TechSpot

Hjt log hijacked domain? please help

By chazilla
Feb 14, 2008
  1. chazilla

    chazilla TS Rookie Topic Starter

    I've never used a forum before, so I hope I'm posting correctly and not stepping over my boundaries or on anyone's toes.
    Apparently my domain has been hijacked, however, I haven't a domain. I cannot get rid of the "NameServer = 216.163.120.19,216.163.120.21" without disrupting my connection to the internet. I appreciate any and all help you kind souls can give me. Thank you very much.
     
  2. techflame23

    techflame23 TS Rookie Posts: 58

    yes your hijack this logs shows two files that have the same "domain" as this.
    They are both in your registr ch shows you have downloaded them or opened a trojan somewhere along the line.
    Please go to windows seach (start menu right side) and search under all files and folders the following, one at a time. When yu find them, delete them.

    HKLM\System\CCS\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

    HKLM\System\CS1\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

    (NOTE: You may want to copy these and paste them into the search box. CTRL+C for copy, CTRL+V for paste, you have to highlight the piece you want to copy)
     
  3. jobeard

    jobeard TS Ambassador Posts: 8,946   +586

    post your result from
    run->cmd /k ipconfig /all
    the DNS will be shown there

    the HKLM\System\CCS and HKLM\System\CS1 entries are HJT abbreviations for
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet and
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001​
    respectively

    the real DNS address will be found at
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer (a list of two)

    suggest you confirm that your router has UPnP disabled and a non-defaulted admin password
     
  4. techflame23

    techflame23 TS Rookie Posts: 58

    thanks for pointing that out jobeard
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...