Browser/Connections Hijacked

By pyropunk77
Nov 11, 2008
  1. Everything runs fine on my computer except a few pop ups and when i browse web pages i will often be redirected to the wrong websites. I have done the 8 steps and posted the results from them.
  2. pyropunk77

    pyropunk77 TS Rookie Topic Starter

    This install of windows was only a few days old so i decided that i would reformat my windows partition and reinstall windows. When first started, the computer was found clean by Malwarebytes but when i connected to the internet, it became infected with the identical infections as the ones in the above post. I fixed the issues with malwarebytes and restarted my computer. When my computer came back on the internet was not working, i released and renewed my ip address and it began to work. The Trojan.DNSChanger is still there.
  3. pyropunk77

    pyropunk77 TS Rookie Topic Starter

    I found a fix at major geeks.

    To all those who have been infected with the trojan.dnschanger as i was these last few days. I couldn't quite understand why if i ran Malwarebytes, cleared the infections then restarted my computer WITHOUT a network connection, the infection seemed to be cleared. Then AS SOON AS i connected to the internet it would come back again. Finally the obvious dawned on me, it had actually changed the settings of my internet connection. It had caused it to connect with its own DNS records instead of Automatically getting them from the ISP.

    In my case it had actually changed the settings on my router which is why it affected all 8 machines that connected through the router. As soon as i removed those settings and returned it back to automatically get them from the ISP, everything was fine.

    So, to get rid of this unbelievably annoying infection, disconnect from the internet, run Malwarebytes to clear any remaining infections, and remove the amended dns settings from your computer and router. Restart your computer, connect to the internet, perform a final Malwarebytes quick scan to make sure it has gone.
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Thanks for the tip.

    Just to be clear, what method was used to reset the rou ter?

    Soft reset – issue command from Status/Control page for the rou ter
    Warm reset – power cycle
    Hard reset – use reset button to restore factory defaults

    What you describe here is a very sophistocated infection with the capability to address connected devices & write into RAM memory of the device. That’s frightening! This type of threat is getting dangerously close to “flashing” the firmware (programmable memory).

    If you wouldn’t mind, please share the link @major geeks that helped you with this.
    Frightening: 3 post titled with DNS changer used the hard reset.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...