Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Windows 7 Desktop
 Mystery DNS hijack		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

netmarcos
Honorable But Hopeless Addict

USA
2221 Posts
Status: offline
Posted - 07/05/2012 :  3:07:30 PM  Show Profile  Visit netmarcos's Homepage  Click to see netmarcos's MSN Messenger address  Look at the Skype phone address from netmarcos  Send netmarcos a Yahoo! Message  Reply with Quote
Situation: Windows 7 Professional 64bit SP1 with all of the current patches. Wireless N connection TCP/IP 4 DNS server is set to 127.0.0.1. I did not do this

Option to obtain DNS server automatically is disabled. Any changes made through any means attempted revert to 127.0.0.1 on close.

I have run multiple antivirus scanners (MSE, AGV...) and other tools (MalewareBytes, Combofix) and they have found nothing.

Deleted the wireless card from Device Manager and reinstalled drivers: obtain DNS server automatically is no longer disabled, but as with any other setting, it reverts to static 127.0.0.1 on close.

Reset TCP/IP stack. No change. This sort of thing makes me very unhappy. This system was the victim of an exploit that attempted to allow remote execution that was identified and stopped, but I am thinking that I was not as lucky as I had believed myself to be at the time.

Any ideas
Mark M. Webster

Genius may have its limitations, but stupidity is not thus handicapped. - Elbert Hubbard

don2007
Honorable But Hopeless Addict

1992 Posts
Status: offline
Posted - 07/13/2012 :  12:42:54 PM  Show Profile  Reply with Quote
It sounds like that recent DNS Hijack Virus. Is there any reason why don't think it's that?

http://www.computerrepairservicesusa.com/blog/july-9th-dns-hijack-virus-attack-internet-doomsday/
Dyslexic people untie.
Go to Top of Page

aval
Honorable But Hopeless Addict

USA
3288 Posts
Status: offline
Posted - 07/20/2012 :  3:02:21 PM  Show Profile  Reply with Quote
Just looked at the link and I would tend to think that is not the problem since DNS server address in netmarcos case is 127.0.0.1 rather than those of the servers set up by the hackers and then the FBI. Right?
Go to Top of Page

netmarcos
Honorable But Hopeless Addict

USA
2221 Posts
Status: offline
Posted - 07/20/2012 :  3:47:59 PM  Show Profile  Visit netmarcos's Homepage  Click to see netmarcos's MSN Messenger address  Look at the Skype address for netmarcos  Send netmarcos a Yahoo! Message  Reply with Quote
Update: While I am still not sure what initiated this problem, it has been resolved. Reinstalling drivers and such finally fixed it. I wish I knew what had caused it, but it is gone now and I am sure that I will never find out.
Mark M. Webster

Genius may have its limitations, but stupidity is not thus handicapped. - Elbert Hubbard
Go to Top of Page

don2007
Honorable But Hopeless Addict

1992 Posts
Status: offline
Posted - 07/23/2012 :  3:20:41 PM  Show Profile  Reply with Quote
We can't complain about success.
Dyslexic people untie.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.14 seconds. Snitz Forums 2000