Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijack/redirects/no update allowed on antivirus


  • Please log in to reply
3 replies to this topic

#1 rbm121273

rbm121273

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 08 February 2009 - 07:20 PM

I had the same problem it seems as lot of people here recently with the dns/hijack browser redirect, and not allowing any of my anti virus software to update, after looking at a nother post that was similar to my problem, i was succsessful (so far it seems) after i manually updated malwarebytes software manually, and so far it seems ok this is the log that it found after the manual update, after which i was able to update my anti-v software tyvm moderators!

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/8/2009 6:03:39 PM
mbam-log-2009-02-08 (18-03-39).txt

Scan type: Quick Scan
Objects scanned: 59006
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-6-3-70-100007512-100012540-100031424-2598.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxrxrgoxji.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxfqxoduxb.sys (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:24 PM

Posted 08 February 2009 - 08:14 PM

You have a nasty infection.

1) Please update and rerun Malwarebytes - no log needed.

2)Please download SmitfraudFix

Disconnect your computer from the internet by unplugging your network cable from your router.
Double-click SmitfraudFix.exe
Select #5 Search and clean DNS Hijack
Please reboot your computer, reconnect your router, and then post the report found at the root of the system drive, usually at C:\rapport.txt
==========================================
3) I recommend changing the password of your router. This type of infection is designed to take over - we are taking back.
==========================================
4) Let's manually reset your DNS.

Open Network Connections by clicking the Start button , clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.

Right-click the connection that you want to change, and then click Properties. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To obtain a DNS server address automatically, click Obtain DNS server address automatically, and then click OK.
==========================================
5) Click Start - Run. The Run dialog box will open.
Type cmd in the box and click Enter. A DOS window will open.
Type ipconfig /flushdns <=Note the spacing
Reboot your computer!
==========================================
6) Please rerun Malwarebytes in full mode and post a new log.

Thanks!

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 rbm121273

rbm121273
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 February 2009 - 04:44 AM

i followed instructions for Smitfraud fix here the rapport log
SmitFraudFix v2.393

Scan done at 3:29:01.67, Mon 02/09/2009
Run from C:\Documents and Settings\Owner.YOUR-542A7E8CF0\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

DNS Before Fix

HKLM\SYSTEM\CS3\Services\Tcpip\..\{23FB4270-ABDC-4128-9B24-6B3C9D19D960}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100

DNS After Fix

HKLM\SYSTEM\CS3\Services\Tcpip\..\{23FB4270-ABDC-4128-9B24-6B3C9D19D960}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100

as for manually flushing the dns, once i get to the networkwork and connections part i dont seem to have a a network and sharing center prompt in the list of commands my puter offers lol but when malware found the problemn originally it seems to have fixed the problemns beofre the smitfraudfix was run byut i ran it anyways just to be sure thanks for your guys help very much

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:24 PM

Posted 09 February 2009 - 07:42 AM

I would still run Malwarebytes to make sure everything is gone.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users