Link to home
Start Free TrialLog in
Avatar of Vinum
VinumFlag for Denmark

asked on

2 IP-adresses in one string in DNS - hacker attack ???

I had a user, who suddenly could not access internet, only local intranet. The DNS did not work.

I saw 2 IP-adresse (one from Israel and one from Holland) in the DNS - both on the same line, which should not be possible
User generated image
I removed these 2 addresses, restarted the PC and it worked again.

But I can see, that these 2 IP-adresses is still in registry:
HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Nameserver

And the valid DNS adresses are in
HKLM\SYSTEM\currentControlSet\services\Tcpip\Parameters\interfaces\{.....}

Does anyone know:
- is this a hacker attack or something like that?
- Can I blank out these parameters in the registry?


User generated image
User generated image
ASKER CERTIFIED SOLUTION
Avatar of Jackie Man
Jackie Man
Flag of Hong Kong image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Vinum

ASKER

We found adware: Win32\Adposhel last week - I don't know if that is the Trojan.

A little bit strange, that it then suddenly blocked internet today - nearly a week after I removed the above.

I think, I will try an online scanner to check the PC again. I used Microsoft Antivirus.
Any suggestions?
Malwarebytes
Avatar of Vinum

ASKER

Malwarebytes is for download and installing. I want an online scanner, which can be run without installing as I don't want 2 antivirus on my computers
Actually, you are not using it as a real time antivirus software. You just install it, update it and a full scan to remove the malwares.

You can uninstall it after doing a full scan.