I have Avast Pro, and it is stopping me logging on to the internet, if I disable it I can access the internet no problem.
The infected file is Win32:Patched-AWQTPJ Every time I try to delete or move it to the virus chest I cannot because it comes up with Read Only (6009)
The file seems to be in C:\windows\systemWOW64\dnsapidii if that helps.
Please could someone help as I need to use the internet but not keen on doing so with no virus protection.
Sorry about the delay in replying; the bad news is that you posted the same file twice; once as FRST.txt and then as Addition.txt. Because of that, this may not be a complete fix right now but it should fix the DNS hijacking.
Just curious but what other AntiVirus have you had installed on this machine before Avast?
We need to get a fresh scan from FRST.
[*]If you still have the Addition.txt file on your desktop, please delete it now.
[*]Right click the FRST file on your desktop and select “Run as Administrator…” (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the “The tool is ready to use.” message.
[*]Please check the Addition.txt in the Option Scan section of FRST.
[*]Press the Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Just wondering about the other AVs as there appeared to be some McAfee files on the system.
Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.
The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.
The error was in the fake DNSapi.dll files that the hijacking malware placed on your system. You can prevent much of this type of hijacking by hardening your browser settings to make your online experience more secure. Check the following for some tips: https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/
Also, please consider emptying your temporary files more often; you had 44+ Gigabytes of data removed on the first FRST fixlist run. That’s a lot of old browser data to keep around; it could include bad files and routines just waiting for the proper commands to activate the malware on your system.
One more check for safety sake …
AdwCleaner by Xplode
Download AdwCleaner from here or from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.
- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this