Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

having DNS problems with setting reset to 85.255.112.223 in the properteis of TCP/IP  virus?

Posted on 2008-11-12
4
Medium Priority
?
1,358 Views
Last Modified: 2013-12-09
I am ahving probelems with the preferred DNS server in the TCP/IP properties being reset to use
85.255.112.223  instead of my interanl DSN server or using "obtain automatically"

I suspect that this may be a virus or trojan but have not found anything quick to fix it. We run Symantec Corp AV on server and workstatoins. It is only happening on 1 of the 5 workstations.

Thanks
0
Comment
Question by:to2007
  • 2
4 Comments
 
LVL 10

Expert Comment

by:kukno
ID: 22941170
be carefull! This DNS server resolves any domain (like www.google.com, www.microsoft.com) to an IP address, that is for sure the wrong one. Looks like an "advanced" phishing attack. I think it's best to either try some trojan cleaner tools,
or to re-install the PCs!

Regards
Kurt



0
 
LVL 10

Accepted Solution

by:
kukno earned 750 total points
ID: 22941189
see also here: http://www.pchell.com/support/vista_update_error_80244019.shtml
The IP address is mentioned there together with the DNSChanger Trojan!

Regards
Kurt
0
 

Author Comment

by:to2007
ID: 22941405
thanks
0
 
LVL 6

Assisted Solution

by:originalbiffmalibu
originalbiffmalibu earned 750 total points
ID: 22956874
The first thing to do is download the tools you will need to remove any malware from the system.  I would save it to a flashdrive because there is a recent virus out there that restricts the use of your CD drive.  Here is what to download:

Combofix (bleepingcomputer.com)
Smitfraudfix (search google)
superantispyware (superantispyware.com)
spybot search and destroy (safer-networking.org)
antivir  (free-av.com)

After the first screen that identifies your PC manufacturer and specs, windows will begin to load.  Before it loads, hit the F8 key repeatedly until you are presented with a boot menu.  You wish to boot to safe mode with networking.  This will allow you to update some of the software.  Windows installer doesn't work in safe mode so you can only run some of the software here.  Please install/run Combofix first.  When that has completed and while still in safe mode, install spybot S&D and update it.  Also run Smitfraudfix while in safe mode.  Smitfraud also offers a DNS hijack fix on its menu, run that as well.

Once those have all run successfully, you should be able to boot into windows the regular way and install anti-vir and superantispyware.  Update and run these as well.  After that, you should be clean, if not, let me know and I'll point you to further procedures.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

804 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question