Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Update directs to MSN

Status
Not open for further replies.
BionicJohn

BionicJohn

Technical User
Nov 6, 2002
5,022
GB
(I hope I'm posting in the correct place, as I'm assuming the problem is some kind of virus.)

The first symptom was clicking on "Windows Update" in IE7 and the MSN home page appeared. I thought I'd clicked somewhere else in error, but no.

I've run Avast, but so far nothing's been found, though it's possible it took earlier action quietly without me noticing.

Digging around with Google for some pointers, it turns out my DNS Server Address has somehow been hijacked, so directing Windows Update to MSN. My ISP is using 217.14.176.138

RouterDNS.gif


but the TCP/IP Properties of local connection have the address as 85.255.112.16, set manually.

IPConfig.gif


Switching to "Obtain DNS Server Address Automatically" was the obvious solution, but after OK'ing out, it reverts back to 85.255.112.16.

Something is clearly preventing the change or changing it back immediately.

I've tried to reset every thing - rebooting the router, releasing and renewing with IPConfig, rebooting the PC - but have run out of ideas.

Would a HJT log help?

Cheers, John.

Liverpool: Capital of Culture 2008
Anfield: Capital of Football since 1892
Iechyd da! John
Glannau Mersi, Lloegr.
 
Sort by date Sort by votes
OK, it's sorted.

A cleaner called "Malwarebytes' Anti-Malware 1.30" found and removed the offending items, which were:

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdvcf.exe -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.

All seems fine now. Many thanks.

Liverpool: Capital of Culture 2008
Anfield: Capital of Football since 1892
Iechyd da! John
Glannau Mersi, Lloegr.
 
Upvote 0 Downvote
Glad you got it fixed. There is another forum that can provide help, too, forum760.


James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
323
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
90
Russtoleum
Russtoleum
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
284
nnaarrnn
nnaarrnn
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
86
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top