My Anti Spyware

amit · Joined: 27 Oct 2008 Posts: 5 Location: India

Hi,

On checking the log it stated that the system is infected with DNSChanger Trojan.

Resulting in the system with DNS Servers as 85.255.112.118 & 85.255.112.218

I have attached the report which was generated after executing the SDfix file.

Anyhelp would be good.

Amit

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

Hello amit, welcome to the Myantispyware forum!

Download FixWareout and save it to your desktop.
Run Fixwareout.
Click Next, then Install, then make sure “Run fixit” is checked and click Finish.
The fix will begin, follow the prompts.
You will be asked to reboot your computer, please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
When the Desktop loads, a text opens (report.txt).

If you are having problems with your Internet connection after running of fixwareout, then:
* Go to Start -> Control Panel ->Network Connections.
* Right click your default connection, usually Local Area Connection or Dial-up Connection, if you are using Dial-up, and left click on Properties.
* Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.
* Go to Start -> Run, enter CMD and click OK.
* At the Dos Prompt Screen, type in cd\ and then press ENTER.
* Now type in ipconfig /flushdns and then press ENTER. (notice the space after ipconfig)
* Close the command prompt window.

Download HijackThis (HijackThis Installer - HJTinstall.exe) save it to your Desktop.
Doubleclick on the HJTinstall.exe icon on your desktop for install. Click on Install, It will create a HijackThis icon on the desktop.

Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad.

Post back with following:
- Fixwareout log.
- HijackThis log.

amit · Joined: 27 Oct 2008 Posts: 5 Location: India

Deleted the registery entries which were stating the IP's.

The IPconfig/all output didnt show the 85*. IPs

I'll reboot and check. How do i confirm that Torgan is no more present in the system.

Thanks for all the help.

Regards,
-Amit

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

Run HijackThis and scan, put a checkmark next to the following items (if exists):

amit · Joined: 27 Oct 2008 Posts: 5 Location: India

I deleted the entries prior to that some more.
I can not join my laptop to the domain with the current local id and the GAL is no more availbe on my MS Outlook.

Thanks,
Amit

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

HijackThis log looks ok.

amit · Joined: 27 Oct 2008 Posts: 5 Location: India

I can access internet from my machine. Internet access is not a problem.

GAL - Global Access List from Exchange on Ms Outlook.

The machine was not in the domain and when I try adding the machine to the domain it did not join the domain. I made a new user on my laptop and then tried joining the machine in the domain it did.

Just thinking what could be the problem.

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

One tcpip parameter has been removed from registry.

amit · Joined: 27 Oct 2008 Posts: 5 Location: India

Yes that be the domain. I have restored the entry now and will update after restarting the sytem.