Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Hijack is an irrepressible pain in the neck


  • Please log in to reply
5 replies to this topic

#1 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 17 July 2017 - 02:35 PM

I have been posting here https://www.bleepingcomputer.com/forums/t/651201/routerinternet-security/#entry4287019

about my problem but it actually was somebody else's thread. I only just remembered that. Sorry.

 

So, this DNS Hijack is very tenacious and keeps coming back. I remove it with Zemana, but, like I said, to no avail.

 

So I wondered if changing DNS servers would help. And the answer is, Nope.

 

I change servers, and it's back. It says (how come we can't upload images anymore?) on the network graph, instead of my home network with its name it says "Multiple Networks."

 

I am flummoxed. Anybody has an idea?



BC AdBot (Login to Remove)

 


m

#2 Pimptech

Pimptech

  • Malware Study Hall Junior
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:10:08 AM

Posted 18 July 2017 - 12:04 AM

I have been posting here https://www.bleepingcomputer.com/forums/t/651201/routerinternet-security/#entry4287019

about my problem but it actually was somebody else's thread. I only just remembered that. Sorry.

 

So, this DNS Hijack is very tenacious and keeps coming back. I remove it with Zemana, but, like I said, to no avail.

 

So I wondered if changing DNS servers would help. And the answer is, Nope.

 

I change servers, and it's back. It says (how come we can't upload images anymore?) on the network graph, instead of my home network with its name it says "Multiple Networks."

 

I am flummoxed. Anybody has an idea?

 

Did you read my last answer ? Did not helped you ?



#3 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 18 July 2017 - 12:07 AM

 

I have been posting here https://www.bleepingcomputer.com/forums/t/651201/routerinternet-security/#entry4287019

about my problem but it actually was somebody else's thread. I only just remembered that. Sorry.

 

So, this DNS Hijack is very tenacious and keeps coming back. I remove it with Zemana, but, like I said, to no avail.

 

So I wondered if changing DNS servers would help. And the answer is, Nope.

 

I change servers, and it's back. It says (how come we can't upload images anymore?) on the network graph, instead of my home network with its name it says "Multiple Networks."

 

I am flummoxed. Anybody has an idea?

 

Did you read my last answer ? Did not helped you ?

 

Where is your "last answer"?



#4 cooljay

cooljay
  • Topic Starter

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 18 July 2017 - 11:18 AM

This is where this DNS Hijack is located, and you can see the registration for this domain here: http://whois.domaintools.com/193.138.219.228.

 

I DDG'ed it and it says it has been reported 13 times for abuse.

 

The question is, how do I get rid of it so it doesn't come back? 193.138.219.228 is a server. I changed DNS servers. Instead of this one I use one of those public ones. That being the case, why is Zemana even scanning there anymore? Shouldn't Zemana have left the old server behind like I did and now scan the new server?

 

So I am concluding - incorrectly perhaps - that this Hijack is on the router itself? Is that possible? In which case, logging into the router (which doesn't have the original password anymore, I changed that) is not an option because the Hijack malware/virus/trojan whatever it is, would then gain access, right?

 

I wish I would understand how these things work. What is there ON the router that this thing can attach itself to? And if it were connected to the router, why would it give a server address?



#5 cooljay

cooljay
  • Topic Starter

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 18 July 2017 - 11:40 AM

You gonna love this. It's my VPN, ROFL!!! That's the server they put me on, and that's where this thing installed itself.

 

Phew. I let them know so they can take care of it.

 

Anyway, I am hugely impressed by Zemana. Even the paid version of Malware Antimalware didn't pick this up, nor did Emsi or AVG.



#6 Pimptech

Pimptech

  • Malware Study Hall Junior
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:10:08 AM

Posted 18 July 2017 - 02:14 PM

You gonna love this. It's my VPN, ROFL!!! That's the server they put me on, and that's where this thing installed itself.

 

Phew. I let them know so they can take care of it.

 

Anyway, I am hugely impressed by Zemana. Even the paid version of Malware Antimalware didn't pick this up, nor did Emsi or AVG.

 

I would ask you that.. If it's not the router nor th operating system. Could be the VPN or ISP.

Very strange! How did you find out ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users