Repeated Pop-ups - DNS stuck in system

[acorchia]

Hey you guys,
i have this problem which i've already seen here on another post,
i have this *i guess* permanent DNS servers on my WLAN and LAN cards automatically, i'm guessing it's some sort of a virus\Trojan but i couldn't figure out how to remove it, i'm downloading currently Norton360 which i hope is alright by you for scanning and checking the system,
if you could please guide me, what information i need to supply for your help in this matter, and what else do i need to do, i'd be grateful...

As of the DNS itself, these are the addresses i get:
85.255.113.123
85.255.112.72
i'm using vista Ultimate, which has been updated almost daily.
i think this issue is been going on for i guess half a month now... (just noticed it 2 days ago)

that's about all. waiting for your reply.
thanks alot and best regards.

 

[DelJo63]

Both DNS addresses are associated with:

inetnum:        85.255.112.0 - 85.255.127.255
org-name:       UkrTeleGroup Ltd.
org-type:       LIR
address:        UkrTeleGroup Ltd.
                Mechnikova 58/5
                65029 [B]Odessa[/B]
                [B]Ukraine[/B]

Highly likely that you've been hijacked

 

[rev_olie]

Try and clean the hijack with SmitFraud

Download here

Double-click SmitfraudFix.exe
Select option #5 - Search and Clean DNS Hijack by typing 5 and press "Enter."
A box will appear
Click Ok to continue with cleanup.
A text file will appear, which lists infected/cleaned DNS settings (if present).

See what happens then

 

[Blind Dragon]

After you clean the DNS changer trojan out, fix the damage, you need to do a hard reset on the router and flush DNS at the very least

 

[DelJo63]

like this https://www.techspot.com/vb/showthread.php?p=659859#3

 

[rev_olie]

A hard router reset is just pushing in the reset button of your Router for 10+seconds

Everything will need reconfiguring afterwards

Just some extra info for ya

 

[Blind Dragon]

Here is an interesting article about it:

http://www.geekstogo.com/2008/04/08/have-a-home-router-youll-want-to-read-this/

"It could force the router to download a hacked firmware which sets up the DNS hijack."

hence why if resetting the router doesn't kill it, I have been recommending to reflash the firmware

 

[rev_olie]

AH! that the article i was looking for a couple of weeks back for a similar problem tro this. I was sure there was something about and IP change somewere I had read and there is

Thanks Blind Dragon

 

[acorchia]

ok guys, did what you've asked (didn't HR the router since it seems according to it's log that it recieves the right DNS servers from the ISP)
as for the FIX it helped, it cleared it up but, unfortunatly after a boot to the computer it came back no idea why.. any more suggestions?

 

[acorchia]

*update*
i've just system restored my pc 14 days back, and it seemed to cleared the virus out, on top of that, i've added Norton 360 v2
think i should be all good now, any recommendations from anyone? or am i fixed for now?

*almost forgot*
thanks alot to:
rev_olie
and Blind Dragon, jobeard,
thanks alot for your help, and best regards =)

 

[kimsland]

You need to follow this precisely: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Note System Restore is usually the first place that Virus\Malware is found
And Norton 360 is on the very low end of finding these issues (the free Avira, is way better)

 

[rev_olie]

I second Kim again Avira will serve you much better than Norton ever will