Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, February 19, 2010

DNS hijackers

NO virus scanner can pick them up as they are not a virus, there are no infected files with malicious code, so the anti-virus or anti-spyware product cannot detect the change to your registry.
There is no set value each ISP has there own dns.
You could get it from facebook, myspace, etc.
Looks like a harmless video [click here]
than ... BLAM! 
your DNS service is hijacked!

Start ->; Execute 
net diag /test:dns
Go to Control Panel -> administrative tools -> Services....
Look for "DNS client" 
Double click on it to get its menu... switch it to "disabled" and "stop" it.
Hit Apply...if you are in a network that uses "Active Directory domains" then this might not help
Otherwise its DNS client for the hijacker anymore....internet will work just fine.
I have been disabling dns client for years.
One way to fix the DNS. Changer is to get the free Malwarebytes Anti-Malware.
Donwload the latest version of the software from the site and install it on the infected PC.
Restart your computer in safe mode and give this a full scan.
It finds all the viruses, trojans, dialers, DNS.Changer and all the like.
------------------------- error?!
I found that the DNS settings kept being set to and
I Googled this IP address and found that DynDns has a new feature on its client called "Internet Guide" that will change your DNS settings to the settings I mentioned.
To change that property, goto Dyndns in your icons, (bottom Right)
Open DynDNS  > Advanced > Uncheck "Enable Internet Guide on this PC" I found that this is new to version 4.1.4. I have also disabled my DNS services in my services.msc. 
Most home users will find this to be a good solution. I always run my machines as a fixed IP so I can port to each remotely. 
Just manually put the DNS1 to whatever the default IP for your router is. If you havent changed this number, than its probably still at default. Linksys=, dlink=, 2wire= be aware, if you shut down your DNS service, you will have to input the DNS address manually. Its located in the network adaptor propertys, (TCP/IP v4)

1 comment:

Jason said...

Hey there, I'm Jason with the DynDNS Ninja Squad, and I noticed your comment about the Internet Guide service. To help customers easily configure the service, the DynDNS Updater for Windows starting with 4.1.4 offers to set up the service during installation. If you're uninterested in the service, you are able to opt out easily, and can enable from the client itself at any time later if you wish.

The reason the client keeps resetting your recursive servers to Internet Guide is to ensure IG remains the active resolver, in case you switch networks or network interfaces (usually because you have a laptop or other mobile device). For example, if you just set Internet Guide on your wireless card, then plug into the wired connection at a hotel, you would likely be using their resolver by default (which doesn't offer the filtering protection of the IG Defense Plans).

If you would prefer the client not maintain the active resolver like this, disable it in the client (using your instructions), then manually set the servers on each network interface you wish to use (e.g. set it to IG for your wireless card but let it resolve locally when you're connected to your wired home network).

For the benefit of your readers, here are our full instructions on removing Internet Guide from your computer:

1a. Open the DynDNS Updater for Windows.
1b. Click the Advanced link to show the advanced settings.
1c. Uncheck "Enable Internet Guide on this PC" and click the Apply button. Internet Guide will be disabled.

- OR -

2a. Open the Control Panel from your Start menu.
2b. Click Network Connections and choose your current connection.
2c. On the General tab of the Connection Status screen, click Properties.
2d. On the General tab of Connection Properties, scroll down and select Internet Protocol (TCP/IP), then click Properties.
2e. Select "Obtain DNS server address automatically" (or enter the IP addresses of your recursive DNS servers).
2f. Click OK until all windows are closed. Internet Guide will be disabled.

I hope this helps! We certainly don't want to appear as if we're hijacking your DNS; we're just trying to make our customers' browsing experiences safer.

~Jason Ninja Squad