Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSRSearch Virus


  • Please log in to reply
3 replies to this topic

#1 Aurum

Aurum

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 13 September 2013 - 10:03 PM

Hello. (I hope that I am posting this in the right location!)

 

Recently, I have come across a virus on my IE browser's main url line, which is what I use as a search bar. While its default search engine is Bing, and looks like it might search through Bing, it redirects me to a search engine with a Time Warner Cable logo called dnsrsearch. I don't have this problem with Firefox, which is what I mostly use, but I am worried that this might be bad if gone unchecked.

 

I am on a Windows 7, x64-bit.

 

I've had search engine redirect viruses before (and pretty tough ones over the summer), where the actual results of any search engine would redirect (All solved, and all thanks to the wonderful people of Bleeping Computer!), but this is the first one where the actual search engine was redirected.

 

If anyone can help me with this, I would be very grateful!


Edited by Orange Blossom, 14 September 2013 - 08:36 AM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 20 September 2013 - 10:06 PM

Hello Aurum.
 
First look in toolbars, plugins, extensions, add-ons
Internet Explorer
Go to TOOLS and then click MANAGE ADD-ONs, From there, select Extensions, Toolbars and remove the Dnsrsearch.com if found. Make sure Google is set as default search Provider.
Uninstall Programs or Programs and Features, now lookup for Dnsrsearch.com and uninstall if it is listed.
 
 
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop. %5BLIST%5D
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • [/list] %5BLIST%5D
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • [/list] Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. %5BLIST%5D
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • [/list] Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


    ADW Cleaner

    Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Aurum

Aurum
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 30 September 2013 - 12:38 AM

Thank you. I wanted to say that somewhere along the way, the problem simply disappeared!

 

I should have mentioned before that the exact same issue was happening on both of my computers both my old laptop that I don't mind venturing the Internet with, and my newer one that I'm a bit more cautious with, meaning that whatever caused it might have been from a website that I frequently visited, believing to be safe. I did your instructions on my older computer, but not on my newer computer, yet both seemed to have the problem disappear! I am curious what happened there, as the problem persisted for almost a couple of weeks. Thank you for your help! :)



#4 geeksalive

geeksalive

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 29 December 2015 - 05:34 AM

dnsrsearch.com is not a virus on your computer. It is an annoying advertising site, to which Time-Warner's nameservers redirect failed DNS lookups.

It's the jerks at Time-Warner degrading their customers' service to generate ad revenue.

 

The solution is to configure your router (preferably) and/or your computer to use Google's nameservers instead of Time-Warner's.

Google's nameservers are 8.8.8.8 and 8.8.4.4 (good).

Time-Warner's nameservers are 209.18.47.61 and 209.18.47.62 (bad -- they LIE to you).

 

C:\>nslookup no-such-domain-as0o324kldklfgjk34lkfldf.com 8.8.4.4
Server:  google-public-dns-b.google.com
Address:  8.8.4.4
 
*** google-public-dns-b.google.com can't find no-such-domain-as0o324kldklfgjk34lkfldf.com: Non-existent domain
 
C:\>nslookup no-such-domain-as0o324kldklfgjk34lkfldf.com 209.18.47.61
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Non-authoritative answer:
Name:    no-such-domain-as0o324kldklfgjk34lkfldf.com
Addresses:  198.105.244.228
          198.105.254.228
 
Those addresses returned by Time-Warner's DNS are bogus! Their nameservers lie! The first (198.105.244.228) doesn't work at all at the moment (result: a looooong pause). The second (198.105.254.228) goes to the stupid dnsrsearch.com advertising page.

Here's a screenshot:
time-warner_dnsrsearch_redirect_screensh

Edited by geeksalive, 29 December 2015 - 06:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users