# Possible DNS hijack-need help.



## daunove (Apr 27, 2009)

Name of your ISP: *SBC*
Make and exact model and hardware version of the router: *2Wire 2701HG-B*

If *wireless*, encryption used, (none, *WEP*, WPA, or WPA2)
Version and patch level of Windows on all affected machines:* XP pro, SP2 using IE 6*

Please give an exact description of your problem symptoms, including the exact text of any error messages.

Windows Update link takes me to a phoney looking Google homepage. Virus software cannot update because it "cannot detect internet connection".
Following hyperlinks or clicking Google search results takes me to adsites and other random places. System freezes, cant ctrlaltdel or shutdown gracefully.


If you're using a wireless connection, have you tried a direct connection with a cable to see if that changes the symptoms? *Not yet*
For wireless issues, have you disabled all encryption on the router to see if you can connect that way? *Not yet*
Have you connected directly to the broadband modem to see if this is a router or modem/ISP issue? *Yes*
If there are other computers on the same network, are they experiencing the same issue, or do they function normally? *Undetermined*




PING 206.190.60.37

*Request timed out, 100% loss*

PING yahoo.com

*Request timed out, 100% loss*

NBTSTAT -n:

Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []
No names in cache
Wireless Network Connection:
Node IpAddress: [192.168.1.100] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
D78G2Y91 <00> UNIQUE Registered
D78G2Y91 <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered


IPCONFIG /ALL:

Windows IP Configuration
Host Name . . . . . . . . . . . . : D78G2Y91
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont
roller
Physical Address. . . . . . . . . : 00-15-C5-12-20-A0
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-16-CE-57-C2-37
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 85.255.112.146
85.255.112.76
Lease Obtained. . . . . . . . . . : Monday, April 27, 2009 1:25:31 PM
Lease Expires . . . . . . . . . . : Tuesday, April 28, 2009 1:25:31 PM


----------



## daunove (Apr 27, 2009)

Problem solved, but still have questions...
So I reloaded windows and the bogus DNS servers were still used in my wireless network settings. I changed back to "obtain DNS server address automatically" and my symptoms are gone. But how did these bogus DNS server adddresses survive a complete uninstall/reinstall of windows? The password on my router was not the default password, but is there any risk of my router settings being manipulated?


----------



## johnwill (Sep 26, 2002)

Don't have a clue. :smile:

The only thing I can think of is some site or device on your network.


----------

