Normally I remove the trojans and malware very easily. But the problem I got it yesterday is whenever I visit a website which has google ads or any other ads a popup window opens linking to http://popup.adv.net/popup2.php and http://mtn5.goole.ws. So I finally downloaded the software Malwarebytes' Anti-Malware and scanned my computer. It removed one entry in my registry and one exe . The below is the log file.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdapv.exe -> Quarantined and deleted successfully.
Files Infected:E:\WINDOWS\system32\kdapv.exe (Rootkit.DNSChanger.H) -> Quarantined and deleted successfully.
Next day I opened my PC and still got the same problem and I shocked how come this malware comes from. As usual I googled and got the final solution from a website.
Here I am posting the method from this blog.
1. In the Windows menu go to Start>Run
2. Type cmd
3. This will fire up the command window
4. Type ipconfig /all
5. This will display the actual configuration of your LAN card.Pay particular attention to the DNS entry.
In my PC I got two entries:
192.168.1.100
85.255.112.15
One of this entries are not correctly formed while 85.255.112.156 is the DNS address of the exploiter. A proper DNS entry given by your ISP should look something like - 218.248.240.181. Type ipconfig /release
7. Then type ipconfig /renew
8. Then do an ipconfig /all again to check that your DNS settings have been corrected.
source:http://meandthecomputer.blogspot.com/2008/11/how-to-remove-popupadvnet-and.html
1 comments:
How to remove mtn5.goole.ws and popup.adv.net Malware
http://www.tips29.com/2008/11/how-to-remove-mtn5goolews-and.html
Post a Comment