Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN After being Infected by Malwares


  • This topic is locked This topic is locked
10 replies to this topic

#1 BadStrophes

BadStrophes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 November 2015 - 12:56 PM

Hi,
 
I downloaded a freeware yesterday, "Super", which is a Audio File Converter, and it ended up with some bad malwares (such as MySites123).
To get rid of it I :
- Ran AdwCleaner,
- Ran Malwarebytes Anti Malware,
- Deleted programs that wanted to be deleted with 'Add/Remove Programs' (I had like 8 or so unwanted programs, deleted 6, and 2 were rebellious) so I
- Opened Windows 10 Troobleshot and Start with Safe mode
- Deleted rebellious files from there with the Control Panel
- Run HitmanPro
 
And it seemed to be good. My computer was starting as fast as before.
But, I still have a problem. On Chrome et IE (Not on Edge) I can't open any websites, make any searches, having this : DNS_PROBE_FINISHED_NXDOMAIN on Chrome.
 
I searched on the Internet and then I :
- Reran Adw, Malwarebytes and Hitman
- Changed Prefered DNS to 8.8.8.8
- Tried some commands on the Command Prompt such as (flushdns, netsh reset catalog etc.. things people said on forums)
- Scan with DNSRepair
- Noticed that Hitman said there was a problem with my dnsapi.dll files so I reset them

- Reset, fully Uninstall/Install Chrome​
 
And nothing worked. I think I tried everything I saw on the Internet, and I'm running out of solutions.
 
Can you guys help me ?
 
Thanks A LOT in advance !
Good week-end :)
 
PS :
I also have an other problem, maybe it is linked and it could help you find the solution :
When I play a youtube video on Edge, I have an error message : An error as occurred, please try lately. And if I refresh 5 or 6 times, it works.

I can't play any games such as HearthStone, I have an 0xc0000022 error message.

Attached Files


Edited by BadStrophes, 28 November 2015 - 09:59 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 28 November 2015 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew

HKU\S-1-5-21-1667028345-1748531060-1496641558-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\S-1-5-21-1667028345-1748531060-1496641558-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Ysameo; "C:\Users\Kilian\AppData\Roaming\OlhvyHyec\Renwemm.exe" -cms [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {964D0A4D-BEBF-4B17-AB13-4AAEAC53EC59} - System32\Tasks\GLLEUDYUAA1 => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
Task: {BE6D0516-0D5A-47F7-8F70-00D11E087BC4} - System32\Tasks\Uaxenji => C:\PROGRA~1\SHOPPE~1\Nuqrijs.bat
Task: C:\WINDOWS\Tasks\GLLEUDYUAA1.job => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Kilian\Local Settings:wkLDFXm3vxnmb5D1mFl22fBs
AlternateDataStreams: C:\Users\Kilian\AppData\Local:wkLDFXm3vxnmb5D1mFl22fBs
AlternateDataStreams: C:\Users\Kilian\AppData\Local\Application Data:wkLDFXm3vxnmb5D1mFl22fBs
AlternateDataStreams: C:\Users\Kilian\AppData\Local\n77eGhxTuXnv:CMcluZJRjZOIS77G93EcbPf
AlternateDataStreams: C:\Users\Kilian\AppData\Local\Temporary Internet Files:KUSa9AEWWd5rWhPtISj
C:\ProgramData\KeyStream
C:\PROGRA~1\SHOPPE~1

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

#3 BadStrophes

BadStrophes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 November 2015 - 11:20 AM

Hi nasdaq, and thank you for your help !

 

I've completed what you said until the part where I got to run FRST.

I have an error when i do : Insufficient system resources exist to complete the requested service

And Avira says the file "D:/Downloads/FRST64.exe carrying the virus or undesirable 'HEURE/APC (Cloud)' was blocked."

 

I disabled the Firewall and it doesn't change it. Same thing if I run it as administrator.


Edited by BadStrophes, 28 November 2015 - 11:42 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 28 November 2015 - 02:54 PM

Disable Avira for a short time and run the fix.

Do not forget to enable Avira.

#5 BadStrophes

BadStrophes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 November 2015 - 03:59 PM

Sorry for my lack of knowledge.

 

I still have those same issues : can't access any sites on chrome, can't launch any game, have that error on youtube videos.

 

Here's the Fixlog.txt

 

Thanks again sir.

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 29 November 2015 - 08:22 AM

Try the Method one and two suggested on this page.

http://www.fixerrs.com/2015/01/Dns-Probe-Finished-NxDomain.html

As indicated if that fails then Remove and reinstall Chrome.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

p.s.
This page may help you better.
http://www.techanges.com/fix-error-code-dns_probe_finished_nxdomain/

Keep me posted.

#7 BadStrophes

BadStrophes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 29 November 2015 - 11:41 AM

Sorry, but as I said on the first post, I already did all of this.

 

And there's not only Chrome that does not work, it is the same thing for IE (error : This page can't be displayed), and I just tried Mozilla, I can't even launch it (Firefox encountered a problem and crashed). Only Edge is working.

 

When I said I fully uninstalled Chrome, it included deleting files and install a brand new one, import bookmarks etc.

 

And I already did what is adviced in the last link :/



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 30 November 2015 - 09:01 AM

Your dnsapi.dll may have been compromised or the wrong version is possibly causing this issue with the other browsers.

Please run the Farbar Recovery Scan Tool. Enter dnsapi.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#9 BadStrophes

BadStrophes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 30 November 2015 - 02:47 PM

Here it is !

 

If you want me to install english version of FRST let me know.

 

Thank you for your time and your patience.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 01 December 2015 - 09:05 AM

The files are all signed and correctly located.

Your issued is not caused by Malware.

I sugges you start a new topic in the Networking forum.
http://www.bleepingcomputer.com/forums/f/21/networking/

Before you do please run this tool.

===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

Post the log in a new topic on the Networking forum.

An expert may be able to help your with your problem.

I will keep this topic open for 6 days. If you need to return please do.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 07 December 2015 - 09:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users