Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Registry Entries


  • This topic is locked This topic is locked
2 replies to this topic

#1 maheshursekar

maheshursekar

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 28 April 2015 - 06:18 AM

Hi !

 

My computer was infected with the adultube.info virus. As suggested in the below link:

 

http://www.bleepingcomputer.com/forums/t/570064/could-someone-help-me-through-the-steps-to-remove-the-adulttubeinfo-virus/

 

I reset my router and rebooted my PC and the virus disappeared.

 

However, before doing any of this, my Malwarebytes anti-virus kept popping the below message:

Malicious website blocked

IP 46.161.41.146

Type Outbound

Process c:\windows\system 32\svchost.exe.

 

When I had searched my registry then, under the below keys, the DhcpNameServer parameter was set to: 46.161.41.146 8.8.8.8 192.168.0.1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}

 

One day after the virus was eliminated, I did a registry search again and found these new entries with the DhcpNameServer parameter set to 46.161.41.146 8.8.8.8 192.168.0.1 (the original ones were unchanged).

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}

 

Does that mean I am still infected with the virus?



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 28 April 2015 - 07:02 AM

Hello and Welcome,

 

Please do not use the exact commands listed in the post you have linked to, as all systems are just slightly "not the same".

 

Start your own new topic as the other person did - Please follow the instructions in the Malware Removal and Log Section Preparation Guide .

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running "FRST" which will create two logs.

When you have done that, Post your logs (as directed) in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs , then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them.

A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

Thank You -



#3 Platypus

Platypus

  • Global Moderator
  • 15,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:25 AM

Posted 06 May 2015 - 05:45 PM

Continued here:

 

http://www.bleepingcomputer.com/forums/t/574848/suspicious-registry-entries/


Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users