Thread: Odd Resolutions

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    2
    Rep Power
    0

    Odd Resolutions


    Hi, everyone. I've begun having this odd problem with the DNS server on my network. When I NSLookup from the server, it appends my domain name to the ends and resolves every address to 8.5.1.44, which is a malware hosting server.
    I've ran multiple scans and removed everything. All the computers on my network also resolve to this, but all http:// traffic gets through fine.
    For example, this is how the NSlookup reads:

    Server: UnKnown
    Address: 10.250.155.1

    Non-Authoritative Answer:

    Name: goo.gl.ajchs.com
    Addresses: 8.5.1.44

    Thanks in advance.
  2. #2
  3. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Can you post your zone file for us to look at.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    45
    You may have a poisoned cache. Can you clear the cache on the server.

    J.A. Coutts
  6. #4
  7. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,439
    Rep Power
    4539
    Or possibly you're infected with dnschanger virus
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    2
    Rep Power
    0
    Originally Posted by Doug G
    Or possibly you're infected with dnschanger virus
    I've ran every virus scan you can think of, from Sophos to AVG. Even rootkit cleaners. How would I go about clearing the cache? I tried ipconfig /flushdns.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    45
    Originally Posted by AbsoZed
    I've ran every virus scan you can think of, from Sophos to AVG. Even rootkit cleaners. How would I go about clearing the cache? I tried ipconfig /flushdns.
    On the DNS Server! That will vary with the software used. Since it is a 10.x.x.x number, I presume that it is an internal server that you have access to.

IMN logo majestic logo threadwatch logo seochat tools logo