December 27th, 2012, 03:47 PM
Hi, everyone. I've begun having this odd problem with the DNS server on my network. When I NSLookup from the server, it appends my domain name to the ends and resolves every address to 18.104.22.168, which is a malware hosting server.
I've ran multiple scans and removed everything. All the computers on my network also resolve to this, but all http:// traffic gets through fine.
For example, this is how the NSlookup reads:
Thanks in advance.
December 27th, 2012, 10:49 PM
Can you post your zone file for us to look at.
"I don't need to get a life. I'm a gamer. I have lots of lives!"
December 28th, 2012, 11:25 AM
You may have a poisoned cache. Can you clear the cache on the server.
December 28th, 2012, 11:32 AM
Or possibly you're infected with dnschanger virus
I've never been able to appreciate the sublime arrogance of folks who feel they were put on earth just to save other folks from themselves .." - Donald Hamilton
December 28th, 2012, 04:18 PM
I've ran every virus scan you can think of, from Sophos to AVG. Even rootkit cleaners. How would I go about clearing the cache? I tried ipconfig /flushdns.
Originally Posted by Doug G
December 28th, 2012, 07:46 PM
On the DNS Server! That will vary with the software used. Since it is a 10.x.x.x number, I presume that it is an internal server that you have access to.
Originally Posted by AbsoZed