WIN32.DNSCHANGER.S Removal: Remove WIN32.DNSCHANGER.S Forever
Let our support team solve your problem with WIN32.DNSCHANGER.S and repair WIN32.DNSCHANGER.S right now!
Leave the detailed description of your WIN32.DNSCHANGER.S problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix WIN32.DNSCHANGER.S problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete WIN32.DNSCHANGER.S problem removal solution.
Describe your problem here and we'll contact you in several minutes:
Warning:
1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you WIN32.DNSCHANGER.S removal solution.
2) All fields of this form are obligatory.
Threat's profile
|
Name of the threat: WIN32.DNSCHANGER.S |
| Command or file name: yaemu.exe |
| Threat type: Trojan |
| Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista) |
WIN32.DNSCHANGER.S intrusion method
WIN32.DNSCHANGER.S copies its file(s) to your hard disk. Its typical file name is yaemu.exe. Then it creates new startup key with name WIN32.DNSCHANGER.S and value yaemu.exe. You can also find it in your processes list with name yaemu.exe or WIN32.DNSCHANGER.S.
If you have further questions about WIN32.DNSCHANGER.S, please fill in the form above and we'll contact you shortly.
» Download program to remove WIN32.DNSCHANGER.S (WIN32.DNSCHANGER.S Removal Tool)
Recommended Solution
If you are not sure what to delete, use our award winning program - WIN32.DNSCHANGER.S Removal Tool.
WIN32.DNSCHANGER.S Removal Tool will find and fully remove WIN32.DNSCHANGER.S and all problems associated with WIN32.DNSCHANGER.S virus.
Fast, easy, and handy, WIN32.DNSCHANGER.S Removal Tool protects your computer against WIN32.DNSCHANGER.S that does harm to your computer and breaks your privacy. WIN32.DNSCHANGER.S Removal Tool scans your hard disks and registry and destroys any manifestation of WIN32.DNSCHANGER.S. Standard anti-virus software can do nothing against malicious programs like WIN32.DNSCHANGER.S. Remove WIN32.DNSCHANGER.S straight away!
» Download WIN32.DNSCHANGER.S Removal Tool now for free
How to fix WIN32.DNSCHANGER.S
This problem can be solved manually by deleting all registry keys and files connected with WIN32.DNSCHANGER.S, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by WIN32.DNSCHANGER.S.
To get rid of WIN32.DNSCHANGER.S, you should:
1. Kill the following processes and delete the appropriate files:
no information
Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WIN32.DNSCHANGER.S Removal Tool for safe problem solution.
2. Delete the following malicious folders:
no information
3. Delete the following malicious registry entries and\or values:
no information
Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WIN32.DNSCHANGER.S Removal Tool for safe problem solution.
Here are the descriptions of problems connected with WIN32.DNSCHANGER.S and yaemu.exe we received earlier:
Dns entris changes
Problem Summary: Dns entris changes
DNS entries are automatically changed
Our support has contacted the author of this message, Premnath GT, and helped to solve his problem.
DNS automatically changed on all desktops
Problem Summary: DNS automatically changed on all desktops
Hi,
Pleaaase help.
More than 15 desktops have been infected with a kind of virus (and counting), the dnschanger one. All dns configuration are beeing changed to 85.255.*.*.
Users are not beeing able to access local servers.
Here is a scan i made using Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:18 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\SkyTel.EXE
C:\\WINDOWS\\system32\\00THotkey.exe
C:\\Program Files\\Apoint2K\\Apoint.exe
C:\\WINDOWS\\AGRSMMSG.exe
C:\\WINDOWS\\system32\\TPSMain.exe
C:\\WINDOWS\\system32\\thpsrv.exe
C:\\WINDOWS\\system32\\TFNF5.exe
C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe
C:\\Program Files\\Apoint2K\\Apntex.exe
C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe
C:\\WINDOWS\\system32\\igfxext.exe
C:\\Program Files\\TOSHIBA\\TME3\\TMERzCtl.EXE
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe
C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe
C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\system32\\TPSBattM.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe
C:\\Program Files\\CA\\eTrustITM\\realmon.exe
C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe
C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe
C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe
C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\Google Talk\\googletalk.exe
C:\\Program Files\\DNA\\btdna.exe
C:\\Program Files\\Orbitdownloader\\orbitdm.exe
C:\\WINDOWS\\system32\\RAMASST.exe
C:\\Program Files\\Orbitdownloader\\orbitnet.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe
C:\\WINDOWS\\system32\\DVDRAMSV.exe
C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe
C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe
C:\\Program Files\\CA\\eTrustITM\\InoRT.exe
C:\\Program Files\\CA\\eTrustITM\\InoTask.exe
C:\\Program Files\\CA\\SharedComponents\\PPRealtime\\bin\\ITMRTSVC.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\mdm.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
C:\\WINDOWS\\system32\\ThpSrv.exe
C:\\Program Files\\CA\\eTrustITM\\ppcl.exe
C:\\Program Files\\TOSHIBA\\TME3\\Tmesrv31.exe
C:\\Program Files\\Common Files\\VMware\\VMware Virtual Image Editing\\vmount2.exe
C:\\Program Files\\TOSHIBA\\TME3\\TMEEJME.EXE
C:\\Program Files\\CA\\eTrustITM\\ppcl.exe
C:\\WINDOWS\\system32\\vmnat.exe
C:\\WINDOWS\\system32\\SearchIndexer.exe
C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyServer = 192.168.3.204:8080
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\\WINDOWS\\System32\\DLA\\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\\Program Files\\Orbitdownloader\\GrabPro.dll
O4 - HKLM\\..\\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\\..\\Run: [00THotkey] C:\\WINDOWS\\system32\\00THotkey.exe
O4 - HKLM\\..\\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\\..\\Run: [Apoint] C:\\Program Files\\Apoint2K\\Apoint.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [TPSMain] TPSMain.exe
O4 - HKLM\\..\\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\\..\\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\\..\\Run: [TFNF5] TFNF5.exe
O4 - HKLM\\..\\Run: [SmoothView] C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe
O4 - HKLM\\..\\Run: [TouchED] C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe
O4 - HKLM\\..\\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\\..\\Run: [TMESRV.EXE] C:\\Program Files\\TOSHIBA\\TME3\\TMESRV31.EXE /Logon
O4 - HKLM\\..\\Run: [TMERzCtl.EXE] C:\\Program Files\\TOSHIBA\\TME3\\TMERzCtl.EXE /Service
O4 - HKLM\\..\\Run: [TFncKy] TFncKy.exe
O4 - HKLM\\..\\Run: [TosHKCW.exe] \"C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe\"
O4 - HKLM\\..\\Run: [DLA] C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE
O4 - HKLM\\..\\Run: [igfxtray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [igfxhkcmd] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [igfxpers] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [IntelZeroConfig] \"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"
O4 - HKLM\\..\\Run: [IntelWireless] \"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless
O4 - HKLM\\..\\Run: [Realtime Monitor] \"C:\\Program Files\\CA\\eTrustITM\\realmon.exe\" -s
O4 - HKLM\\..\\Run: [vmware-tray] C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe
O4 - HKLM\\..\\Run: [VMware hqtray] \"C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"
O4 - HKCU\\..\\Run: [TOSCDSPD] C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [googletalk] \"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart
O4 - HKCU\\..\\Run: [BitTorrent DNA] \"C:\\Program Files\\DNA\\btdna.exe\"
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Orbit.lnk = C:\\Program Files\\Orbitdownloader\\orbitdm.exe
O4 - Global Startup: RAMASST.lnk = C:\\WINDOWS\\system32\\RAMASST.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\\Program Files\\VisualRoute Lite Edition\\vrie.dll
O9 - Extra \'Tools\' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\\Program Files\\VisualRoute Lite Edition\\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218104909718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219832502328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{401B8F0E-B034-475A-8D34-02AB549D07F0}: NameServer = 192.168.150.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\\WINDOWS\\system32\\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\\Program Files\\CA\\eTrustITM\\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\\Program Files\\CA\\eTrustITM\\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\\Program Files\\CA\\SharedComponents\\PPRealtime\\bin\\ITMRTSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\\WINDOWS\\system32\\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\\Program Files\\TOSHIBA\\TME3\\Tmesrv31.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\\Program Files\\VMware\\VMware Workstation\\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\\Program Files\\Common Files\\VMware\\VMware Virtual Image Editing\\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\\WINDOWS\\system32\\vmnat.exe
--
End of file - 11771 bytes
Thanks a lot
Pascal
Our support has contacted the author of this message, Pascal Jbeily, and helped to solve his problem.
Win32.DNSChanger
Problem Summary: Win32.DNSChanger
Win32.DNSChanger found n my computer
Our support has contacted the author of this message, Rizk, and helped to solve his problem.
fgdf
Problem Summary: fgdf
fgdfgdfg
Our support has contacted the author of this message, adsf, and helped to solve his problem.
DNS Changing
Problem Summary: DNS Changing
I have problem with changing DNS server addreses in Network Connection properties. When i make changes to another DNS address it changes it back to previous DNS address.
Our support has contacted the author of this message, Ognjen Botica, and helped to solve his problem.
internet card doesnt work
Problem Summary: internet card doesnt work
my air card dosent work because i need a dns changer.
Our support has contacted the author of this message, jack, and helped to solve his problem.
Next threat: WIN32.SMALL.N »
Learn more about WIN32.DNSCHANGER.S and yaemu.exe »
« Back to catalog
Solution: 8504
|
