Folder AVG Forums » Archive » Archive » AVG Home » AVG 2012 » Browser/DNS Hijack Issue
Page 1 of 3 123››
February 29, 2012 23:18 Browser/DNS Hijack Issue #194165
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Hi I appear to have a problem with a rather benign browser/DNS hijack

Tech Specs:
Windows XP
AVG Version 2012.0.1913
Virus DB version: 2114/4842
Also installed. Adware 9.6 / MalwareBytes 1.60.1.1000

Basically no matter which browse I use, if I type a web address that results in a DNS error I am directed to a page that appears to be a Domain Parking page for domains registered with NameDrive.

The domains appear to be kdkdj.com / bestdomainisever.com / btdsde.com, hundertzweiund10.com and ftrsr.com, which one I am redirected to appears to be random.

These pages seem benign, in so much as they are just parked with NameDrive and the page I am seeing appears to be the NameDrive domain parking page and I stress I am never redirected unless I mistype my web address eg: 'ww.domain.com' instead of 'www.domain.com'

I removed a Trojan using Adaware earlier in the day which it identified as Trojan.Wind32.Jpgiframe, but it hasn't resolved my issue.

A full system scan (in safe mode) and Full root kit scan with AVG 2012 reveals no infections.

Similarly I can find no infections using MalwareBytes. But clearly I still have something under the hood which is redirecting my browser when I get a DNS error.

Can anyone help?
March 1, 2012 11:15 Re: Browser/DNS Hijack Issue #194191
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello DavidParkes,

Please try to reset your Internet browser proxy settings and see whether it helped.

Should the issue persist, please provide us with both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

Thank you

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 1, 2012 11:41 Re: Browser/DNS Hijack Issue #194193
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Problem with providing msinfo32..

I cannot create as msinfo32 output as per the instructions provided.

Windows returns an error: (See Attached Graphic)
msinfoerror.jpg
March 1, 2012 11:52 Re: Browser/DNS Hijack Issue #194194
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Scratch that last comment, I found it myself:
C:\Program Files\Common Files\Microsoft Shared\MSInfo

Requested info to follow shortly.
March 1, 2012 13:48 Re: Browser/DNS Hijack Issue #194207
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Gmer - msinfo32 and scan result..

As requested here is the GMER MSINFO and AVG Scan result. As explained previously the AVG scan result came up clean, but my browser is still redirected if I mistype a URL and it results in a bad DNS entry.
March 2, 2012 09:04 Re: Browser/DNS Hijack Issue #194252
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello David,

According to the scan results analysis, your computer is clean, so the "hijack" issue will most likely be caused by altered DNS/proxy settings or by some malicious browser addon.

Please follow steps mentioned in my previous post, disable all your browser addons and check your DNS settings.

Thank you.


___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 2, 2012 09:51 Re: Browser/DNS Hijack Issue #194260
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
I tried that..

I tried clearing my Internet Proxy settings as you suggested before I spent 4 hours running the scans to provide the info requested.

I also checked my DNS settings and they are correct (checked them with my ISP) and they are the same as other systems on my network which are not exhibiting the same problem as the affected PC.

Again this problem affects ALL browsers on the problem PC, Firefox, Internet Explorer 8.0, Safari etc.
I've also checked the browser add-ons on Firefox, they are all legit. The only two extensions are the AVG Security Toolbar and AVG Safe Search and the plugins all standard legit packages.

I will for the sake of eliminating the possibility of an exploit within one of these plugins being the cause try disabling them all and post back.
March 2, 2012 10:00 Re: Browser/DNS Hijack Issue #194262
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Disabling plugins didn't help..

Hi Again

Nope disabling browser extensions/plugins didn't help, as I thought they were all legit and not malicious add-ons.

One however was out of date and had a known security vulnerability. I've updated it, but wonder if this could have been a route of attack? Yet you say according to your analysis my PC is clean.

The vulnerable plugin was
Shockwave for Director - Adobe Shockwave for Director Netscape plug-in, version 11.6.1.629

I've updated this but whilst this could have been a potential route of attack to plant something else on the computer, its not method or cause of DNS/Browser Hijacking in itself.

PS: Appreciate your help with this.
March 2, 2012 13:01 Re: Browser/DNS Hijack Issue #194274
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8233
Hello DavidParkes,

First please uninstall Malwarebytes, Ad-Aware and Sophos - please read this post for more information.

I've updated this but whilst this could have been a potential route of attack to plant something else on the computer, its not method or cause of DNS/Browser Hijacking in itself.

Please try manually set custom DNS servers and flush your DNS cache:
- Press the Windows logo key and R.
- Type ncpa.cpl and click OK.
- Right-click your network (Internet) connection and select Properties.
- Double-click the Internet protocol version 4 item (you may need to scroll down a bit).
- Select the Use the following DNS server addresses: option.
- Enter suitable DNS servers. You may use OpenDNS or Google Public DNS servers, for example.
- Click OK to save changes.
- Run the command line (as administrator).
- Type ipconfig /flushdns and press Enter.
- The DNS cache will be flushed and the issue should not occur again.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 2, 2012 14:58 Re: Browser/DNS Hijack Issue #194291
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17

Hi Pokornyz

Thanks for your help, but I followed your instructions to the letter, yet my problem persists.
Page 1 of 3 123››