Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Roguekiller PUM.Dns


  • Please log in to reply
2 replies to this topic

#1 TheFallenCaptain

TheFallenCaptain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 23 December 2016 - 08:30 PM

Hello again,

 

I was doing my weekly malware scans and Roguekiller produced this log...

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Safe mode
User : TheFallenCaptain[Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/23/2016 18:45:08 (Duration : 00:08:07)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{048ba898-9e80-4b9c-b403-f4a8c86ae3c7} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: CT500BX100SSD1 +++++
--- User ---
[MBR] 09e8cfccc8ebdf02fefceab8996ba068
[BSP] 849dc04c90446b534a28a2cc53b23d18 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 476438 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-00WN4A0 +++++
--- User ---
[MBR] c6fffe5ce7268c0d32546732e2ae4dea
[BSP] 53df8d26bebab7d5228e5fd4d9c9e013 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

What's the deal here? Am I infected? Why is the antirootkit driver not being loaded? I am getting really close to just getting rid of this computer...
 


Edited by TheFallenCaptain, 23 December 2016 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 Aramus

Aramus

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 29 December 2016 - 07:03 AM

Hello,

         PUM stands for potentially unwanted modification, you could put it as between safe and dangerous. PUM:DNS means a potentially unwanted change to DNS settings or the server itself was made. You must change the DNS server though as you will be hacked according to user comments about these DNS servers talking about being hacked, locked out etc. 

 

User comments on DNS Serverhttp://whatismyipaddress.com/ip/209.18.47.61

 

Cheers, Aramus :thumbup2:


Edited by Aramus, 29 December 2016 - 07:03 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:00 PM

Posted 29 December 2016 - 07:10 PM

Hi, please repost your log here..

Virus, Trojan, Spyware, and Malware Removal Logs

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users