- Oct 9, 2002
- 28,298
- 1,235
- 136
I'm not really asking a question here. Just posting information in case anyone else does a Google search for the mysterious (probably malicious) DNS servers I encountered. Maybe someone can update this thread to say if these are associated with a particular piece of malware.
I helped someone on the phone yesterday. Her computer could not go online. The network status in Windows 7 kept changing from "Internet access" to "no Internet access," but she could never get any web pages to load in both web browsers she tried (Google Chrome and Internet Explorer).
After checking for misconfigured proxy settings (found nothing), we tried to ping yahoo.com and it failed to resolve the host. That was my first hint of a DNS issue. Pinged 8.8.8.8 successfully.
Then we found these DNS servers were manually-entered:
8.38.77.107: traceroute shows hops in Miami before it times-out
5.79.84.141: traceroute shows hops in Amsterdam before it times-out.
Switched back to "obtain DNS server address automatically." The correct DNS addresses were pulled from the ISP and Internet connectivity was restored.
Of course, it's possible that whatever malware set those addresses is still running and might set them again, so I advised to run a legitimate malware removal tool like Malware Bytes or Windows Defender/Microsoft Security Essentials to see if it finds anything.
I helped someone on the phone yesterday. Her computer could not go online. The network status in Windows 7 kept changing from "Internet access" to "no Internet access," but she could never get any web pages to load in both web browsers she tried (Google Chrome and Internet Explorer).
After checking for misconfigured proxy settings (found nothing), we tried to ping yahoo.com and it failed to resolve the host. That was my first hint of a DNS issue. Pinged 8.8.8.8 successfully.
Then we found these DNS servers were manually-entered:
8.38.77.107: traceroute shows hops in Miami before it times-out
5.79.84.141: traceroute shows hops in Amsterdam before it times-out.
Switched back to "obtain DNS server address automatically." The correct DNS addresses were pulled from the ISP and Internet connectivity was restored.
Of course, it's possible that whatever malware set those addresses is still running and might set them again, so I advised to run a legitimate malware removal tool like Malware Bytes or Windows Defender/Microsoft Security Essentials to see if it finds anything.
Facebook
Twitter