We manage several workstations across multiple clients and locations. Three totally unrelated systems (different networks, different clients, different network hardware, different isps) suddenly lost DNS server settings. Two of them were blanked out completely, and I had to manually enter DNS server address to restore connectivity. One changed the DNS server to 188.8.131.52 manually. I had to change to DHCP lease to restore connectivity.
3 Example machines
1. Sonicwall Firewall, domain member, DHCP comes from Router, Windows 8 Pro
2. Netgear Router, workgroup member, DHCP server is netgear, Windows 7
3. Cisco Firewall, domain member, DHCP server is WIndows 2012 Server, Windows 7
Sounds like malware but all scans come up clean. Any ideas?