Thread: I have same problem
View Single Post
  #2 (permalink)  
Old 11-08-2008
Don Varnau
 

Posts: n/a
Re: I have same problem
Posted from
NNTP-Posting-Host: 72.29.94.49.static.dimenoc.com

Don
[MS MVP- IE]

<John Ficquette> wrote in message news:200811814334jficquette@gmail.com...
> Robert I have the same issue. I ran malwarebytes and got this:
>
> I had already ran the Malwarebytes scan and got this:
>
> Registry Keys Infected:
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7d5dd
829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and
deleted successfully.
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2b96d
5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted
successfully.
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b7e
48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and
deleted successfully.
>
> Registry Values Infected:
> (No malicious items detected)
>
> Registry Data Items Infected:
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNa
meServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23
1.2.3.4 -> Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interf
aces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameSe
rver (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces
\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\DhcpNameSe
rver (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces
\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
> Those IP addresses are to download.microsoft.com
>
> Here is the nsloop up results:
>
> C:\>nslookup download.microsoft.com
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 85.255.112.165: Timed out
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 85.255.112.23: Timed out
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 1.2.3.4: Timed out
> *** Default servers are not available
> Server: UnKnown
> Address: 85.255.112.165
>
> Non-authoritative answer:
> Name: download.microsoft.com.san.rr.com
> Address: 99.198.101.4
>
> Also I did this:
>
> C:\>ping -n 1 download.microsoft.com
> Ping request could not find host download.microsoft.com. Please check the
name a
> nd try again.
>
> Any ideas?? BTW, the dns is set up to obtain addresses automatically. I
believe something is blocking it and whatever it is just started. I think I
had some updates last month.
>
> I saved the best for last. When I try to run windows update I am
automatically sent to www.msn.com.
>
> John
>
> John

Reply With Quote