Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS hijacking by Charter/ Moved


  • Please log in to reply
7 replies to this topic

#1 Mike T

Mike T

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gateway to the West
  • Local time:01:58 AM

Posted 15 March 2009 - 01:09 PM

For several months, I've noticed that my address bar searches in IE6 were being redirected to a Charter/Yahoo search results page. They have an "Opt Out" page, but all this does is place a cookie on your machine that expires in 2 months. Not a true opt-in or opt-out program in my mind. I reseached the issue a bit today, and gather they are "hijacking" the searches via manipulation of the domain name server.

We have AT&T/SWB Uverse service available in the area, but I really don't want all of the other BS that comes with it. All I want is a decent, clean internet connection/provider. Why do these @$$holes have to keep jacking with everything???

Short of punting Charter, what can I do to end this???

Thanks!

Mike T

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,095 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:58 AM

Posted 18 March 2009 - 04:06 PM

Hello Mike T,

I am moving this topic from the Web-browsing forum to the Am I Infected forum as what you describe sounds like an infection.

What is your operating system: Windows XP, Vista, etc.?

What security programs do you have installed?

What browser are you using when these redirections occur?

Are you experiencing other issues with the computer? Please be as specific as possible.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:58 AM

Posted 18 March 2009 - 04:28 PM

Did they install an addon to IE

Was IE provided by charter?
Chewy

No. Try not. Do... or do not. There is no try.

#4 Mike T

Mike T
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gateway to the West
  • Local time:01:58 AM

Posted 18 March 2009 - 07:03 PM

Orange Blossom and DaChew: I run clean - everything is self installed. No garbage laden software loaded. Maybe I didn't phrase this right...

The issue is that during address bar searches, the searches are directed to a special Charter-Yahoo search page. You can "opt-out" of this service, but it isn't really an opt-out in the truest sense of the words. This "phenomona" is best described here:

http://www.dslreports.com/forum/r17871432-...hijacking-hosts

It doesn't really impact service (maybe a slightly slower load of internet pages), but it really pisses me off that they do this.

I'm a neophyte computer geek: I learn as I need, but am fairly inquisitive and try to at least understand why things are as they are.

Any easy work-arounds to keep this from happening?

Thanks!

MikeT

PS: I run XP SP-3, fully patched with IE6 (I have issues with IE7). I run NIS 2009 for security/AV, and am parked behind a firewall router. This is NOT an infection issue - it's a Charter not playing nice issue. The computer is clean as a whistle - wiped the hard drives and reinstalled everthing from scratch in February. I perform 3-4 independent AV searches online every month - almost paranoid!

Edited by Mike T, 18 March 2009 - 07:07 PM.


#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:58 AM

Posted 18 March 2009 - 07:08 PM

Any easy work-arounds to keep this from happening?


They were in your link
Chewy

No. Try not. Do... or do not. There is no try.

#6 Mike T

Mike T
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gateway to the West
  • Local time:01:58 AM

Posted 19 March 2009 - 09:08 PM

OK - So is this the correct procedure?

1. Find 2 untainted DNS's,
2. Open My Network Connection
3. Edit the Internet Protocal (TCI/IP) properties under the Local Area Connection to reflect use of 2 DNS server addresses rather than using the "Obtain DNS server address automatically".

Thanks!

Mike

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:58 AM

Posted 19 March 2009 - 09:17 PM

That would be my first approach, I just use google so have no need to alter the dns's
Chewy

No. Try not. Do... or do not. There is no try.

#8 Mike T

Mike T
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gateway to the West
  • Local time:01:58 AM

Posted 07 April 2009 - 07:50 PM

DaChew: FYI - I reset the DNS servers as per the above a few weeks ago, and all was good. I did a system restore last weekend to a prior date, and it erased the change. I then attempted to reset the address bar search settings in IE to use Google, but the Charter-bot reigns supreme. Will re-implement the DNS server mod shortly.

Not a major deal, but it sucks that Charter does this.

MikeT




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users