Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSchanger


  • This topic is locked This topic is locked
7 replies to this topic

#1 mclaude90

mclaude90

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 19 December 2009 - 10:51 PM

I have run the Combofix application and I just don't know what to do from here. I have run Malwarebytes quite a few time but this virus keeps popping up. PLEASE HELP !

Attached Files

  • Attached File  log.txt   18.49KB   6 downloads

Edited by mclaude90, 19 December 2009 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:16 AM

Posted 20 December 2009 - 12:35 PM

Hi mclaude90,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  • Please go to start => Run => Copy and paste the bold line in the run-box and click OK:

    "C:\Qoobox\Add-Remove Programs.txt"

    A text file opens up, copy and paste the content to your reply.

  • Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Sections
      • IAT/EAT
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by farbar, 20 December 2009 - 02:04 PM.
The link is corrected


#3 mclaude90

mclaude90
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 20 December 2009 - 01:49 PM

Ok I have a question.. when you say www.gmer.net what do u mean by the URL here thing.. Can i just go to www.gmer.net and download the program there

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:16 AM

Posted 20 December 2009 - 02:05 PM

I'm sorry, I edited the link.

#5 mclaude90

mclaude90
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 20 December 2009 - 02:49 PM

32 Bit HP BiDi Channel Components Installer
Access Help
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Common File Installer
Adobe Contribute CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Setup
Adobe Update Manager CS3
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avid Free DV
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Integrated Camera
Intel PROSet Wireless
Intel® PRO Network Connections 12.0.41.0
Intel® PROSet/Wireless WiFi Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 17
LANDesk Advance Agent
LANDesk® Common Base Agent 8
LinQ Software
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0)
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NVIDIA Drivers
OGA Notifier 2.0.0048.0
On Screen Display
Pharos
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
RealPlayer
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic Express Labeler
Sonic Icons for Lenovo
SoundMAX
Spybot - Search & Destroy
Symantec Endpoint Protection
System Migration Assistant
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
Wallpapers
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinSCP 4.1.3 beta
XP Themes
Xvid 1.1.3 final uninstall

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:16 AM

Posted 21 December 2009 - 01:33 AM

I'll wait for the other logs.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:16 AM

Posted 23 December 2009 - 04:40 PM

I'll wait one more day before closing the topic.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:16 AM

Posted 24 December 2009 - 11:37 AM

This thread will now be closed due to lack of activity.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users