Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error messages related to DNS


  • Please log in to reply
2 replies to this topic

#1 capricorntony13

capricorntony13

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 26 June 2014 - 06:40 PM

Hello, 

 

I have worked with two BC employees, Broni and Nasdaq, on trying to fix my issue. Below is a link on our past communications:

 

http://www.bleepingcomputer.com/forums/t/535005/bootup-error-error-accessing-the-system-registry-due-to-virus/?view=getnewpost

 

http://www.bleepingcomputer.com/forums/t/537298/error-accessing-the-system-registry-during-os-startup-due-to-virus/?view=getnewpost

 

On bootup of my OS, I get two error messages: One has a yellow exclamation point that says: 'Error accessing the registry', followed by an error message with a red X that says: 'unexpected error; quitting'.

 

After using several anti-everything programs ( av, anti-malware, anti-rootkit, etc ), and in several different modes ( normal, Safe Mode, Safe Mode with Networking ), I came up clean except for two conditions. In RougueKiller x64, the scan results consistently come up with these registry entries:

 

¤¤¤ Registry Entries : 6 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
 
 
Condition number two,  in RogueKiller x64, when it is scanning in SafeMode with Networking, it finds these EAT's:
 
¤¤¤ Antirootkit : 4 ¤¤¤
[EAT:Addr] (explorer.exe) napinsp.dll - DllCanUnloadNow : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4493d60
[EAT:Addr] (explorer.exe) napinsp.dll - DllGetClassObject : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4491a74
[EAT:Addr] (explorer.exe) napinsp.dll - DllRegisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496070
[EAT:Addr] (explorer.exe) napinsp.dll - DllUnregisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496278
 
 
Since then, I have turned off the use of Internet Explorer. Now, the Antirootkit comes up clean, and the registry errors still come up, and my original problem still persists. I have reset my router, and made sure that the IP address that renews to the computer was changed to a different address. 

 

 

Nasdaq believes that it is not a malware issue. I would be happy to get the issue corrected. I think that just before the issue arose, IE 11 seemed 'funny'. This issue has affected two of my three computers. I am trying to clean the desktop before I can apply the same cure to one of the laptops.

 

Please let me know what you think. 

 

Thank you. 



BC AdBot (Login to Remove)

 


#2 cj27282

cj27282

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 26 June 2014 - 07:00 PM

Did you try ComboFix?



#3 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 01 July 2014 - 06:30 AM

I am sorry for the delay. I have a desktop and a laptop with the exact same issue. I have been trying to cure the desktop so that I know what to do with the laptop. This is what I did since we last spoke. I went onto the laptop, updated all the a/v programs that I could. I went into safe mode, and hit the laptop with rougurkiller first, then adwkiller, hijack this, malware bytes a/v, malware bytes antirootkit, superantispyware, tdss killer, and a few others that could be done without internet access. I then went into safe mode with networking and ran combofix. It worked aft one reboot, but reverted back to the original problems after that reboot. I may try this again, run combofix, and then run eset online scanner and bit defender. I am assuming that the virus reinstalled itself. I am hoping that we can cure this issue, because I can only think of one other solution, that is to pull the drives out and scan them as slave drives on a separate computer ( or, wipe them clean and reinstall the OS ).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users