Hjt log hijacked domain? please help

By chazilla ยท 4 replies
Feb 14, 2008
  1. chazilla

    chazilla TS Rookie Topic Starter

    I've never used a forum before, so I hope I'm posting correctly and not stepping over my boundaries or on anyone's toes.
    Apparently my domain has been hijacked, however, I haven't a domain. I cannot get rid of the "NameServer =," without disrupting my connection to the internet. I appreciate any and all help you kind souls can give me. Thank you very much.
  2. techflame23

    techflame23 TS Rookie Posts: 58

    yes your hijack this logs shows two files that have the same "domain" as this.
    They are both in your registr ch shows you have downloaded them or opened a trojan somewhere along the line.
    Please go to windows seach (start menu right side) and search under all files and folders the following, one at a time. When yu find them, delete them.

    HKLM\System\CCS\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer =,

    HKLM\System\CS1\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer =,

    (NOTE: You may want to copy these and paste them into the search box. CTRL+C for copy, CTRL+V for paste, you have to highlight the piece you want to copy)
  3. jobeard

    jobeard TS Ambassador Posts: 10,838   +896

    post your result from
    run->cmd /k ipconfig /all
    the DNS will be shown there

    the HKLM\System\CCS and HKLM\System\CS1 entries are HJT abbreviations for
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet and

    the real DNS address will be found at
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer (a list of two)

    suggest you confirm that your router has UPnP disabled and a non-defaulted admin password
  4. techflame23

    techflame23 TS Rookie Posts: 58

    thanks for pointing that out jobeard
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...