Hi I appear to have a problem with a rather benign browser/DNS hijack
AVG Version 2012.0.1913
Virus DB version: 2114/4842
Also installed. Adware 9.6 / MalwareBytes 18.104.22.1680
Basically no matter which browse I use, if I type a web address that results in a DNS error I am directed to a page that appears to be a Domain Parking page for domains registered with NameDrive.
The domains appear to be kdkdj.com / bestdomainisever.com / btdsde.com, hundertzweiund10.com and ftrsr.com, which one I am redirected to appears to be random.
These pages seem benign, in so much as they are just parked with NameDrive and the page I am seeing appears to be the NameDrive domain parking page and I stress I am never redirected unless I mistype my web address eg: 'ww.domain.com' instead of 'www.domain.com'
I removed a Trojan using Adaware earlier in the day which it identified as Trojan.Wind32.Jpgiframe, but it hasn't resolved my issue.
A full system scan (in safe mode) and Full root kit scan with AVG 2012 reveals no infections.
Similarly I can find no infections using MalwareBytes. But clearly I still have something under the hood which is redirecting my browser when I get a DNS error.
As requested here is the GMER MSINFO and AVG Scan result. As explained previously the AVG scan result came up clean, but my browser is still redirected if I mistype a URL and it results in a bad DNS entry.
I tried clearing my Internet Proxy settings as you suggested before I spent 4 hours running the scans to provide the info requested.
I also checked my DNS settings and they are correct (checked them with my ISP) and they are the same as other systems on my network which are not exhibiting the same problem as the affected PC.
Again this problem affects ALL browsers on the problem PC, Firefox, Internet Explorer 8.0, Safari etc.
I've also checked the browser add-ons on Firefox, they are all legit. The only two extensions are the AVG Security Toolbar and AVG Safe Search and the plugins all standard legit packages.
I will for the sake of eliminating the possibility of an exploit within one of these plugins being the cause try disabling them all and post back.
First please uninstall Malwarebytes, Ad-Aware and Sophos - please read this post for more information.
I've updated this but whilst this could have been a potential route of attack to plant something else on the computer, its not method or cause of DNS/Browser Hijacking in itself.
Please try manually set custom DNS servers and flush your DNS cache:
- Press the Windows logo key and R.
- Type ncpa.cpl and click OK.
- Right-click your network (Internet) connection and select Properties.
- Double-click the Internet protocol version 4 item (you may need to scroll down a bit).
- Select the Use the following DNS server addresses: option.
- Enter suitable DNS servers. You may use OpenDNS or Google Public DNS servers, for example.
- Click OK to save changes.
- Run the command line (as administrator).
- Type ipconfig /flushdns and press Enter.
- The DNS cache will be flushed and the issue should not occur again.