Computer Forums - View Single Post

drdavedj · 11-29-2008, 03:13 PM

For the past three days I have been researching and applying possible fixes to get rid of the problem and make it go away but it proves to be a persistence one. Every time I try to access Windows Update it will redirect me to MSN.com. In addition, a lot of the anti-spyware/adware I tried to install would not update so I have to do them manually. This included ad-aware, which I asked a friend over messenger to download the most current definition so I can update it manually (I could access the lavasoft website alright, but when I try to download the latest definitions, it redirect me to a different page). I did try to restore my computer to the original manufactured version but it did not solve the problem. I also use Malwarebytes' Anti-Malware, which I must have done over 20 runs >.< Anways, sometimes it comes up clean and sometimes it comes back with the following again:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T cpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.

Finally I resolved the issue. It wasn't my computer at fault but the router. I became suspicious when every single computers in the house exhibit the same behavior. So to test it out, I use one computer to hard-wire to the internet without the router and I was able to access the windows update page without any problems. Whatever someone did to my router, I have to revert it back to the original manufactured version and afterward, everything ran smooth again. All of my virus software, anti-spyware/adware software are able to update without any problems now.

11-29-2008, 03:13 PM	#5 (permalink)
drdavedj Newb Techie Join Date: Nov 2008 Posts: 1	Re: Windows Update redirects to MSN.com For the past three days I have been researching and applying possible fixes to get rid of the problem and make it go away but it proves to be a persistence one. Every time I try to access Windows Update it will redirect me to MSN.com. In addition, a lot of the anti-spyware/adware I tried to install would not update so I have to do them manually. This included ad-aware, which I asked a friend over messenger to download the most current definition so I can update it manually (I could access the lavasoft website alright, but when I try to download the latest definitions, it redirect me to a different page). I did try to restore my computer to the original manufactured version but it did not solve the problem. I also use Malwarebytes' Anti-Malware, which I must have done over 20 runs >.< Anways, sometimes it comes up clean and sometimes it comes back with the following again: Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T cpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken. Finally I resolved the issue. It wasn't my computer at fault but the router. I became suspicious when every single computers in the house exhibit the same behavior. So to test it out, I use one computer to hard-wire to the internet without the router and I was able to access the windows update page without any problems. Whatever someone did to my router, I have to revert it back to the original manufactured version and afterward, everything ran smooth again. All of my virus software, anti-spyware/adware software are able to update without any problems now.