eScan - Antivirus & Content Security Forum

Antivirus, Content Security & Firewall Software.
https://forums.mwti.net/

DNS changes automatically

https://forums.mwti.net/viewtopic.php?f=3&t=671

Page 1 of 1

DNS changes automatically

PostPosted: Tue Dec 23, 2008 8:32 am
by Apurv
I faced problem where DNS IP in Network card properties was automatically changing to 85.*.*.* ( Ukrain IP)

It is a rootkit problem. It creates superhidden file

%systemroot%\system32\drivers\msqpdxpaxloeqh.sys

It also creates entry at

KEY=HKLM\Software|msqpdx\injector

Name= services.exe Data=msqpdxdfswfh35g2.dll

PostPosted: Tue Dec 23, 2008 1:47 pm
by axel
This seems to be a Packed.Win32.krap.d
Please see at
http://forum.kaspersky.com/index.php?showtopic=95680

Download the stated combofix.exe and run it.
After the run, download latest MWAV and start it, check all options and run it.

This should remove the issue.
All times are UTC + 5:30 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/