DNS - Hijacked or what?

Posted on 2012-08-20
Medium Priority
Last Modified: 2012-08-21
I have a DNS resolution problem -- very specific, looks like virus

System - Windows 7 Pro
DHCP Client
Router - Cradlepoint
DNS - Router

All other hosts on network resolve fine
Windows Virtual PC on same host resolves fine

Ran SuperAntiSpyware - Clean except tracking cookies
Ran malwarebytes - Clean
Ran Microsoft Security Essentials - Clean

resolver problems:

www.microsoft.com ==>returns==>www.google.com (bad)
update.microsoft.com ==>returns==>www.google.com (bad)
www.malwarebytes.org ==>returns==>www.google.com (bad)
www.superantispyware.com ==>returns==>www.google.com (bad)
www.microsoftstore.com ==>returns==>www.microsoftstore.com (good)

Have not tested safe mode (will test)
nslookup appears to be working fine

compared to system that resolves properly all same

any help is appreciated.  I don't want to run every scanner under the sun;  I am hoping that I can look at a registry key that might inform me as to what's happening, but will take recommendations of another scanner.

Also tried to go to download gmer and it failed lookup

any help would be appreciated... would like to find the root cause in the registry if possible, but would consider another scanning utility
Question by:halejr1
LVL 20

Expert Comment

ID: 38314424
Check out your hosts file.


Expert Comment

ID: 38314482
Could have been a virus that you successfully removed....now try this command at the command prompt:

Ipconfig /flushdns

Expert Comment

ID: 38314495
Check your host file as suggested above.

Also try using Google's DNS servers and (instead of the one provided by your ISP) to see if you get different results. You'll have to set this on your router.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 17

Accepted Solution

Brad Bouchard earned 2000 total points
ID: 38314538
Could have been a virus that you successfully removed....now try this command at the command prompt:

Ipconfig /flushdns

He beat me to it, but do run this command and then install and run ComboFix.  If it's clean/finds nothing, you are safe.

If you're still having DNS issues let us know and we can troubleshoot further, but it's safe to say you haven't been DNS hijacked or have a virus at that point.

Author Closing Comment

ID: 38316349
combofix was the ticket... one quick question -- ipconfig /flushdns -- are there records that remain after a reboot?
LVL 20

Expert Comment

ID: 38316383
No, The only DNS records that remain after a reboot are the ones in the host file. Also, the DNS records in memory time out after a while. Ipconfig /flushdns removes them from memory.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question