Magma-IT
asked on
DNS Hijack
Hello,
When I try to ping my internal servers from one of the workstaions inhouse I get redirected to another dns. Her is my ipconfig Info:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BSandnes
Primary Dns Suffix . . . . . . . : energy.local
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : energy.local
energy.local
Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : energy.local
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-A1-EE-4B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.30.35.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.30.36.1
DHCP Server . . . . . . . . . . . : 10.30.35.10
DNS Servers . . . . . . . . . . . : 10.30.35.10
10.30.36.10
Lease Obtained. . . . . . . . . . : 8. januar 2009 09:27:13
Lease Expires . . . . . . . . . . : 16. januar 2009 09:27:13
And when I try to ping one of my internal servers I get this:
Pinging energy-01.energy.local [93.190.141.136] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 93.190.141.136:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
And the Ipadress of this server is 10.30.35.9. An I have no problem pinging this server from other workstations inhouse with FQDN. So I think this must be a dns Hijack problem.
How can I solve this?
When I try to ping my internal servers from one of the workstaions inhouse I get redirected to another dns. Her is my ipconfig Info:
Windows IP Configuration
Host Name . . . . . . . . . . . . : BSandnes
Primary Dns Suffix . . . . . . . : energy.local
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : energy.local
energy.local
Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : energy.local
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-A1-EE-4B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.30.35.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.30.36.1
DHCP Server . . . . . . . . . . . : 10.30.35.10
DNS Servers . . . . . . . . . . . : 10.30.35.10
10.30.36.10
Lease Obtained. . . . . . . . . . : 8. januar 2009 09:27:13
Lease Expires . . . . . . . . . . : 16. januar 2009 09:27:13
And when I try to ping one of my internal servers I get this:
Pinging energy-01.energy.local [93.190.141.136] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 93.190.141.136:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
And the Ipadress of this server is 10.30.35.9. An I have no problem pinging this server from other workstations inhouse with FQDN. So I think this must be a dns Hijack problem.
How can I solve this?
ASKER
I have used the Smithfraudfix but it did not help, the problem is still here...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This fixed the problem, Thank you very much!
Here is the logfile:
Malwarebytes' Anti-Malware 1.32
Database version: 1630
Windows 5.1.2600 Service Pack 3
08.01.2009 13:54:05
mbam-log-2009-01-08 (13-54-05).txt
Scan type: Quick Scan
Objects scanned: 69561
Time elapsed: 5 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interfac e\{4897bba 6-48d9-468 c-8efa-846 275d7701b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\ {4509d3cc- b642-4745- b030-645b7 9522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearc hhook.tool barurlsear chhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearc hhook.tool barurlsear chhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE \Microsoft \Windows\C urrentVers ion\Explor er\Advance d\StartMen uLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\bsand\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\msqpdx smnbdwof.d ll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\driver s\msqpdxri ycwkik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Here is the logfile:
Malwarebytes' Anti-Malware 1.32
Database version: 1630
Windows 5.1.2600 Service Pack 3
08.01.2009 13:54:05
mbam-log-2009-01-08 (13-54-05).txt
Scan type: Quick Scan
Objects scanned: 69561
Time elapsed: 5 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interfac
HKEY_CLASSES_ROOT\Typelib\
HKEY_CLASSES_ROOT\urlsearc
HKEY_CLASSES_ROOT\urlsearc
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE
Folders Infected:
C:\Documents and Settings\bsand\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\msqpdx
C:\WINDOWS\system32\driver
You're welcome!
Thanks for the points and the grade.
Thanks for the points and the grade.
http://www.afterdawn.com/software/desktop_software/desktop_security/smitfraudfix.cfm