Here's the system specs :
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home Single Language, 64 bit
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 3999 Mb
Graphics Card: Intel(R) HD Graphics Family, 1024 Mb
Hard Drives: C: 226 GB (113 GB Free); F: 225 GB (105 GB Free); G: 215 GB (173 GB Free); H: 253 GB (231 GB Free);
Motherboard: Dell Inc., 0926J6
Antivirus: Windows Defender, Enabled and Updated
This laptop was the target of an malware attack a few months ago. McAfee was the default anti-virus since the laptop was bought...it didn't do anything ; I used Malwarebytes AntiMalware do deal with the infestation and uninstalled McAfee, reverting back to Windows Defender.
The malware that targeted my laptop worked similar to DNSChanger (additional info: https://en.wikipedia.org/wiki/DNSChanger)
I routinely run full scans(atleast once in every 3 weeks) with both Windows Defender and Malwarebytes since then.
However, the ("ipconfig /displaydns") command in Windows command prompt cmd.exe, I can still see there are some adwares left that try to connect to the host sites.
Here's the log:
Microsoft Windows [Version 10.0.16299.192]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\Users\Admin>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin>ipconfig /displaydns
Windows IP Configuration
1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : down.baidu2016.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : 123.sogou.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : www.czzsyzgm.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : www.czzsyzxl.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : union.baidu2019.com
www.czzsyzgm.com
----------------------------------------
No records of type AAAA
www.czzsyzgm.com
----------------------------------------
Record Name . . . . . : www.czzsyzgm.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
mssplus.mcafee.com
----------------------------------------
No records of type AAAA
mssplus.mcafee.com
----------------------------------------
Record Name . . . . . : mssplus.mcafee.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 0.0.0.1
123.sogou.com
----------------------------------------
No records of type AAAA
123.sogou.com
----------------------------------------
Record Name . . . . . : 123.sogou.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.czzsyzxl.com
----------------------------------------
No records of type AAAA
www.czzsyzxl.com
----------------------------------------
Record Name . . . . . : www.czzsyzxl.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
down.baidu2016.com
----------------------------------------
No records of type AAAA
down.baidu2016.com
----------------------------------------
Record Name . . . . . : down.baidu2016.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
1.0.0.0.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.0.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : mssplus.mcafee.com
union.baidu2019.com
----------------------------------------
No records of type AAAA
union.baidu2019.com
----------------------------------------
Record Name . . . . . : union.baidu2019.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
As it can be seen, the ("ipconfig /flushdns") command is useless.
Is there any way to get these out of the system ?
P.S. The laptop doesn't show any symptom of being infected, and all scans turn up clean.
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home Single Language, 64 bit
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 3999 Mb
Graphics Card: Intel(R) HD Graphics Family, 1024 Mb
Hard Drives: C: 226 GB (113 GB Free); F: 225 GB (105 GB Free); G: 215 GB (173 GB Free); H: 253 GB (231 GB Free);
Motherboard: Dell Inc., 0926J6
Antivirus: Windows Defender, Enabled and Updated
This laptop was the target of an malware attack a few months ago. McAfee was the default anti-virus since the laptop was bought...it didn't do anything ; I used Malwarebytes AntiMalware do deal with the infestation and uninstalled McAfee, reverting back to Windows Defender.
The malware that targeted my laptop worked similar to DNSChanger (additional info: https://en.wikipedia.org/wiki/DNSChanger)
I routinely run full scans(atleast once in every 3 weeks) with both Windows Defender and Malwarebytes since then.
However, the ("ipconfig /displaydns") command in Windows command prompt cmd.exe, I can still see there are some adwares left that try to connect to the host sites.
Here's the log:
Microsoft Windows [Version 10.0.16299.192]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\Users\Admin>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin>ipconfig /displaydns
Windows IP Configuration
1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : down.baidu2016.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : 123.sogou.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : www.czzsyzgm.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : www.czzsyzxl.com
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : union.baidu2019.com
www.czzsyzgm.com
----------------------------------------
No records of type AAAA
www.czzsyzgm.com
----------------------------------------
Record Name . . . . . : www.czzsyzgm.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
mssplus.mcafee.com
----------------------------------------
No records of type AAAA
mssplus.mcafee.com
----------------------------------------
Record Name . . . . . : mssplus.mcafee.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 0.0.0.1
123.sogou.com
----------------------------------------
No records of type AAAA
123.sogou.com
----------------------------------------
Record Name . . . . . : 123.sogou.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
www.czzsyzxl.com
----------------------------------------
No records of type AAAA
www.czzsyzxl.com
----------------------------------------
Record Name . . . . . : www.czzsyzxl.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
down.baidu2016.com
----------------------------------------
No records of type AAAA
down.baidu2016.com
----------------------------------------
Record Name . . . . . : down.baidu2016.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
1.0.0.0.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.0.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 8
Section . . . . . . . : Answer
PTR Record . . . . . : mssplus.mcafee.com
union.baidu2019.com
----------------------------------------
No records of type AAAA
union.baidu2019.com
----------------------------------------
Record Name . . . . . : union.baidu2019.com
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
As it can be seen, the ("ipconfig /flushdns") command is useless.
Is there any way to get these out of the system ?
P.S. The laptop doesn't show any symptom of being infected, and all scans turn up clean.