Dns problems

I've been having DNS issues in the office for the past few weeks and have been so busy with year end reports and appraisals that I never had the time to fix it. Finally today decided to take the time to find the problem before it starts getting worst. As it is I can't do any printing and can't connect to the intranet.

First noticed this problem when I had problems connecting to my Exchange server. It couldn't connect and after much checking I found out that the DNS settings in TCP/IP has changed to a unknown server. Tried removing it several times and no matter what I did it still was there. This includes removing the network driver and reinstalling it.

I'm pretty sure that it's a virus or malware but I didn't have any problems browsing the web or even connecting to local server via IP.

Today when I wanted to apply for my year end leave and couldn't do it I really got frustrated. So I went to good ole Google to try and find a fix for this damn irritating problem.

Found a website that had a solution to the same problem I was facing. So I followed the instructions here.

I've copied the instructions and posted it up here as well as a backup just in case if the site goes down or the page is removed.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

I followed the instructions and it manage to detect the DNS trojan which I immediately removed which then prompted for a system reboot.

After the reboot I ran the scan again just in case and the results came out negative. Time to check the TCP/IP setting again.

YES !!! Finally I get back control of my DNS settings !!! Damn you malware !! I wonder if any sensitive data like passwords etc was exchanged while I was using the DNS server.