« previous next »
Pages: [1]   Go Down

Author Topic: Win32-DNSChanger-VJ [trj]  (Read 3276 times)

0 Members and 1 Guest are viewing this topic.

jneffekt

  • Guest
Win32-DNSChanger-VJ [trj]
« on: May 27, 2012, 03:21:06 PM »
Past week or so been getting "Win32-DNSChanger-VJ [trj]" from Avast.
__________________


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Johnson :: JOHNSON-PC [administrator]

27/05/2012 10:37:34 PM
mbam-log-2012-05-27 (22-37-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206238
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{a9b8d701-44de-97ef-b87d-3be643728573}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


« Last Edit: May 27, 2012, 03:24:24 PM by jneffekt »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37584
  • Not a avast user
Re: Win32-DNSChanger-VJ [trj]
« Reply #1 on: May 27, 2012, 03:30:28 PM »
your malwarebytes was not updated when you did the scan
always hit the update button before scan as they release 5 - 10 updates a day......already at nr.2 today

not necessary to post the log unless it detect anything   ;)

malware specialist is notified....


OBS: and aswMBR log say you are infected with Siref/ZeroAccess rootkit...
« Last Edit: May 27, 2012, 03:57:36 PM by Pondus »
Logged

jeffce

  • Guest
Re: Win32-DNSChanger-VJ [trj]
« Reply #2 on: May 27, 2012, 09:33:03 PM »
Hi,

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.  :)
----------

Download Combofix from either of the links below, and save it to your desktop. 
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt for further review.
Logged

jneffekt

  • Guest
Re: Win32-DNSChanger-VJ [trj]
« Reply #3 on: May 27, 2012, 11:38:22 PM »
I was unable to get Combofix to run, an adobe flash player installation  popped up and after that installed nothing happened?


Also if I did choose to reinstall my os, would that require me to format the hard drive? or will I be able to keep my other files intact without having the need to back them up.
« Last Edit: May 27, 2012, 11:48:29 PM by jneffekt »
Logged

jeffce

  • Guest
Re: Win32-DNSChanger-VJ [trj]
« Reply #4 on: May 28, 2012, 12:50:34 AM »
Quote
Also if I did choose to reinstall my os, would that require me to format the hard drive? or will I be able to keep my other files intact without having the need to back them up.
Unfortunately the infection that is on your system is the "real deal" and would require a full format of your system.  It would be a good idea to back up any files you want to keep now just in case.  :)

Right click and delete the ComboFix icon you have on your Desktop. 

Now, using the link for ComboFix I provided earlier, download a new copy, but before you save it to your system rename it to Vageta.com directly to your C:\ folder and then run it from there.  If the log is created attach that to your next reply.  :)
Logged

jneffekt

  • Guest
Re: Win32-DNSChanger-VJ [trj]
« Reply #5 on: May 28, 2012, 01:10:45 AM »
Still did not work.

To save us both time and frustration I will just do a clean install of Windows 7 later today/tomorrow and see how things are then.

Regards
Logged

jeffce

  • Guest
Re: Win32-DNSChanger-VJ [trj]
« Reply #6 on: May 28, 2012, 02:52:46 AM »
Ok...thanks for letting me know.

For what it is worth, that is exactly what I would do too.  :)
Logged
Pages: [1]   Go Up
« previous next »