Share via

DNS changes itself....trojan?

Anonymous
2010-02-09T22:22:07+00:00

Hi,

I have noticed connectivity problems using wireless. Investigating the properties of the connection my IPv4 settings were automatically trying to use a speciific IP instead of 'Obtain Automatically'. When I switch it back to obtain automatically, it switches itself back to the specific IP address.

When I searched the IP it said it was an AOL IP...AOL is my ISP....is it a trojan or are AOL able to screw my settings up somehow.

Tried McAfee, Spybot, Malwarebytes....no luck.

Thanks

Phil

Windows for home | Previous Windows versions | Internet and connectivity

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2010-02-21T20:59:44+00:00

    Hi,

    Thank you for your reply. This is what confuses me.

    I connect wirelessly only, and made a point of NOT installing any AOL software. I just setup the connection settings manually on my Linksys Modem/Router etc...

    I worry it is Malware, as I am unaware of this being able to happen without something installed on my PC. When it does happen I am unable to access web pages too, so can't see why AOL would want to kill web access.

    Thanks

    Phil

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2011-02-21T17:48:12+00:00

    Thanks for your advises!

    I have tried all of that steps above not in order but anyway without conclusion for my problem.

    Finally I reinstall my Windows and I got out of this. My guess is that it was some malware in my computer that MS secure essentials has been clean out earlier but it was already made its harmful things in my computer.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2010-12-30T04:25:02+00:00

    The DNS can actually be changed by the ISP at their discretion.

    Same goes for my ISP here. Router based, I can see that this happens every month or so. Although, these setttings can only be possible if the DNS for the router was at "Get Automatically from ISP". If the router was purchased out-of-the-box with its default configuration, there are several threats out there that cannot be detected by any standard AV/AM software. This issue is comparable to either a DNS changer or a DNS poisoning.

    Here is what I can suggest to help stop and prevent this:

    1. Change the router Administrator password. Relative figure that a router's Admin password would be at a default for consumers is at 80% of the time since an average consumer will not change this unless the ISP has set this up themselves. To change the Administrator password of the router you may need to refer to you router manufacturer's manual or guide for your router model.
    2. Set the DNS to Automatically get it from your ISP. Normally this is the method for any router once it connects to the ISP. If there are any numbers in the DNS area set to a Static DNS number, I doubt that it was set by your ISP.
    3. Turn off or restart 2 services in your PC. If you have several PCs connected to the router you may have to do the same steps. Start>Control Panel>Administrative Tools>Services. Look down the list and find the service "DNS Client", restart the "DNS Client" service. Next, find "Web Client", stop the "Web Client" service.
    4. Perform to browse a trusted site, i.e. Microsoft, MSN, Yahoo, etc., etc. Don't start jumping to Facebook or Twitter yet, as this may have been the focal point for where you may have gotten the infection in the first place. Clicking on unknown URLs or links from messages could have actually triggered your demise.
    5. Download Malwarebytes, its one of the trusted Anti-Malware programs that can check for this can of attack. If you want a little finesse, then you can use HijackThis. The best informative guide for reading the logs would be here:http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis.htm. If you want to analyze it yourself then go here:http://www.hijackthis.de/, Any X status on the result from this site can be a potential threat and should be removed using the same tool.

    The steps above should be done progressively and in order. The steps will also provide you security against further threats of this nature. Usually they can appear as Java based scriptingxxxxxx.class, xxx_cache, jve_xxx_.class, etc., etc (x is a number or letter).

    Happy hunting!

    MVP [2010] | Consumer Security

    Visit me*@**Crimson Spectrum*

    Was this answer helpful?

    0 comments
  4. Anonymous
    2010-12-28T07:33:18+00:00

    Hi,

    I have same kind of problem with my Vaio pc. My ISP is other than AOL and I also install my wireless manually.

    I tried run MS Secure essentials and F-secure antivirus 2011, and no luck with that.

    Any ideas what this is about?

    Was this answer helpful?

    0 comments
  5. Anonymous
    2010-02-10T04:00:06+00:00

    Did your ISP installed any software for your connection during setup?

    Did your ISP provide any software installers which you may have used to establish a connection with them?

    Since the IP address is a valid IP for your ISP and you also confirmed that it is, they may have an application, driver or process running to put back the IP settings for your IPv4. It could also be a script that has a scheduled task. Therefore, I suggest that you verify this with them.

    MVP [2010] | Consumer Security

    Visit me*@** Crimson Spectrum*

    Was this answer helpful?

    0 comments