Messages

2611

Malware removal help / Re: clean or no clean

« on: January 04, 2015, 04:13:55 pm »

Hi olivierdulac8,

This is a DNS hijacker.
Please follow the following process as closely as possible.

1. Router disinfection / securisation

There is a possibility your router to be compromised. Such malware scan the network to find routers with weak/default passwords or firmware vulnerabilities and change their DNS settings.
Please follow these instruction to hard reset your router and update it.

2. Please delete the following registry entries

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)

Eventually, I strongly advise you to change your passwords and be especially warry of unauthorized transactions if you use online banking since there is a probability your passwords may have been stolen.

Regards.

2612

RogueKiller / Re: Anti-rookit results? Unsure what to do with these

« on: January 04, 2015, 03:14:25 am »

Hi KOTARE,

Could you try to attach the file on your next post ? If you do so, I will upload it to VT myself.

Regards.

2613

Malware removal help / Re: help help help!

« on: January 04, 2015, 01:39:47 am »

Hello NoobNeedsHelp,

Welcome to Adlice.com Forum.
Could you please post Avast's log ? It could potentially help us locating the infection.

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

Note : This thread has been moved to the "Malware removal help" section for clarity.

2614

Malware removal help / Re: clean or no clean

« on: January 04, 2015, 01:21:25 am »

Hi olivierdulac8,

Do you live in the United States ?
I ask this because some DNS entries in your log are associated with "Eli Lilly and Company", which is dubious.

The AntiRootkit module detected some IRP hooks performed by the legitimate driver Wof.sys. That's totally harmless.
If you want more information about it, please read KernelMode rootkits: Part 2, IRP hooks.

Regards.

2615

Malware removal help / Re: clean or no clean

« on: January 04, 2015, 01:03:31 am »

Hi olivierdulac8,

This thread is locked as duplicate.
Please continue here.

Regards.

2616

RogueKiller / Re: Anti-rookit results? Unsure what to do with these

« on: January 04, 2015, 12:52:50 am »

Hi KOTARE,

Could you please explain as clearly as possible what problems you encountered ?
Please follow the following process to analyse the file.

1. Show Hidden Files and Folders

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:

•     Hide extensions for known file types
  
•     Hide protected operating system files (Recommended)
  

You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:

• Show hidden files and folders
  

Click Apply and then click OK

2. Upload a file

Go to VirusTotal
When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

Code: [Select]

C:\Windows\system32\DRIVERS\o2mdgx64.sys
If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.

Regards.

2617

RogueKiller / Re: Translations!

« on: January 02, 2015, 01:15:40 pm »

Greeting XtremeZ and welcome to Adlice.

Thank you for your contribution. It will be added in the next release.

Regards.

2618

General Discussion / Re: Introduce yourself

« on: January 02, 2015, 01:00:10 pm »

Hello everyone,

My name is Curson. Starting today, I will jointly be working with Tigzy, answering your questions and helping you using RogueKiller.

--------------------------------------------------

Bonjour à tous,

Mon nom est Curson. A partir d'aujourd'hui, je travaillerai conjointement avec Tigzy pour répondre à vos questions et vous aider dans l'utilisation de RogueKiller.