Vinum
asked on
2 IP-adresses in one string in DNS - hacker attack ???
I had a user, who suddenly could not access internet, only local intranet. The DNS did not work.
I saw 2 IP-adresse (one from Israel and one from Holland) in the DNS - both on the same line, which should not be possible
I removed these 2 addresses, restarted the PC and it worked again.
But I can see, that these 2 IP-adresses is still in registry:
HKLM\SYSTEM\ControlSet001\ services\T cpip\Param eters\Name server
And the valid DNS adresses are in
HKLM\SYSTEM\currentControl Set\servic es\Tcpip\P arameters\ interfaces \{.....}
Does anyone know:
- is this a hacker attack or something like that?
- Can I blank out these parameters in the registry?
I saw 2 IP-adresse (one from Israel and one from Holland) in the DNS - both on the same line, which should not be possible
I removed these 2 addresses, restarted the PC and it worked again.
But I can see, that these 2 IP-adresses is still in registry:
HKLM\SYSTEM\ControlSet001\
And the valid DNS adresses are in
HKLM\SYSTEM\currentControl
Does anyone know:
- is this a hacker attack or something like that?
- Can I blank out these parameters in the registry?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Malwarebytes
ASKER
Malwarebytes is for download and installing. I want an online scanner, which can be run without installing as I don't want 2 antivirus on my computers
Actually, you are not using it as a real time antivirus software. You just install it, update it and a full scan to remove the malwares.
You can uninstall it after doing a full scan.
You can uninstall it after doing a full scan.
ASKER
A little bit strange, that it then suddenly blocked internet today - nearly a week after I removed the above.
I think, I will try an online scanner to check the PC again. I used Microsoft Antivirus.
Any suggestions?