Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Database 625

Started by MaB69, Apr 14 2008 11:54 AM

Please log in to reply

6 replies to this topic

#1 MaB69

Regular Member

Experts
86 posts

Gender:Male
Location:France

Posted 14 April 2008 - 11:54 AM

Hi,

Fast scan gives 3 detections :

Malwarebytes' Anti-Malware 1.11
Version de la base de donn�es: 625

Type de recherche: Examen rapide
El�ments examin�s: 30272
Temps �coul�: 3 minute(s), 1 second(s)

Processus m�moire infect�(s): 0
Module(s) m�moire infect�(s): 0
Cl�(s) du Registre infect�e(s): 0
Valeur(s) du Registre infect�e(s): 0
El�ment(s) de donn�es du Registre infect�(s): 3
Dossier(s) infect�(s): 0
Fichier(s) infect�(s): 0

Processus m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)

Module(s) m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)

Cl�(s) du Registre infect�e(s):
(Aucun �l�ment nuisible d�tect�)

Valeur(s) du Registre infect�e(s):
(Aucun �l�ment nuisible d�tect�)

El�ment(s) de donn�es du Registre infect�(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F7D99B22-E56C-4EA1-91EF-463493EB4822}\NameServer (Trojan.DNSChanger) -> Data: 208.67.222.222,208.67.202.202 -> No action taken. [ScanForBadDNSServers() Function]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F7D99B22-E56C-4EA1-91EF-463493EB4822}\NameServer (Trojan.DNSChanger) -> Data: 208.67.222.222,208.67.202.202 -> No action taken. [ScanForBadDNSServers() Function]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F7D99B22-E56C-4EA1-91EF-463493EB4822}\NameServer (Trojan.DNSChanger) -> Data: 208.67.222.222,208.67.202.202 -> No action taken. [ScanForBadDNSServers() Function]

Dossier(s) infect�(s):
(Aucun �l�ment nuisible d�tect�)

Fichier(s) infect�(s):
(Aucun �l�ment nuisible d�tect�)

I wish that a DNSChanger really hijack a DNS conf to use OpenDNS

Regards,

MaB

Back to top

#2 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 14 April 2008 - 01:11 PM

fixing

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook

Back to top

#3 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 14 April 2008 - 03:12 PM

Should be fixed .

I added them to begin with because malware did hijack to this .

A few HJT helpers were removing them so I added them .

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook

Back to top

#4 MaB69

Regular Member

Experts
86 posts

Gender:Male
Location:France

Posted 14 April 2008 - 05:01 PM

Should be fixed .

I added them to begin with because malware did hijack to this .

A few HJT helpers were removing them so I added them .

Hi Bruce,

Fixed using db 629

Sorry, i did not understand what you mean ? IP in the same range are used to hijack DNS servers ?

Thanks

Regards,

MaB

Back to top

#5 gerardwil

True Member

Experts
413 posts

Gender:Male
Location:The Netherlands

Posted 14 April 2008 - 05:35 PM

Hi MaB,

Shouldn't the second server be: 208.67.220.220?

Gerard

Gerard

Back to top

#6 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 14 April 2008 - 06:13 PM

Hi Bruce,

Fixed using db 629

Sorry, i did not understand what you mean ? IP in the same range are used to hijack DNS servers ?

Thanks

Regards,

MaB

In HJT speak , these were the 017s HJT had listed after the malware installed .

I did find a few HJT experts removing them so I added them to the DNS hijack defs .

This seems to be a case where something nonmalicious was misused .

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook