11-17-2011 09:49 AM
Thanks to all who replied. Called CenturyLink and got great support. They have been impressive since the transition from Qwest.
We changed our DNS addresses from the rogues to those recognized by CenturyLink. Had to switch DSL modem from static to dynamic and it picked up the correct DNS addresses. Have not had the redirect problems since.
01-05-2012 02:04 PM
Did you run NPE in rootkit mode? DNSchanger often uses TDSS a MBR based root kit to hide from antivirus.
05-19-2012 04:29 PM
Sounds like you got infected about the same time we did, last year. Like you, just shrugged and forgot about it. Now however the redirects have -we surmise- sent us to malicious enough sites that the system got terribly virally infected with a malware that gives authentic looking Microsoft error dialogue boxes of imminent hard drive failure. We recognized and did not do the scan the malware suggested, however, we did lose control of the PC to the point where the desktop would not load, program lists, and control panel would not load. By using safe mode with prompt I was able to system restore to an earlier version and now I installed avast, and now am running power eraser. I am told that backing up files and reformatting drive and reinstalling OS may not help because the virus could hide in your data. For instance, and file that the PC recognizes as a jpg, may actually e another type of file if the file type identity were changed. Hopefully power eraser scrubs all that too, knowing how to look at actual file attributes instead of just the surface identity. My question is, why does Norton power eraser need an internet connection in order to run? When infected with an internet accessing virus, ideally one would disconnect from the internet until fixed.
It found errors in these files: imageready.exe, photoshp.exe; hosts, lvcodec2.dll, command. It says that after fixing, when I restart it will remove three startup items; one DS entry, and one system setting.
The problems with the DNSchanger is the sites it sends you to, it slows the system to point where we turned off the site checker in MacAfee, and the virus hides in data files so is invisible to many spy and malware checkers.
If the government has taken over the malicious servers, why does it not use these servers to send a message to those being directed to them that they have a problem? Right now, we are all in the dark until we catch a serious infection.
P.S.. As you may have noticed, I am not an IT professional, just slogging through what I can glean from legitimate sources.
Results of Power Eraser scan: it says FAILED to remove hosts at c:\windows\ystem32\drivers\etc\hosts
This is a dangerous file in that it tells the PC which interet sites are to malicious. I think I will disconnect the internet from that pc again. Three steps forward, two steps back.