• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1364
  • Last Modified:

having DNS problems with setting reset to 85.255.112.223 in the properteis of TCP/IP virus?

I am ahving probelems with the preferred DNS server in the TCP/IP properties being reset to use
85.255.112.223  instead of my interanl DSN server or using "obtain automatically"

I suspect that this may be a virus or trojan but have not found anything quick to fix it. We run Symantec Corp AV on server and workstatoins. It is only happening on 1 of the 5 workstations.

Thanks
0
to2007
Asked:
to2007
  • 2
2 Solutions
 
kuknoCommented:
be carefull! This DNS server resolves any domain (like www.google.com, www.microsoft.com) to an IP address, that is for sure the wrong one. Looks like an "advanced" phishing attack. I think it's best to either try some trojan cleaner tools,
or to re-install the PCs!

Regards
Kurt



0
 
kuknoCommented:
see also here: http://www.pchell.com/support/vista_update_error_80244019.shtml
The IP address is mentioned there together with the DNSChanger Trojan!

Regards
Kurt
0
 
to2007Author Commented:
thanks
0
 
originalbiffmalibuCommented:
The first thing to do is download the tools you will need to remove any malware from the system.  I would save it to a flashdrive because there is a recent virus out there that restricts the use of your CD drive.  Here is what to download:

Combofix (bleepingcomputer.com)
Smitfraudfix (search google)
superantispyware (superantispyware.com)
spybot search and destroy (safer-networking.org)
antivir  (free-av.com)

After the first screen that identifies your PC manufacturer and specs, windows will begin to load.  Before it loads, hit the F8 key repeatedly until you are presented with a boot menu.  You wish to boot to safe mode with networking.  This will allow you to update some of the software.  Windows installer doesn't work in safe mode so you can only run some of the software here.  Please install/run Combofix first.  When that has completed and while still in safe mode, install spybot S&D and update it.  Also run Smitfraudfix while in safe mode.  Smitfraud also offers a DNS hijack fix on its menu, run that as well.

Once those have all run successfully, you should be able to boot into windows the regular way and install anti-vir and superantispyware.  Update and run these as well.  After that, you should be clean, if not, let me know and I'll point you to further procedures.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now