Sticky Smitfraud/DNS Hijacker

By almcneil
Aug 14, 2008
  1. Techspotters,

    I'm having a problem removing the last bit of a Smitfraud/DNS hijacker form a customers computer. Initially he was chuck full of spyware and I was able to remove most of it running Ad-Aware 2008, Spybot Search & Destroy and AVG. I then used SmitfraudFix to remove an obvious Smitfraud infection. Still there were some spyware symptoms that I cannot fix. First, his Windows Updates don't work. When we go to the Windows Update site, we get the error number 0x8007000B when it checks for the automatic update service and Active-X components. Also, the DNS settings on his TCI/IP are still hijacked. SmitfraudFix can detected there's a DNS hijacker but cannot remove it. I tried Dial-a-fix but it can't remove it or fix the Windows Update problem. I then tried ComboFix and SDfix but neither of those worked. So I have collected the log files from all the utilities plus ran HijackThis. Logs all attached.

    Someone please review them and tell me if there is a utility or manual fix for this?

    -- Andy
  2. almcneil

    almcneil TS Guru Topic Starter Posts: 1,277

    Panic over. it's been removed (somewhere along the way!)

    After running all those utilities and posting the logs for you, I decided to re-run Spybot. It detected ZlobDNS Hijacker and removed the entries successfully. I then rebooted in Safe Mode and re-ran Spybot to be sure it was removed and nothing showed up in the scan. Restarted to Normal Mode and the DNS hijacking is gone and Windows Updates is working again!

    So, I think what happened is one of the utilities fixed the part that Spybot couldn't and when I reran Spynbot, it removed the other part and BINGO! DNS Hijacker gone!

    Sorry for the false alarm folks.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...