[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

DNS Server Suddenly changed, Windows 7 & 8

Posted on 2014-04-22
13
Medium Priority
?
639 Views
Last Modified: 2014-07-22
We manage several workstations across multiple clients and locations.  Three totally unrelated systems (different networks, different clients, different network hardware, different isps) suddenly lost DNS server settings.  Two of them were blanked out completely, and I had to manually enter DNS server address to restore connectivity.  One changed the DNS server to 8.8.8.8 manually.  I had to change to DHCP lease to restore connectivity.  

3 Example machines
1. Sonicwall Firewall, domain member, DHCP comes from Router, Windows 8 Pro
2. Netgear Router, workgroup member,  DHCP server is netgear, Windows 7
3. Cisco Firewall, domain member,  DHCP server is WIndows 2012 Server, Windows 7

Sounds like malware but all scans come up clean.  Any ideas?
0
Comment
Question by:Jordan Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +1
13 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40015045
It sounds like you might have spyware.

You might want to run a spyware checker to see if anything is found.

Try www.superantispyware.com

or www.malwarebuytes.com

They both work well for me.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40015046
0
 
LVL 1

Author Comment

by:Jordan Smith
ID: 40015060
I ran malware bytes. Came clean one one system, currently running on another.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:Jordan Smith
ID: 40015157
All scans have come back clean.  What else could be causing this.  I have an RMM (Labtech) running on all three machines.  Anyone heard of any issues with this?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40015240
Try seeing if a rootkit is causing the issue. Do a search for TDSKiller. This is a free download. Once the download is done do a scan to see if anything is found.

http://www.bleepingcomputer.com/download/tdsskiller/

When this issue popped up did the routers/DHCP servers still hand out the DNS server addresses in the DHCP lease?

Can you elaborate on what your RMM is doing?
0
 
LVL 1

Author Comment

by:Jordan Smith
ID: 40015258
I'll look into the rootkit scan...

All other systems on the network received correct info from the DHCP server.

RMM is our remote management software, like LogMeIn
It allows remote connection, reports data on the agent, handles MS patch updates.
We also have GFI Vipre AV and HitmanPro Antimalware installed on all agents.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40015486
Try the Bit defender Rescue CD. Download the iso, burn a cd/dvd and boot with it. I tried it over the weekend and it's great. it boots into Linux, downloads the anti virus definition files and runs a full scan.

It found some things I was not aware of

http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html
0
 
LVL 37

Expert Comment

by:bbao
ID: 40017556
> Three totally unrelated systems

do they belong to the same owner or company? are they sharing the same external DNS? do they need to access each other? anything of the three networks is common?

BTW, better stop installing and running any more malware scanner or cleaner as they are basically a kind of virus (working the same way as virus at the same low/system level), this will possibly cause more troubles for a healthy system.
0
 
LVL 1

Author Comment

by:Jordan Smith
ID: 40017569
Totally unrelated. Only commonality is gfi vipre and human pro running on all three. Different ISPs. Different companies,
0
 
LVL 37

Expert Comment

by:bbao
ID: 40017619
thanks for the clarification.

in my understanding, one more thing common is that they are all managed by you. :-)

this naturally leads me to speculate something you regularly use possibly causes the issue? such as utilities and/or settings?

moreover, have you checked the "hosts" file? when DNS setting is missing, any non-default content has benn added into the manual DNS file?
0
 
LVL 1

Author Comment

by:Jordan Smith
ID: 40030685
bbao,

We have no other common utilites running on these system, so I am seriously suspecting my security software GFI Vipre and HitmanPro.  I can't find any chatter online regarding this issue so I have no way to confirm or even support my suspicions.  Has anyone heard of security software messing with DNS settings?  

Hosts file is clean.
0
 
LVL 1

Accepted Solution

by:
Jordan Smith earned 0 total points
ID: 40203071
Talked to Surfright, turns out HitmanPro does this.  Issue resolved.
0
 
LVL 1

Author Closing Comment

by:Jordan Smith
ID: 40211128
Talked to Surfright, turns out HitmanPro does this.  Issue resolved.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question