Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM>DNS attack and more


  • This topic is locked This topic is locked
3 replies to this topic

#1 domen8er

domen8er

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 26 May 2015 - 11:43 PM

Hello everyone. 
 
My name is Adam and I not an expert, but have been fighting malware for over 3 months that afflicts two windows 7 workstations and three laptop/tablets- but one is an old MAc Book Pro that I am not sure has been compromised. It all behaves like spy backdoor remote access to my computers with many different kinds of issues. I hope someone of the brilliant experts I have seen on this site can help me disinfect my machines once and for all. 
 
The symptoms are many, including web page redirects, logon dialogues on web sites that reload slightly different looking dialogues and require a second logon; folders of security applications and individual security shortcut icons disappearing from my desktop; sometimes very sluggish browser loading, at the worst times sluggish computer operations; and odd background operations that I cannot identify. I spend most of my time scanning and cleaning so the machines mostly keep operational. 
 
I realize I can only treat one machine at a time, so the first one I would like to submit for help is an HP Pavilion desktop/workstation , 5 years old, Windows 7 Professional SP1, 64bit, Intel Quad2 Core CPU, Q8400 with 8GB RAM.
 
I have used these security apps (and perhaps a few more), repeatedly:
 
Bitdefender Internet Security (paid) and resident
SpyBot S&D
Malware Bytes free
AVG free trial
ADWCleaner
Hitman Pro
RogueKiller
Rkill
Lavasoft Ad-aware
Microsoft emergency response tool
MS Windows Malicious Software removal tool
Junkware removal tool JRT
CCleaner
TDSSkiller
IO-bit Malware Fighter
SuperSpyware Free Edition
 
The full security programs like BitDefender almost never react to any malware. I have leaned on RogueKiller and CCleaner and they both always find registry problems including PUM.DNS changes that always return even if RK deletes them, and  the list grows over time without cleaning. There also are a long list of IRP_MJ root settings that RKiller does not seem to care about. They are shown in green.  Registry issues of file extension and installer folder issues usually showup in CCleaner.  Also, I am online through a Time-Warner cable modem that never changes its IP address. 
With my limited knowledge, there is so much that seems strange going on, I cannot detail all the symptoms. I apologize if the descriptions are vague. PLEASE help me figure this out.
 
Thank you, in advance, for your help.
Adam


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:57 PM

Posted 27 May 2015 - 11:04 AM

Suggest you uninstall these programs:

All IO-bit programs

Lavasoft Ad-aware and other Lavasoft programs

AVG Free

Spybot S&D

 

 

You can get an expert opinion and help for removing malware by following the directions below. Once you have posted the new topic

DO NOT bump it....wait for a response which could be several days.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 domen8er

domen8er
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 28 May 2015 - 09:12 PM

Thank you, buddy215!  I have posted to the REMOVAL forum.

 

http://www.bleepingcomputer.com/forums/t/577647/pumdns-and-spyware-infection/

 

Adam



#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:57 PM

Posted 28 May 2015 - 09:19 PM

Hello,

Now that you have posted a log at the above link: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users