Jump to content

Recommended Posts

  • Staff

Do you have a LinksysWRT160N router? Because I actually have the same. This router appears to have serious DNS issues.

Also see here: http://homecommunity.cisco.com/t5/Wireless...ues/td-p/280327

temporary solution is to use OpenDNS as your DNS Servers.

https://www.opendns.com/start/

Or you can use GoogleDNS:

http://code.google.com/intl/nl/speed/publi...docs/using.html

Link to post
Share on other sites

The problem happens only in Firefox, not IE, and happens both at home on my linksys router and at work using the connection there. So, I can try this, but it does not seem like the router can be the explanation in this case.

Do you have a LinksysWRT160N router? Because I actually have the same. This router appears to have serious DNS issues.

Also see here: http://homecommunity.cisco.com/t5/Wireless...ues/td-p/280327

temporary solution is to use OpenDNS as your DNS Servers.

https://www.opendns.com/start/

Or you can use GoogleDNS:

http://code.google.com/intl/nl/speed/publi...docs/using.html

Link to post
Share on other sites

  • Staff

What brand of linksys router do you have? What brand of router does your computer at work have?

Do you use the same computer at work and at home?

In either way, the reason why I replied here is because I have EXACTLY the same problem and this is caused by my linksys router.... and the fact that you actually do have a linksys router (from your second reply since you didn't mention this in your 1st post) can't be a coincidence imho.

Link to post
Share on other sites

I have tried changing the DNS address, but this did not resolve the problem. Does anyone have any suggestions for how to resolve this problem?

Thanks.

What brand of linksys router do you have? What brand of router does your computer at work have?

Do you use the same computer at work and at home?

In either way, the reason why I replied here is because I have EXACTLY the same problem and this is caused by my linksys router.... and the fact that you actually do have a linksys router (from your second reply since you didn't mention this in your 1st post) can't be a coincidence imho.

Link to post
Share on other sites

  • Staff

Hi,

It would be great if you can also answer the questions I asked, because the more info I have, the better I can help you.

Also,

Please do the following..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Also, please post the Log from Malwarebytes as well.

Link to post
Share on other sites

I do have a LinksysWRT160N router. However, this problem only happens in Firefox, not IE. It also only happens on one of my computers and not the other. And it happens at work with the one computer (but not the other) where I use a University network and not a router. I have used Open DNS to change my DNS settings and continue to experience the problem. I did see another post with the same issue and the person was guided through a more extensive process to clean-up their computer. I am wondering if I need to do something similar.

I have pasted below the malwarebytes log. I will also run combofix and paste that as well.

Thanks!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/21/2010 12:57:45 AM

mbam-log-2010-07-21 (00-57-45).txt

Scan type: Quick scan

Objects scanned: 173945

Time elapsed: 1 hour(s), 34 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Still, I'm 99% sure this is an issue with your router as I am having exactly the same problem and helped a user with the same here as well:

http://forums.malwarebytes.org/index.php?showtopic=45185

Link to post
Share on other sites

  • Staff

Yes, I also have the same problem mainly in Firefox and google chrome, not in IE.

Also, this is a matter of caching DNS as well, so that explains it when you get it at work as well. You have to flush your dns cache first.

In either way, please post a HijackThis log so I can see if you have set your DNS to openDNS properly.

Basically, this has nothing to do with malware as your computer is not infected, so nothing needs to get cleaned up either. Just think of it, all the people who have this exact problem also have exactly the same build of the router, including me.

I have already contacted Cisco with this and they have confirmed it's indeed an issue with DNS in their router and should be fixed in next firmware update. Also, the internet is full with this - see link I posted previously.

Some more links: http://www.google.com/support/forum/p/Chro...a3bc8&hl=en

http://www.google.com/support/forum/p/Chro...7c120&hl=en

http://www.brownbatterystudios.com/sixthin...direct-problem/

Link to post
Share on other sites

Okay, thanks. How do I flush the dns cache? And I am not sure how to create a HijackThis log.

Yes, I also have the same problem mainly in Firefox and google chrome, not in IE.

Also, this is a matter of caching DNS as well, so that explains it when you get it at work as well. You have to flush your dns cache first.

In either way, please post a HijackThis log so I can see if you have set your DNS to openDNS properly.

Basically, this has nothing to do with malware as your computer is not infected, so nothing needs to get cleaned up either. Just think of it, all the people who have this exact problem also have exactly the same build of the router, including me.

I have already contacted Cisco with this and they have confirmed it's indeed an issue with DNS in their router and should be fixed in next firmware update. Also, the internet is full with this - see link I posted previously.

Some more links: http://www.google.com/support/forum/p/Chro...a3bc8&hl=en

http://www.google.com/support/forum/p/Chro...7c120&hl=en

http://www.brownbatterystudios.com/sixthin...direct-problem/

Link to post
Share on other sites

  • Staff

Hi,

To flush the DNS cache, go to start > run and copy and paste: ipconfig /flushdns

Also see here: http://www.tech-faq.com/how-to-flush-dns.html

But as long as the default DNS from linksys router is used, it will become "poisoned" again, so that's why I need a HijackThis log to verify you have set the OpenDNS properly (as it will display it in there)+eventually other issues (as malware leftpovers etc). Although, as I said, the problem you are having is not malware related.

For HijackThis,

* Download HijackThis from here:

http://free.antivirus.com/hijackthis/

HijackThis will open after install. Press the Scan button below.

This will start the scan and open a log.

Copy and paste the contents of the log in your next reply.

Link to post
Share on other sites

Flushing the cache seems to have resolved the issue and all is working fine now. Thank you so much for your help!

Hi,

To flush the DNS cache, go to start > run and copy and paste: ipconfig /flushdns

Also see here: http://www.tech-faq.com/how-to-flush-dns.html

But as long as the default DNS from linksys router is used, it will become "poisoned" again, so that's why I need a HijackThis log to verify you have set the OpenDNS properly (as it will display it in there)+eventually other issues (as malware leftpovers etc). Although, as I said, the problem you are having is not malware related.

For HijackThis,

* Download HijackThis from here:

http://free.antivirus.com/hijackthis/

HijackThis will open after install. Press the Scan button below.

This will start the scan and open a log.

Copy and paste the contents of the log in your next reply.

Link to post
Share on other sites

  • Staff

Hi,

Just make sure your settings are properly set to use OpenDNS or GoogleDNS - because flushing the cache is only a temporary solution if you don't use the OpenDNS or GoogleDNS.

Don't set it in the router, but on your computer.

Example: Changing DNS server settings to GoogleDNS

1. Go the Control Panel.

2. Click Network and Internet, then Network and Sharing Center, then Manage network connections.

3. Select the connection for which you want to configure Google Public DNS. For example:

* To change the settings for an Ethernet connection, right-click Local Area Connection, and click Properties.

* To change the settings for a wireless connection, right-click Wireless Network Connection, and click Properties.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

4. Select the Networking tab. Under This connection uses the following items, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

5. Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, write them down for future reference, and remove them from this window.

6. Click OK.

7. Select Use the following DNS server addresses. If there are any IP addresses listed in the Preferred DNS server or Alternate DNS server, write them down for future reference.

8. Replace those addresses with the IP addresses of the Google DNS servers: 8.8.8.8 and 8.8.4.4.

9. Restart the connection you selected in step 3.

10. Test that your setup is working correctly; see Testing your new settings below.

11. Repeat the procedure for additional network connections you want to change.

http://code.google.com/intl/nl/speed/publi...docs/using.html

For OpenDNS, it's the same procedure, but you have to use the following DNS servers instead:

208.67.222.222 and 208.67.220.220

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.