1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

DNS Changer/Webpages redirects for all PC and phones on home network

Discussion in 'Virus & Other Malware Removal' started by kanu, Mar 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. kanu

    kanu Thread Starter

    Joined:
    Mar 22, 2015
    Messages:
    3
    Hello Guys,
    I am facing a problem of webpages being redirected or/and small popup(javascript) for porn coming on right hand bottom side for all the websites we visit. This issue is happening for all the devices in my home network. I tried to run Malwarebytes on my laptop and it showed 2 registry entries of DNS Changer. I checked my router (Dlink-DSL-2520U) and found it was using manual DNS server pointing to some malicious DNS server. I changed those setting and enabled the firewall feature on the router (I keep it on but it was off when i saw). Did a scan again on my laptop and PC but still those small popups are coming.
    On my laptop I had installed Malwarebytes Premium Trial so its now showing that SVCHOST.EXE is trying to connecto to the same IP address which was in the DNS settings of the router but is being blocked by malware bytes. Please suggest how to fix this problem once in for all. It also keeps happening with our browser in Mobile Devices also (iPhone 6 and HTC Android).

    Logs of my PC

    Highjack this logs:
    Please Help:confused::confused::confused:
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi Kanu,
    You will have to do a number of things to minimize the threat of a hack, and return the network to normal.
    • Download the latest Router Firmware, instructions, etc., and install the latest firmware.
      Get it from here: http://ftp.dlink.ru/pub/ADSL/
    • After updating the firmware, Set the router to the correct settings for your Internet provider
    • Change the Password for the Admin user on the Router
    • Flush the DNS Cache on all computers on the network.
    • Check the IP configuration for machines on the network.

    You can use the MiniToolbox to Flush DNS and provide the IP configuration, as follows:
    -----------------------------------------------
    Please download MiniToolBox and run it on a machine connected to the network..
    Double click MiniToolBox.exe to launch the program.
    Checkmark only the following boxes in the list:
    • Flush DNS
    • List IP configuration
    • List Winsock Entries
    Click Go to start the scan.
    When finished a log Result.txt will open.
    Please post the contents of that log.

    askey127
     
  3. kanu

    kanu Thread Starter

    Joined:
    Mar 22, 2015
    Messages:
    3
    Hello Askey127,
    Thanks for the reply. I checked the router firmware but the latest available firmware on the web is 1.0.5 and my router has a firmware version 1.0.8.. :confused:
    I guess its the latest one already. I have ran the minitoolbox as described and below is the log of my PC. There are still redirection and small popups happening. Should I reset firefox??

    Any help appreciated. (y)
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    kanu,
    I don't see anything in that log that I would recognize as a problem.

    Yes, I would reset any browser you use.
    Instructions here in case it's helpful:
    -----------------------------------------------------------
    Reset Firefox
    Click an <Alt> key once or twice if necessary to see the top menu bar
    Click on Help in the Menu bar.
    In the pop menu, choose Troubleshooting Information.
    At the top of the window that opens up, click the button labeled Reset Firefox
    To continue, click Reset Firefox again in any confirmation window that opens.
    Firefox will be reset to its original state.

    ---------------------------------------------------------------
    Reset Internet Explorer
    Open Internet Explorer
    If necessary, hit an <Alt> key so you can see the File menu bar
    Click on Tools in the top menu bar , and then click Internet options.
    Click the Advanced tab, and then click Reset.
    In the Reset Internet Explorer Settings dialog box, click Reset.
    When Internet Explorer finishes applying default settings, click OK.
    Changes will take effect when you Restart the machine.

    ---------------------------------------------------------
    Reset Chrome
    Start Chrome
    Click the Chrome menu on the browser toolbar. (The icon with three horizontal bars in the upper right)
    Select Settings.
    Click Show advanced settings and find the "Reset browser settings" section.
    Click Reset browser settings.
    In the dialog that appears, click Reset.
    Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings.

    -----------------------------------------------------------
    Let's run a set of scans with FRST54 in case something was deposited onto this PC
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  5. kanu

    kanu Thread Starter

    Joined:
    Mar 22, 2015
    Messages:
    3
    Thanks Buddy,
    After resetting the browser the popups have stopped..

    Below are the logs you requested:
    FRST log:
    Addition Log:
    Your inputs please :)
    Thanks
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    kanu,
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    There are NO Safe ones.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Java(TM) 7 Update 5 (64-bit)
    Java 8 Update 25

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ------------------------------------------------------------
    Java Issue
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it,
    Download and Install the latest versions of Java Runtime Environment
    from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install them to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the links for your Platform, both jre-8u40-windows-i586.exe and jre-8u40-windows-x64.exe
    Click them one at a time, download each and save them to your desktop.
    Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer(s) from your desktop.
    (I don't have any Java on my system).

    If it's behaving, you should be OK.
    askey127
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145247

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice