Jump to content

Recommended Posts

I downloaded Malwarebyte to my PC tonight and did a scan on my networked laptop that had it's browser hijacked. The results of the scan was:

Registry Keys Infected: 8 - all Adware.MyWebSearch

Registry Values Infected: 2 - all Adware.MyWebSearch

Registry Data Items Infected: 4 - all Trojan.DNSChanger

The guide said to let Malwarebyte remove the Trojan.DNSChanger so I did. I then rebooted but now only get the blue screen of death. What would be the correct steps to take to regain control of my laptop.

Thank you for any assistance.

The log of the scan is as follows:

Malwarebytes' Anti-Malware 1.30

Database version: 1401

Windows 5.1.2600 Service Pack 2

11/15/2008 9:13:51 PM

mbam-log-2008-11-15 (21-13-51).txt

Scan type: Full Scan (Y:\|)

Objects scanned: 45037

Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 2

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f110bd4e-bee4-4d22-b917-0966f6bc9d50}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f110bd4e-bee4-4d22-b917-0966f6bc9d50}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello Dave2680 and welcome to Malwarebytes. The first thing to do would be to boot into safe mode if you can. Simply reboot your computer and wait until the bios screen comes up then tap the f8 key repeatedly. A black screen with some options should appear, just use your keyboard to select safe mode and see if it boots OK. If it does, then I would recommend following the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and then posting here http://www.malwarebytes.org/forums/index.php?showforum=7 One of the malware removal experts here will help you out to get your PC up and running and malware free again. If safe mode does not work, don't worry if you post at the second link I showed you and tell them what's going on they should still be able to help you get your PC operational again. Best of luck, and safe surfing. By the way, I personally recommend Avira over AVG, but it's a matter of opinion.

Link to post
Share on other sites

Please go here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and follow the instructions to the best of your abilities and start your own topic in that forum. Avira is a better choice for protection and removal over all. It is always ahead in updates over AVG and AVG has become a resource hog with other drawbacks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.