Normally I remove the trojans and malware very easily. But the problem I got it yesterday is whenever I visit a website which has google ads or any other ads a popup window opens linking to http://popup.adv.net/popup2.php and http://mtn5.goole.ws. So I finally downloaded the software Malwarebytes' Anti-Malware and scanned my computer. It removed one entry in my registry and one exe . The below is the log file.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdapv.exe -> Quarantined and deleted successfully.
Files Infected:E:\WINDOWS\system32\kdapv.exe (Rootkit.DNSChanger.H) -> Quarantined and deleted successfully.
Next day I opened my PC and still got the same problem and I shocked how come this malware comes from. As usual I googled and got the final solution from a website.
Here I am posting the method from this blog.
1. In the Windows menu go to Start>Run
2. Type cmd
3. This will fire up the command window
4. Type ipconfig /all
5. This will display the actual configuration of your LAN card.Pay particular attention to the DNS entry.
In my PC I got two entries:
One of this entries are not correctly formed while 220.127.116.11 is the DNS address of the exploiter. A proper DNS entry given by your ISP should look something like - 18.104.22.168. Type ipconfig /release
7. Then type ipconfig /renew
8. Then do an ipconfig /all again to check that your DNS settings have been corrected.source:http://meandthecomputer.blogspot.com/2008/11/how-to-remove-popupadvnet-and.html