Fake DNS Servers?

[sonoma1993]

Earlier today, I was setting up opendns on my stepmom laptop. I setted up the opendns ip addresses at the router level. Anyways. after i did ipconfig /release and ipconfig /renew. I did ipconfig /all to to just make sure the correct dns servers ip's were showing up, strangely I had different ones popping up. I was getting these ones.. 85.255.112.234 and 85.255.112.232. Then i looked in the network connection settings, and notice these were popped into the use the following dns server addresses. I did a quick search on these IP addresses, and several results show that these ip addresses are part of a trojan dnschanger.
Anyone confirm these? has this happen to anyone else? Im assuming if these are fake dns servers, there most likely redirecting people to fake websites to steal login info, account info and personal info?

 

[mechBgon]

has this happen to anyone else?

Yes, DNSChanger is widespread. From what I've read, the main business model for DNSChanger is to work the search engines for their financial gain, but that's certainly not all they could do. If you want a defensive strategy for the future, this will work.

 

[sonoma1993]

Originally posted by: mechBgon

has this happen to anyone else?

Yes, DNSChanger is widespread. From what I've read, the main business model for DNSChanger is to work the search engines for their financial gain, but that's certainly not all they could do. If you want a defensive strategy for the future, this will work.

thanks mechbgon,I did the malwarbytes full scan on my stepmom laptop, it found the dnschanger trojan and removed it. I told her and my dad to change all of their account passwords to be on the safe side

 

[n0cmonkey]

Ouch. Malicious DNS servers can be a HUGE problem...