Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Trojan dnsapi.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 mariowh

mariowh

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 PM

Posted 26 December 2015 - 11:06 AM

Hello, I got a virus trojan backdoor issue!

The infected computer is an Asus Desktop running windows 8.1 64 bit

I got the issues and bonus malware while installing a freeware vst (for music)

I knew I should have ended the process and reinstalled it properly but yep I accepted a bad install.

 

My computer acted up after 15 minutes and disabled UAC and windows defender and lots of stuff popped up.

 

Anyways I think I removed most of the bonus malware, but the root problem is still there.

Malware included Daily Wiki, changes to browser, adware for chrome and firefox and ie browser, installed adware toolbar as well on chrome. Adware on desktop.

 

additionally it added a few files in the system32 and sysWOW64 which got flagged when I zipped them to virus total

 
Antivirus Result Update
AVware Backdoor.Win32.Bifrose.fsi (v) 20151226
Avira TR/Trash.Gen 20151226
GData Win32.Application.Packed.J@dam 20151226
Kaspersky Packed.Win32.Krap.hc 20151226
VIPRE Backdoor.Win32.Bifrose.fsi (v)
 

After running an malwarebytes scan and removal and then a restart, I lost internet connection and I could not update windows defender. On top of that, whenever I run something, there is now a bad image error asking me to reinstall programs because it was corrupted.

 

I panicked and ran windows defender offline which was updated as of december 26 2015. (It is a usb image) It found a (which was also detect using the "online" version, which still was unable to remove it giving an error.

 

Trojan:Win64/Patched.AZ.gen!dll

Trojan:Win32/Patched.AP

 

I know the main detected part is dnsapi.dll, but I can't do anything so that's all I know. dw I'm not doing any extra installs or runs of programs on my own anymore.

 

-edit I also had a group policy error for the windows defender, I have changed UAC back to max and also enabled windows defender very early on, I also got an error with an MMC snap-in as it was missing while I was going to look at the firewall inbound/outbound rules.


Edited by mariowh, 26 December 2015 - 11:11 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:41 PM

Posted 26 December 2015 - 11:07 AM

Hi there,

You have a serious infection and will need elevated help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#3 Platypus

Platypus

  • Moderator
  • 14,460 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:41 AM

Posted 27 December 2015 - 02:55 AM

Continued here:

http://www.bleepingcomputer.com/forums/t/600501/infected-dnsapidll/

Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users