Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by trojan DNS-hijacker


  • This topic is locked This topic is locked
2 replies to this topic

#1 ATVAddict

ATVAddict

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 April 2011 - 09:34 AM

I'm being re-directed on google/yahoo searches to infomash.com and other sites.

Started going through the steps in topic 375151:

DeFogger - all steps were just as listed in the post - until the reboot message. I never received th message, but rebooted anyway. Wallpaper on desktop was black upon reboot.

TDSS Rootkit Removing Tool - no malicious objects found.

Eset Online Antivirus Scanner - tried with both FF & IE, runing both as administrator, but couldn't get the page to load.

Started a new topic (393404) to get some help. Have been following those instructions:

FixIt - ran this. Still couldn't get to Eset Oneline Scanner. Other pages would load, but was still being re-directed.

TFC by OT - this ran just fine. Although I didn't catch all the numbers while it was running, I did notice over 429,000 of something (!) was cleaned up in c:\[user name]appldata folder.

Change DNS Servers - I ran ipconfig/flushdns. Was successful. I didn't start the next steps because I wasn't sure how to find out if my ISP requires specific DNS settings. When I posted the question in topic 393404, I was told that my "router is hijacked by DNS-hijacker". I was instructed to do the following:

discoonect from the internet; scan with MBAM; and then reset the router. Completed this and discovered I already had a custom user name and password on the modem. Asked Qwest if I could change to a different custom name/pw, but was told no. So used the old name/pw.

MBAM - ran full scan. No malicious objects found. Tried yahoo search (in IE) and am still being re-directed.

Was instructed (topic 393404) to post a DDS log in the malware forum. I am now following steps 6-9 in the Preparation Guide.

Thanks so much for your help!!

Attached Files



BC AdBot (Login to Remove)

 


#2 ATVAddict

ATVAddict
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 30 April 2011 - 11:32 AM

I apologize if this is not the correct method to notify you, but I am no longer in need of help. I've re-built the computer, installing Windwos 7. No problems so far!

Thank you so much for all the help - you're like a lifeline to all of us "out here". Thanks, again!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 30 April 2011 - 03:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users