Folder AVG Forums » Archive » Archive » AVG Home » AVG 2012 » Browser/DNS Hijack Issue
Page 2 of 3 ‹‹123››
March 5, 2012 11:14 Re: Browser/DNS Hijack Issue #194648
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8235
Hello DavidParkes,

In order to analyze your issue please provide us with more information (step by step description what you did, what is exact behavior all pages are redirected?, screenshot of Ipconfig output, new Msinfo output, etc).

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 7, 2012 13:53 Browser/DNS Hijack Issue #194811
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Hi there

Basically whenever I mistype a web address ie: ww.mysite.com and the host domain does not have a DNS host record to handle the mispelling, I am redirected to a domain parking page for one of several domains I listed earlier.

If I type a web address correctly, I am taken to the web site as expected and nothing bad happens.

I attach a screen shot of my IP config as requested and another MSINFO file.

March 7, 2012 14:17 Re: Browser/DNS Hijack Issue #194816
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8235
Hello DavidParkes,

For help on your issue please try rename/delete file c:\windows\system32\primomonnt.dll

And if your issue persist please provide us with Autoruns output.

Thank you
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 7, 2012 14:31 Re: Browser/DNS Hijack Issue #194818
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Hi I tried renaming the dll file and my problem persists.

I've downloaded Autoruns, but I don't have a Verify Code Signatures option in the Options menu.
Do your linked instructions refer to an older version of the software?
March 7, 2012 14:35 Re: Browser/DNS Hijack Issue #194820
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
Hi Again

Scratch that, I found the Verify Code Signatures option.

Autoruns file attached.
March 7, 2012 16:30 Re: Browser/DNS Hijack Issue #194834
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello David,

In order to resolve the issue with hijacked browser, please update your Internet Explorer to version 9.

Should the issue persist please re-install our AVG Secure Search. It should re-write settings which are redirecting to hijacked website.

Download and run latest installation package, select Add remove features, check AVG toolbar.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 7, 2012 23:15 Re: Browser/DNS Hijack Issue #194878
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
I'll gladly try that but... I have already tried reinstalling Firefox (my primary browser) to no avail and I also reinstalled AVG and the AVG secure search /tool bar too.
March 8, 2012 08:01 Re: Browser/DNS Hijack Issue #194890
Reply with Quote | Quick Reply | Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hello DavidParkes,

Please provide us with a registry export of the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip

- More information on how to export a registry key can be found in this how-to article.

DavidParkes wrote
Basically no matter which browse I use, if I type a web address that results in a DNS error I am directed to a page that appears to be a Domain Parking page for domains registered with NameDrive.

The domains appear to be kdkdj.com / bestdomainisever.com / btdsde.com, hundertzweiund10.com and ftrsr.com, which one I am redirected to appears to be random.

Does this happen with any mistyped web address, or does the browser show the standard DNS error page in some cases?

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
March 8, 2012 16:57 Re: Browser/DNS Hijack Issue #194952
Reply with Quote | Quick Reply | Top
DavidParkes

Avatar

Novice
Join Date: 29.2.2012
Posts: 17
It happens with all mistyped web addresses, standard DNS error page is never shown.

Registry Key export attached.
March 9, 2012 08:29 Re: Browser/DNS Hijack Issue #194987
Reply with Quote | Quick Reply | Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hello DavidParkes,

The provided registry export revealed Spanish DNS servers (80.58.61.250 and 80.58.61.254) are provided by your DHCP server. Even though the Google DNS servers defined for the respective network interface take precedence, it is possible these servers are used if no match is found using Google servers.

If you use a router in your local network, please change the default DNS servers provided by it (via DHCP) to the Google Public DNS and restart both the router and the computer. Check the situation afterwards. (If the router was provided by your ISP, it is likely it was configured to use these DNS servers.)
If you do not use a router, rather the computer is connected directly to the internet, then the abovementioned DNS servers are used by your ISP (Nuclear Internet ES, probably).

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
Page 2 of 3 ‹‹123››