Hi I appear to have a problem with a rather benign browser/DNS hijack

Tech Specs:
Windows XP
AVG Version 2012.0.1913
Virus DB version: 2114/4842
Also installed. Adware 9.6 / MalwareBytes 1.60.1.1000

Basically no matter which browse I use, if I type a web address that results in a DNS error I am directed to a page that appears to be a Domain Parking page for domains registered with NameDrive.

The domains appear to be kdkdj.com / bestdomainisever.com / btdsde.com, hundertzweiund10.com and ftrsr.com, which one I am redirected to appears to be random.

These pages seem benign, in so much as they are just parked with NameDrive and the page I am seeing appears to be the NameDrive domain parking page and I stress I am never redirected unless I mistype my web address eg: 'ww.domain.com' instead of 'www.domain.com'

I removed a Trojan using Adaware earlier in the day which it identified as Trojan.Wind32.Jpgiframe, but it hasn't resolved my issue.

A full system scan (in safe mode) and Full root kit scan with AVG 2012 reveals no infections.

Similarly I can find no infections using MalwareBytes. But clearly I still have something under the hood which is redirecting my browser when I get a DNS error.

Can anyone help?

Hello DavidParkes,

Please try to reset your Internet browser proxy settings and see whether it helped.

Should the issue persist, please provide us with both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

Thank you

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us

Problem with providing msinfo32..

I cannot create as msinfo32 output as per the instructions provided.

Windows returns an error: (See Attached Graphic)

Scratch that last comment, I found it myself:
C:\Program Files\Common Files\Microsoft Shared\MSInfo

Requested info to follow shortly.

Gmer - msinfo32 and scan result..

As requested here is the GMER MSINFO and AVG Scan result. As explained previously the AVG scan result came up clean, but my browser is still redirected if I mistype a URL and it results in a bad DNS entry.

Hello David,

According to the scan results analysis, your computer is clean, so the "hijack" issue will most likely be caused by altered DNS/proxy settings or by some malicious browser addon.

Please follow steps mentioned in my previous post, disable all your browser addons and check your DNS settings.

Thank you.


___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us

I tried that..

I tried clearing my Internet Proxy settings as you suggested before I spent 4 hours running the scans to provide the info requested.

I also checked my DNS settings and they are correct (checked them with my ISP) and they are the same as other systems on my network which are not exhibiting the same problem as the affected PC.

Again this problem affects ALL browsers on the problem PC, Firefox, Internet Explorer 8.0, Safari etc.
I've also checked the browser add-ons on Firefox, they are all legit. The only two extensions are the AVG Security Toolbar and AVG Safe Search and the plugins all standard legit packages.

I will for the sake of eliminating the possibility of an exploit within one of these plugins being the cause try disabling them all and post back.

Disabling plugins didn't help..

Hi Again

Nope disabling browser extensions/plugins didn't help, as I thought they were all legit and not malicious add-ons.

One however was out of date and had a known security vulnerability. I've updated it, but wonder if this could have been a route of attack? Yet you say according to your analysis my PC is clean.

The vulnerable plugin was
Shockwave for Director - Adobe Shockwave for Director Netscape plug-in, version 11.6.1.629

I've updated this but whilst this could have been a potential route of attack to plant something else on the computer, its not method or cause of DNS/Browser Hijacking in itself.

PS: Appreciate your help with this.

Hello DavidParkes,

First please uninstall Malwarebytes, Ad-Aware and Sophos - please read this post for more information.


Please try manually set custom DNS servers and flush your DNS cache:
- Press the Windows logo key and R.
- Type ncpa.cpl and click OK.
- Right-click your network (Internet) connection and select Properties.
- Double-click the Internet protocol version 4 item (you may need to scroll down a bit).
- Select the Use the following DNS server addresses: option.
- Enter suitable DNS servers. You may use OpenDNS or Google Public DNS servers, for example.
- Click OK to save changes.
- Run the command line (as administrator).
- Type ipconfig /flushdns and press Enter.
- The DNS cache will be flushed and the issue should not occur again.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us

Hi Pokornyz

Thanks for your help, but I followed your instructions to the letter, yet my problem persists.