Thread: I have same problem
View Single Post
  #1 (permalink)  
Old 11-08-2008
John Ficquette
 

Posts: n/a
I have same problem
Robert I have the same issue. I ran malwarebytes and got this:

I had already ran the Malwarebytes scan and got this:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.

Those IP addresses are to download.microsoft.com

Here is the nsloop up results:

C:\>nslookup download.microsoft.com
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.165: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.23: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 1.2.3.4: Timed out
*** Default servers are not available
Server: UnKnown
Address: 85.255.112.165

Non-authoritative answer:
Name: download.microsoft.com.san.rr.com
Address: 99.198.101.4

Also I did this:

C:\>ping -n 1 download.microsoft.com
Ping request could not find host download.microsoft.com. Please check the name a
nd try again.

Any ideas?? BTW, the dns is set up to obtain addresses automatically. I believe something is blocking it and whatever it is just started. I think I had some updates last month.

I saved the best for last. When I try to run windows update I am automatically sent to www.msn.com.

John

John
Reply With Quote
Sponsored Links