HJ - 017 hijacked by Ukrainian nameserver (inhoster) (RESOLVED)

Hi there,

Can anyone please help me with this problem? I recently got hit with an unwanted infection from UnSpyPc, which I managed to remove. However, since that infection when connecting to the Internet, through starting my browser or instant messager, Zone Alarm keeps asking me to allow a connection to a Ukrainian IP address (inhoster, Inhoster hosting company, Poltavskij Shliax 24, Kharkiv, 61000, Ukrain). If I deny the access request I can't connect. This problem has been bugging me for a couple of weeks now.

I've checked elsewhere on the forum and have followed all the instructions for removal of UnSpyPC related malware (which seems to be linked with Inhoster quite often), but I cannot stop this 017 Nameserver hijack. I've used Blacklight to remove the rootkit files, AVG and Ewidio to remove viral files, and Fixwareout to remove the 017 hijack. Fixwareout does remove the evil Ukraine 017's from Hijack this - for a short while. If I scan immediately after using Fixwareout, they are gone, and so is the Zone Alarm connection request. If however I run a HJ scan 20 minutes later, the Ukranian 017 will be back, but a virus scan will prove negative.

Can someone please help me to finally rid my machine of this annoyance? Many thanks in advance.

Here's the most recent HJ log:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:40, on 11/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\regedit.exe
C:\Cleaner Progs\HJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7A6407-C48F-4653-939A-3D8137D7468D}: NameServer = 85.255.116.173 85.255.112.166
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

See if the following steps make a difference:

• Please go to Start -> Control Panel, and choose Network Connections.
• Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.
• Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.
• Click OK twice, and restart your computer.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Thanks for that! That seems to have sorted the problem. Thankyou.