfile:

Malwarebytes' Anti-Malware 1.30

Database versjon: 1395

Windows 6.0.6001 Service Pack 1

14.11.2008 03:34:27

mbam-log-2008-11-14 (03-34-27).txt

Skanntype: Rask Skann

Objekter skannet: 51982

Tid tilbakelagt: 4 minute(s), 54 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0


Link to post
Share on other sites


Your router has been compromised; this isn't the fault of MBAM. You need to reconfigure your router. Please see below:


In the future, please do not use default admin/passwords on your router, it only allows for exploitability. The "registry" keys come back because your router, not a piece of software on your PC, is setting them.

Link to post
Share on other sites

This is a extremely nasty infection and requires some diligence and dedication to clean it up. Please follow these instructions here and begin your own topic in that forum. Most importantly is to get the HJT log posted. MBAM has several definition updates to it also since you have last updated.

Link to post
Share on other sites

Yikes, I didn't even realize such infections existed. Makes sense though, considering that most routers use the same default password from the factory. I'm amazed this is the first I've heard of it if it's an attack vector that's been exploited before, and if it's new I'm amazed it took the hackers so long to think of it. Perhaps this will convince Linksys, D-link and all the others to start using randomized passwords by default that are maybe PRINTED on the router itself for the sake of tech support etc. instead of using the same one for each. Most people don't even realize they can change the passwords on routers.

Link to post
Share on other sites

Here is the HihjackThis report:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:27:36, on 16.11.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

Running processes:





C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE



D:\Program Files\FastStone Capture\FSCapture.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\FileZilla FTP Client\filezilla.exe


C:\Program Files\Trend Micro\HijackThis\Analyze.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: P

Link to post
Share on other sites

It was, I guess, but the symptoms seems disappeared, it was the Linksys wireless router, but I have an unique username and password tehre... hmm.

I just wint inn, and removed some DNS adresses matching the DNS adresses in the Malwarebyte AM log.

Am I smart or not?


Link to post
Share on other sites


I went into my Linksys wireless router and set the three static DNS server Adresses to null.

That's it.

Problems solved all over the LAN.

Look here:


Then I used Malvarebytes AM on all computers and it removed two threats on each.

I consider this case closed.

Thanks to you guys for pointing me in the right direction!

And to make up for my rather rude title on this thread, I have to say MBAM located and fixed stuff Lavasoft Ad-Aware AND Spybot Search & Destroy didn't even know was there.

I can whoeheartedly recommend Malwarebytes Anit Malware!!!

Link to post
Share on other sites

Please be sure you reset System Restore points too. If you use one that is infected ever your going to go through this all over again.

I almost hate System Restore!

In it's early days I lost data when rolling the system backwards.

I maintain my own restore system.

The only thing standing between me and a solution, is knowledge.

Now Iva got the knowledge, and the assuring feeling of being able to seek out, not only knowledge, but the correct knowledge, I'm not scared anymore....

As Chris de Burgh said back in the eighties:


And the dark clouds around me

That often surround me

Just fall away into the night,

Im not scared anymore....

Again thanks.... to you all!

Link to post
Share on other sites

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help

If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.