PDA

View Full Version : Infected with Win32.DNSchanger



adnan
2009-07-30, 10:02
Hi Forum Members,
I am a new member of this forum.I need help with regards to a Trojan (Win32.DNSchanger) which has been identified by Spybot S&D but,is not able to fix the registry entry.
This trojan is changing my TCP/IP settings on a daily basis & creating trouble for me.Please help me to weed out the problem.

The log details are as follows:

Win32.DNSChanger: [SBI $6C3E539F] System Service (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Management Service

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CoolWWWSearch: Bookmark (Firefox: Administrator (default)) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Firefox: Administrator (default)) (Bookmark, fixed)


CoolWWWSearch: Bookmark (Firefox: Administrator (default)) (Bookmark, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-28 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-07-28 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-28 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-07-28 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-28 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-28 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-28 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-07-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Please do help me.:thanks:

tashi
2009-07-30, 17:09
Hello adnan,

Please see this forum's FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing the HJT log, and I will close this one as helpers look for threads without a response.

Regards. :)