3.1415
2009-01-14, 03:37
I keep deleting this with either spybot or malwarebytes antimalware but it keeps coming back.
It is causing me to not be able to use windows update, have viamax ad's everywhere, and have random pop-ups on normal websites.
here is my MBAM log after deleting:
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 6.0.6000
1/13/2009 5:36:28 PM
mbam-log-2009-01-13 (17-36-28).txt
Scan type: Quick Scan
Objects scanned: 45911
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
It is causing me to not be able to use windows update, have viamax ad's everywhere, and have random pop-ups on normal websites.
here is my MBAM log after deleting:
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 6.0.6000
1/13/2009 5:36:28 PM
mbam-log-2009-01-13 (17-36-28).txt
Scan type: Quick Scan
Objects scanned: 45911
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{796c0045-daee-4dee-a0ec-d21f2ca368b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.144 85.255.112.122 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)