Results 1 to 5 of 5

Thread: DNS messed

  1. #1
    Joined
    May 2001
    Location
    N.S. Canada
    Posts
    4,137

    DNS messed

    question...
    can a virus/worm change the DNS network settings from the original : Obtain DNS automatically to a preset DNS number ???

  2. #2
    Joined
    Oct 2001
    Location
    Southern Ontario
    Age
    46
    Posts
    13,194

    Re: DNS messed

    I have seen viruses go in and alter the hosts file causing problems for certain sites. Mainly to prevent access for anti-virus updates. But that's going back a few years ago.

    I presume that Microsoft now protects the hosts file. But I would be surprised if the attackers have evolved their approach to overcome this.

    As far as changing your network settings...not sure. Could anyone else have modified that setting?

  3. #3
    Joined
    Dec 2000
    Posts
    5,051

    Re: DNS messed

    Need a little more description of whats actually happening, has the setting for dns servers been changed to static assignment or have the numbers simply changed?

  4. #4
    Joined
    May 2001
    Location
    N.S. Canada
    Posts
    4,137

    Re: DNS messed

    it was always on obtain dns automatically, and now its been set to static, and when i did a dns look up on the numbers, it was located in sweeden, and i'm on Aliant in nova scotia canada

    i have reset the dns to be assigned automatically again. the pc was hellish slow and it would not allow any microsoft site to open nor would any updates install.

    > i backed up formated and installed windows 7 .

    It was just strange to see those static dns numbers...why i was wondering about a virus/worm

  5. #5
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    61
    Posts
    7,290

    Re: DNS messed

    Quote Originally Posted by MousePotato View Post
    question...
    can a virus/worm change the DNS network settings from the original : Obtain DNS automatically to a preset DNS number ???
    Yes, without a doubt. Smitfraudfix (as well as other programs) will even alert you if it sees this. Combofix is fairly good about rectifying this on its own (and I sincerely hope that the author produces a 64 bit compatible version as some point in time).

    http://en.wikipedia.org/wiki/DNS_hij...gue_DNS_server

    An infamous/notorious one is the 85.255.x.x hijack.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •