• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Found bad DNS

Ichinisan

Ichinisan

Lifer
I'm not really asking a question here. Just posting information in case anyone else does a Google search for the mysterious (probably malicious) DNS servers I encountered. Maybe someone can update this thread to say if these are associated with a particular piece of malware.

I helped someone on the phone yesterday. Her computer could not go online. The network status in Windows 7 kept changing from "Internet access" to "no Internet access," but she could never get any web pages to load in both web browsers she tried (Google Chrome and Internet Explorer).

After checking for misconfigured proxy settings (found nothing), we tried to ping yahoo.com and it failed to resolve the host. That was my first hint of a DNS issue. Pinged 8.8.8.8 successfully.

Then we found these DNS servers were manually-entered:
8.38.77.107: traceroute shows hops in Miami before it times-out
5.79.84.141: traceroute shows hops in Amsterdam before it times-out.

Switched back to "obtain DNS server address automatically." The correct DNS addresses were pulled from the ISP and Internet connectivity was restored.

Of course, it's possible that whatever malware set those addresses is still running and might set them again, so I advised to run a legitimate malware removal tool like Malware Bytes or Windows Defender/Microsoft Security Essentials to see if it finds anything.
 
Purify It.

hells-flames.jpg


(Proverbially, I mean. Reformat, install latest firmware/BIOS updates and reinstall windows.)
 
I found this same problem today!!! Is there any other course of action besides reformat and reinstall?? Fingers crossed. -CD boot multiple virus and maleware detect found nothing out of the ordinary. Will try a backdoor scan soon.
 
sunshinereid said:
I found this same problem today!!! Is there any other course of action besides reformat and reinstall?? Fingers crossed. -CD boot multiple virus and maleware detect found nothing out of the ordinary. Will try a backdoor scan soon.
Click to expand...

If it was my system and I wanted to be 100% sure it was clean, I'd go with the format+reinstall route.

All I saw was the modified DNS settings. The malware might be easily detected and removed for all I know. It might have been removed already, but the modified DNS settings remained.

The Internet connection worked when we switched DNS back to automatic. If the malware that originally put it there was still present, I expect the modified DNS settings to reappear at some point.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top