having DNS problems with setting reset to in the properteis of TCP/IP  virus?

Posted on 2008-11-12
Last Modified: 2013-12-09
I am ahving probelems with the preferred DNS server in the TCP/IP properties being reset to use  instead of my interanl DSN server or using "obtain automatically"

I suspect that this may be a virus or trojan but have not found anything quick to fix it. We run Symantec Corp AV on server and workstatoins. It is only happening on 1 of the 5 workstations.

Question by:to2007
    LVL 10

    Expert Comment

    be carefull! This DNS server resolves any domain (like, to an IP address, that is for sure the wrong one. Looks like an "advanced" phishing attack. I think it's best to either try some trojan cleaner tools,
    or to re-install the PCs!


    LVL 10

    Accepted Solution

    see also here:
    The IP address is mentioned there together with the DNSChanger Trojan!


    Author Comment

    LVL 6

    Assisted Solution

    The first thing to do is download the tools you will need to remove any malware from the system.  I would save it to a flashdrive because there is a recent virus out there that restricts the use of your CD drive.  Here is what to download:

    Combofix (
    Smitfraudfix (search google)
    superantispyware (
    spybot search and destroy (
    antivir  (

    After the first screen that identifies your PC manufacturer and specs, windows will begin to load.  Before it loads, hit the F8 key repeatedly until you are presented with a boot menu.  You wish to boot to safe mode with networking.  This will allow you to update some of the software.  Windows installer doesn't work in safe mode so you can only run some of the software here.  Please install/run Combofix first.  When that has completed and while still in safe mode, install spybot S&D and update it.  Also run Smitfraudfix while in safe mode.  Smitfraud also offers a DNS hijack fix on its menu, run that as well.

    Once those have all run successfully, you should be able to boot into windows the regular way and install anti-vir and superantispyware.  Update and run these as well.  After that, you should be clean, if not, let me know and I'll point you to further procedures.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
    This video discusses moving either the default database or any database to a new volume.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now