Dns cache may be hijacked ?
Posted on 2004-09-14
I have a system with an intermittent problem. It had been infected with Blazefind and Virtual bouncer Malware, but I removed them.
The current symptom is that when I attempt to got to certain sites (*.google.com, *.microsoft.com, yahoo, and a couple of others) the result is a page which looks like a "cant find site" name problem page, but all the link lead to the findwhat search engine for credit-cards, online-casinos etc.
Obviously this is a hijacked system. The effect is intermittent, and sometimes lets me google after a reboot. I notice the sites that it hangs on seem to be ones that I would go to to look for how to remove it :(
Here is the kicker. It is not just an IE problem. I istalled Mozilla and it's little brother Firefox and they are also affected, so I have to assume that somthing has gotten to the network layered service provider stacks.
I can find a couple of people who are also searching for this solution, but no real answers. I have several AV and Spyware detection programs take a look, but nothing so far. System is Win 2k SP#, and I dont want to apply SP4 until I can fix it.
This is a royal pain to fix, since it is the bosses Home machine, so I dont have ready access to the machine to provide tons of HiJack this type logs quickly, but may be able to trickle them thru.