As the title suggests. I believe this virus is responsible for Windows Defender not being to update its definitions or run at all. Log:

# AdwCleaner v6.020 - Logfile created 05/10/2016 at 20:24:47
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-03.1 [Server]
# Operating System : Windows Embedded 8.1 Industry Pro  (X64)
# Username : Jamie - JAMIES-PC
# Running from : C:\Users\Jamie\Downloads\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

[!] File not disinfected:  C:\WINDOWS\System32\dnsapi.dll

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted :: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [14525 Bytes] - [05/10/2016 07:00:36] C:\AdwCleaner\AdwCleaner[C2].txt - [1440 Bytes] - [05/10/2016 07:20:50] C:\AdwCleaner\AdwCleaner[C3].txt - [1556 Bytes] - [05/10/2016 19:33:52] C:\AdwCleaner\AdwCleaner[C4].txt - [1036 Bytes] - [05/10/2016 20:24:47] C:\AdwCleaner\AdwCleaner[S0].txt - [15357 Bytes] - [04/10/2016 19:50:27] C:\AdwCleaner\AdwCleaner[S1].txt - [15352 Bytes] - [04/10/2016 20:24:39] C:\AdwCleaner\AdwCleaner[S2].txt - [15747 Bytes] - [05/10/2016 06:41:33] C:\AdwCleaner\AdwCleaner[S3].txt - [15500 Bytes] - [05/10/2016 06:59:17] C:\AdwCleaner\AdwCleaner[S4].txt - [1540 Bytes] - [05/10/2016 07:19:48] C:\AdwCleaner\AdwCleaner[S5].txt - [1691 Bytes] - [05/10/2016 19:33:14] C:\AdwCleaner\AdwCleaner[S6].txt - [1837 Bytes] - [05/10/2016 20:13:10] C:\AdwCleaner\AdwCleaner[S7].txt - [1910 Bytes] - [05/10/2016 20:14:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1697 Bytes] ##########

 

Re: File not disinfected: C:\WINDOWS\System32\dnsapi.dll

Hello,

Can you do the following to look for "dnsapi.dll" files on your computer ?

  • Download SEAF : https://toolslib.net/downloads/viewdownload/155-seaf/
  • Right-click on the icon -> Execute as Administrator.
  • In the search field, type "dnsapi.dll".
  • Then, start the search. A report will open when the search is over (it contains the search results). Please share it here.

Best regards,

Re: File not disinfected: C:\WINDOWS\System32\dnsapi.dll

Thanks fr33tux, here is the log:

1. ========================= SEAF 1.0.1.0 - C_XX 2.  3. Commencé à: 06:43:11 le 06/10/2016 4.  5. Valeur(s) recherchée(s): 6. dnsapi.dll 7.  8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9.  10.  11. ====== Fichier(s) ====== 12.  13.  14. "C:\Windows\System32\dnsapi.dll" [ ARCHIVE | 499 Ko ] 15. TC: 25/08/2016,07:11:35 | TM: 04/07/2016,04:02:25 | DA: 25/08/2016,07:11:35 16.  17.  18. ========================= 19.  20.  21. "C:\Windows\System32\en-US\dnsapi.dll.mui" [ ARCHIVE | 72 Ko ] 22. TC: 18/03/2014,10:30:25 | TM: 18/03/2014,10:30:25 | DA: 18/03/2014,10:30:25 23.  24.  25. ========================= 26.  27.  28. "C:\Windows\SysWOW64\dnsapi.dll" [ ARCHIVE | 499 Ko ] 29. TC: 25/08/2016,07:11:35 | TM: 04/07/2016,04:02:25 | DA: 25/08/2016,07:11:35 30.  31.  32. ========================= 33.  34.  35. "C:\Windows\SysWOW64\en-US\dnsapi.dll.mui" [ ARCHIVE | 72 Ko ] 36. TC: 18/03/2014,10:30:25 | TM: 18/03/2014,10:30:25 | DA: 18/03/2014,10:30:25 37.  38.  39. ========================= 40.  41.  42. "C:\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_08016688d53424a0\dnsapi.dll.mui" [ ARCHIVE | 72 Ko ] 43. TC: 18/03/2014,10:30:25 | TM: 18/03/2014,10:30:25 | DA: 18/03/2014,10:30:25 44.  45.  46. ========================= 47.  48.  49. "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_8689f4eef6ecdc84\dnsapi.dll" [ ARCHIVE | 151 Ko ] 50. TC: 18/03/2014,10:56:37 | TM: 20/03/2016,15:19:10 | DA: 20/03/2016,15:19:10 51.  52.  53. ========================= 54.  55.  56. "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll" [ ARCHIVE | 150 Ko ] 57. TC: 25/01/2016,02:31:03 | TM: 20/03/2016,15:19:11 | DA: 20/03/2016,15:19:11 58.  59.  60. ========================= 61.  62.  63. "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll" [ ARCHIVE | 206 o ] 64. TC: 25/01/2016,00:32:19 | TM: 20/03/2016,15:19:12 | DA: 20/03/2016,15:19:12 65.  66.  67. ========================= 68.  69.  70. "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll" [ ARCHIVE | 45 Ko ] 71. TC: 25/02/2016,23:42:57 | TM: 28/08/2016,15:04:38 | DA: 28/08/2016,15:04:38 72.  73.  74. ========================= 75.  76.  77. "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18402_none_869e66ecf6ddbe8d\dnsapi.dll" [ NORMAL | 658 Ko ] 78. TC: 25/08/2016,07:11:34 | TM: 04/07/2016,04:33:31 | DA: 25/08/2016,07:11:34 79.  80.  81. ========================= 82.  83.  84. "C:\Windows\WinSxS\Backup\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_08016688d53424a0_dnsapi.dll.mui_97465f8a" [ ARCHIVE | 9 Ko ] 85. TC: 18/03/2014,10:30:58 | TM: 18/03/2014,11:20:49 | DA: 18/03/2014,11:20:49 86.  87.  88. ========================= 89.  90.  91. "C:\Windows\WinSxS\Backup\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18402_none_869e66ecf6ddbe8d_dnsapi.dll_c81f5791" [ ARCHIVE | 284 Ko ] 92. TC: 27/08/2016,12:41:17 | TM: 28/08/2016,15:13:49 | DA: 28/08/2016,15:13:48 93.  94.  95. ========================= 96.  97.  98. "C:\Windows\WinSxS\Backup\wow64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_125610db0994e69b_dnsapi.dll.mui_97465f8a" [ ARCHIVE | 9 Ko ] 99. TC: 18/03/2014,10:30:58 | TM: 18/03/2014,11:22:44 | DA: 18/03/2014,11:22:44 100.  101.  102. ========================= 103.  104.  105. "C:\Windows\WinSxS\Backup\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18402_none_90f3113f2b3e8088_dnsapi.dll_c81f5791" [ ARCHIVE | 214 Ko ] 106. TC: 27/08/2016,12:41:17 | TM: 28/08/2016,15:14:01 | DA: 28/08/2016,15:14:01 107.  108.  109. ========================= 110.  111.  112. "C:\Windows\WinSxS\wow64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_125610db0994e69b\dnsapi.dll.mui" [ ARCHIVE | 72 Ko ] 113. TC: 18/03/2014,10:30:25 | TM: 18/03/2014,10:30:25 | DA: 18/03/2014,10:30:25 114.  115.  116. ========================= 117.  118.  119. "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_90de9f412b4d9e7f\dnsapi.dll" [ ARCHIVE | 111 Ko ] 120. TC: 18/03/2014,10:57:09 | TM: 02/04/2016,13:17:54 | DA: 02/04/2016,13:17:53 121.  122.  123. ========================= 124.  125.  126. "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll" [ ARCHIVE | 107 Ko ] 127. TC: 25/01/2016,02:31:02 | TM: 02/04/2016,13:17:55 | DA: 02/04/2016,13:17:54 128.  129.  130. ========================= 131.  132.  133. "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll" [ ARCHIVE | 202 o ] 134. TC: 25/01/2016,00:32:09 | TM: 02/04/2016,13:17:56 | DA: 02/04/2016,13:17:55 135.  136.  137. ========================= 138.  139.  140. "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll" [ ARCHIVE | 54 Ko ] 141. TC: 25/02/2016,23:42:57 | TM: 28/08/2016,15:06:21 | DA: 28/08/2016,15:06:21 142.  143.  144. ========================= 145.  146.  147. "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18402_none_90f3113f2b3e8088\dnsapi.dll" [ ARCHIVE | 499 Ko ] 148. TC: 25/08/2016,07:11:35 | TM: 04/07/2016,04:02:25 | DA: 25/08/2016,07:11:35 149.  150.  151. ========================= 152.  153.  154. ========================= 155.  156. Fin à: 06:45:01 le 06/10/2016 157. 454065 Éléments analysés 158.  159. ========================= 160. E.O.F

 

Re: File not disinfected: C:\WINDOWS\System32\dnsapi.dll

Hello,

Sorry for the delay !

  • Download FRST
  • Right-click on the file -> "Execute as Administrator"
  • Click on the "Scan" button
  • The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
  • Please host them on Up2Share and share the generated link.

While I'll read the logfile, please do the following:

Download fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Best regards,