my norton internet security 2009 recently detected infostealer.gampass on my computer, and went on its way removing it (took about a 45 minutes to an hour to do it, which seemed odd... 45 registry entries, fyi). I have no idea if it has anything to do with this following information or not, but it's an unusual coincidence at the very least. Anyways, this led me to look at my history, and I noticed a program 'DNS_Poisoning.exe' running from a place in my temporary files (which sounds quite malicious, though unusually truthful. I haven't been able to find evidence of the existence of this file on the internet). This then led me to find 'DetectDNSPoisoning.log' in my temp files as well. Here is the content of it:
Found Product: Norton Internet Security 16.2.0.7
DNS Invalid List XML: C:\DOCUME~1\Nicholas\LOCALS~1\Temp\{adac5fd8-8576-4bc0-8701-b7354cee1c66}\DNS_Poisoning_List.xml
1 => 85.255
2 => 127.0.0.1
Detecting issues in 'NameServer' registry entries.
'NameServer' entries collected:
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0DD4AA66-6626-44DD-8471-174CA4B99013} =
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29AB3EE2-EDB3-4994-9D34-B272D3130A9E} =
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67C890A4-B42E-4819-84D4-AC88BEBCC687} =
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76B8AC3C-D81F-47E4-B93A-CD4C39215766} =
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1C5E4B4-B17A-4BAE-8094-5C69991C238F} =
Detecting issues in 'DhcpServer' registry entries.
'DhcpServer' entries collected:
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29AB3EE2-EDB3-4994-9D34-B272D3130A9E} = 192.168.1.1
Checking Key: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76B8AC3C-D81F-47E4-B93A-CD4C39215766} = 255.255.255.255
Task completed with return code: 0
Neither the 'poisoning_list.xml' or 'DNS_Poisoning.exe' exist anymore.
fyi, I'm behind a linksys router.
Anyone have any suggestions?/Know what to set these registry entries back to? Anyone know what this thing is or what it does?
I recently installed the latest version of IEPro (2.4.5), and installed (and subsequently removed) Windows Search 4.0, and installed the latest .NET Framework patch from the windows update site.