2 replies to this topic

[Dave2680]

I downloaded Malwarebyte to my PC tonight and did a scan on my networked laptop that had it's browser hijacked. The results of the scan was:
Registry Keys Infected: 8 - all Adware.MyWebSearch
Registry Values Infected: 2 - all Adware.MyWebSearch
Registry Data Items Infected: 4 - all Trojan.DNSChanger

The guide said to let Malwarebyte remove the Trojan.DNSChanger so I did. I then rebooted but now only get the blue screen of death. What would be the correct steps to take to regain control of my laptop.

Thank you for any assistance.

The log of the scan is as follows:

Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 2

11/15/2008 9:13:51 PM
mbam-log-2008-11-15 (21-13-51).txt

Scan type: Full Scan (Y:\|)
Objects scanned: 45037
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f110bd4e-bee4-4d22-b917-0966f6bc9d50}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f110bd4e-bee4-4d22-b917-0966f6bc9d50}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.36 85.255.112.41 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[exile360]

Hello Dave2680 and welcome to Malwarebytes. The first thing to do would be to boot into safe mode if you can. Simply reboot your computer and wait until the bios screen comes up then tap the f8 key repeatedly. A black screen with some options should appear, just use your keyboard to select safe mode and see if it boots OK. If it does, then I would recommend following the instructions here http://www.malwareby...?showtopic=2936 and then posting here http://www.malwareby...php?showforum=7 One of the malware removal experts here will help you out to get your PC up and running and malware free again. If safe mode does not work, don't worry if you post at the second link I showed you and tell them what's going on they should still be able to help you get your PC operational again. Best of luck, and safe surfing. By the way, I personally recommend Avira over AVG, but it's a matter of opinion.

[JeanInMontana]

Please go here http://www.malwareby...?showtopic=2936 and follow the instructions to the best of your abilities and start your own topic in that forum. Avira is a better choice for protection and removal over all. It is always ahead in updates over AVG and AVG has become a resource hog with other drawbacks.