[Lornerie]

Did a HijackThis today and I got a Reg Key alert, which I checked:


HKLM\System\CCS\Services\Tcpip\parameters\interfaces\{3C111BD0-F4EA-4753-86DA-C8EF71AE7025}: NameServer = 200.72.1.11 200.72.1.5


removed it whereupon IE did not work any more!!

so had to restore it again.

Upon reboot the HijackThis still recognises it as a threat.
Any ideas where it comes from and did it overwrite a value ?

Lorn

 

[Bob Cerelli]

A little bit more information, looks like 200.72.1.5 & 11 is registed to a Juan Enrique Sanchez in Chile

 

[Bob Cerelli]

Given that, you might want to run a decent Spyware / Trojan scan.

 

[dvk01]

post the full log and we can see what is going on

HJT doesn't see anything as a threat it just lists all the entries in certain places and lets YOU (or someone else) make a decision based on klnowledge and experience and judgement

 

[dvk01]

Those IP numbers are a genuine ISP in CHILE so if you are in chile it's good, if not then we need to have a careful look at what has happened

 

[Lornerie]

OK to the above.
But I do not understand why removing this key disables my IE browser, since it is not that of my ISP, it must be an intruder?.
Will try redirecting it to MSN address.
thanx.

 

[dvk01]

without something in there you are unable to look up DNS

please post a full HJt log and we can advise how to cure the problem