TechSpot

Hjt log hijacked domain? please help

By chazilla
Feb 14, 2008
  1. chazilla

    chazilla TS Rookie Topic Starter

    I've never used a forum before, so I hope I'm posting correctly and not stepping over my boundaries or on anyone's toes.
    Apparently my domain has been hijacked, however, I haven't a domain. I cannot get rid of the "NameServer = 216.163.120.19,216.163.120.21" without disrupting my connection to the internet. I appreciate any and all help you kind souls can give me. Thank you very much.
     
  2. techflame23

    techflame23 TS Rookie Posts: 65

    yes your hijack this logs shows two files that have the same "domain" as this.
    They are both in your registr ch shows you have downloaded them or opened a trojan somewhere along the line.
    Please go to windows seach (start menu right side) and search under all files and folders the following, one at a time. When yu find them, delete them.

    HKLM\System\CCS\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

    HKLM\System\CS1\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

    (NOTE: You may want to copy these and paste them into the search box. CTRL+C for copy, CTRL+V for paste, you have to highlight the piece you want to copy)
     
  3. jobeard

    jobeard TS Ambassador Posts: 13,515   +336

    post your result from
    run->cmd /k ipconfig /all
    the DNS will be shown there

    the HKLM\System\CCS and HKLM\System\CS1 entries are HJT abbreviations for
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet and
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001​
    respectively

    the real DNS address will be found at
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer (a list of two)

    suggest you confirm that your router has UPnP disabled and a non-defaulted admin password
     
  4. techflame23

    techflame23 TS Rookie Posts: 65

    thanks for pointing that out jobeard
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.