Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan


  • Please log in to reply
1 reply to this topic

#1 cg5

cg5

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 22 April 2009 - 05:03 PM

I was infected with a trojan dns changer,it blocks internet explorer(but not mozzillafox)and changes my url adress somtimes and brings me to a bogus antivirus sites,i cant check my e mails and cant use anti spy wares and antiviruus tools.now i was able to use malewarebytes by changing its name.Scanned several times and foud at least 12 trojan dns changer,but everytime i scan there is always an other one.im am so sick of this sh**,please help


thankyou crazy.gif


window xp proffesional



here are some scan logs:

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2021
Windows 5.1.2600 Service Pack 2

2009-04-21 18:16:20
mbam-log-2009-04-21 (18-15-53).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 127830
Temps écoulé: 1 hour(s), 33 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> No action taken.







Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600 Service Pack 2

2009-04-21 15:52:42
mbam-log-2009-04-21 (15-52-42).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 125587
Temps écoulé: 22 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.62,85.255.112.231 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{62043d65-cfa6-4271-9f16-97fe486c7dc5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.62,85.255.112.231 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.62,85.255.112.231 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{62043d65-cfa6-4271-9f16-97fe486c7dc5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.62,85.255.112.231 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.216,85.255.112.135 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{62043d65-cfa6-4271-9f16-97fe486c7dc5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.216,85.255.112.135 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
D:\RECYCLER\S-6-7-71-100025562-100019707-100027157-8765.com (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-328375.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-751937.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-830437.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.




and the next one was taken with web doctor:



autorun.inf;c:;Probablement Win32.HLLW.Autoruner.corrupted;Quarantaine.;
gxvxcqgutpqlruxdlmpyvogogjikfloympslk.sys;d:\windows\system32\drivers;BackDoor.Tdss.115;Irréparable.Quarantaine.;
John Lee Hooker - I love to Boogie.mp3;D:\Documents and Settings\carl\Bureau\Ma musique\attente pour etre classé;Trojan.WMALoader;Désinfecté.;
T-3410514-croum it clover - greatest hits.mp3;D:\Documents and Settings\carl\Bureau\Ma musique\Incomplete;Trojan.WMALoader;Désinfecté.;
A0001732.reg;D:\System Volume Information\_restore{4C8CDB12-A273-4C43-A0B2-447C33202FFA}\RP38;Trojan.StartPage.1505;Supprimé.;
gxvxcsxourkrarxrtkbjddjboevdlvcjafmpj.dll;D:\WINDOWS\system32;Trojan.Click.25750;Supprimé.;
gxvxcfjonpxuoibavnpqfqsiwqixcorfpyycw.sys;D:\WINDOWS\system32\drivers;BackDoor.Tdss.115;Irréparable.Quarantaine.;
gxvxcmpfvkboeuwsfvpabqxuxnsdpcetlemov.sys;D:\WINDOWS\system32\drivers;BackDoor.Tdss.115;Irréparable.Quarantaine.;
gxvxcovmkhortjkndjnoewswuxduybfwxtgir.sys;D:\WINDOWS\system32\drivers;BackDoor.Tdss.115;Irréparable.Quarantaine.;
326875.tmp;D:\WINDOWS\Temp;Trojan.Packed.365;Supprimé.;
750406.tmp;D:\WINDOWS\Temp;Trojan.Packed.365;Supprimé.;
828796.tmp;D:\WINDOWS\Temp;Trojan.Packed.365;Supprimé.;

these help at making my computer better but im sure it is stll infected because everytime i scan it finds always a virus...am i screwed...please help

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 22 April 2009 - 05:31 PM

I hate to be the bearer of bad news, but please read the post by DaChew here.

Due to the nature of the infection, your best course of action will be to prepare to post in the Hijackthis section of the forums located here. Before posting, please read this topic http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Edited by xblindx, 22 April 2009 - 05:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users