7 replies to this topic

[prairie dog]

Hi all! First post here, so I hope I'm doing this correctly. I have not had any issues with this computer regarding any type of malware. I run SAS and MBAM scans daily, and they always come up clean (Also run AVG scans weekly). Right after the update to 1.37 my scan had two registry data entries flagged. My computer was not running funny at all. Im just curious what these were. Below is the log. Thanks in advance. MBAM is a great product!

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/28/2009 12:18:30 AM
mbam-log-2009-05-28 (00-18-30).txt

Scan type: Quick Scan
Objects scanned: 87373
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.224 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d66f40a9-2528-4445-9280-c23cf79b5bdb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.224 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Maniac]

Greetings.

To get you fixed up please follow the instructions here:
I'm infected - What do I do now?

And post your logs in a new topic here:
Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools exept those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing.

[prairie dog]

Thanks for the reply. All my scans now are clean, and my machine was never running funny. I have scanned with SAS, MABAM, AVG, HITMAN PRO 3.5, and Bitdefender. I am just curious as to what those are. I think they could have been false positives?

[tebore]

prairie dog, on Jun 1 2009, 02:33 PM, said:

Thanks for the reply. All my scans now are clean, and my machine was never running funny. I have scanned with SAS, MABAM, AVG, HITMAN PRO 3.5, and Bitdefender. I am just curious as to what those are. I think they could have been false positives?

Those aren't false positives. I've seen it before it causes the machine to redirect to "bad" DNS servers which will disrupt your surfing by redirecting you to "bad" sites.

[AdvancedSetup]

Yes the scans are clean now because MBAM has already removed the threat.

Quote

> Quarantined and deleted successfully.

[prairie dog]

Thanks guys. The funny thing is, I was never redirected to any sites, nothing strange was happening. I had none of the behavior associated with this type of malware. Any thoughts?

[AdvancedSetup]

Nope too many factors to even consider after the fact. I suppose be glad all is okay

Better than the alternative

[prairie dog]

Thanks for all the help!