DNS - Hijacked or what?

Posted on 2012-08-20
Last Modified: 2012-08-21
I have a DNS resolution problem -- very specific, looks like virus

System - Windows 7 Pro
DHCP Client
Router - Cradlepoint
DNS - Router

All other hosts on network resolve fine
Windows Virtual PC on same host resolves fine

Ran SuperAntiSpyware - Clean except tracking cookies
Ran malwarebytes - Clean
Ran Microsoft Security Essentials - Clean

resolver problems: ==>returns==> (bad) ==>returns==> (bad) ==>returns==> (bad) ==>returns==> (bad) ==>returns==> (good)

Have not tested safe mode (will test)
nslookup appears to be working fine

compared to system that resolves properly all same

any help is appreciated.  I don't want to run every scanner under the sun;  I am hoping that I can look at a registry key that might inform me as to what's happening, but will take recommendations of another scanner.

Also tried to go to download gmer and it failed lookup

any help would be appreciated... would like to find the root cause in the registry if possible, but would consider another scanning utility
Question by:halejr1
    LVL 20

    Expert Comment

    Check out your hosts file.

    LVL 7

    Expert Comment

    Could have been a virus that you successfully try this command at the command prompt:

    Ipconfig /flushdns
    LVL 5

    Expert Comment

    Check your host file as suggested above.

    Also try using Google's DNS servers and (instead of the one provided by your ISP) to see if you get different results. You'll have to set this on your router.
    LVL 17

    Accepted Solution

    Could have been a virus that you successfully try this command at the command prompt:

    Ipconfig /flushdns

    He beat me to it, but do run this command and then install and run ComboFix.  If it's clean/finds nothing, you are safe.

    If you're still having DNS issues let us know and we can troubleshoot further, but it's safe to say you haven't been DNS hijacked or have a virus at that point.
    LVL 8

    Author Closing Comment

    combofix was the ticket... one quick question -- ipconfig /flushdns -- are there records that remain after a reboot?
    LVL 20

    Expert Comment

    No, The only DNS records that remain after a reboot are the ones in the host file. Also, the DNS records in memory time out after a while. Ipconfig /flushdns removes them from memory.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now