Event 40961; Attempt to Hijack DNS???

By Fuzzylogik
Aug 17, 2006
  1. I've been having a problem for awhile now and I'm officially asking for help.

    My concern right now is over an Event Viewer Error that I am currently receiving:

    Source: LSASRV
    Category: SPNEGO (Negotiator)
    EventID: 40961

    The Security System could not establish a secured connection with the server DNS/dns1.ctnt.com.cn. No authentication protocol was available.

    I've checked my TCP/IP connections; their pointed to the correct servers. I've checked the HOSTS and LMHOSTS file; their fine. I've searched the registry and the name is not there (if it's there as an IP, I cannot say). I've googled the DNS (and parts thereof), no hits. I've even tried to IPCONFIG the address and it comes back nil. I can account for everything that is in my HiJackthis Log (see below) that is not SAFE (I do not discount that I may not know that something has malware attached to something there, however).

    Another concern, which may very well be unrelated, is that my Symatec Utilities no longer work. I uninstalled Symantec Antivirus from Systemworks Premiere 2006 after it caused a host of problems earlier this year and, surprise!, they no longer support their software (I know I'm a little late coming to this conclusion, but it always worked well for ME in the past; now using McAfee Antivirus). Every time I attempt to run a program, the hourglass turns for a second and then disappears; if you watch it in the Task Manager, it blinks quickly (fast enough to know that SOMETHING attempted to garner resources but not long enough to see what it was). Oh, yeah: and I can't uninstall Symatec at all, whether I'm doing it traditionally through Add/Remove or using their own useless Norton Removal Tool (the tool DL's the info necessary and then hangs).

    I typically run Zone Alarm (registered and up to date) but uninstalled it last night after it was causing me problems.

    Interestingly, I can run McAfee scans, Ad-Aware scans, and Spybot scans (nothing found). Even ran an online virus scanner (Trend Micro's) and it came up clean, but it feels like something is playing around in the background and I'm officially out of ideas. Anyone have any thoughts?

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and read this thread HERE, then post a HJT log as an attachment and I`ll take a look and advise.

    Regards Howard :)
  3. Fuzzylogik

    Fuzzylogik TS Rookie Topic Starter


    Thanks Howard. Here you go:
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your have some suspicious entries in your HJT log.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log as an attachment into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of Fuzzylogik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...