Results 1 to 9 of 9

Thread: Desktop DNS settings suspiciously changed pointing to Internet sites

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

October 1st, 2003, 06:09 PM #1
ric-o

View Profile

View Forum Posts

Visit Homepage
oldie

Join Date

Nov 2002

Posts

486
Desktop DNS settings suspiciously changed pointing to Internet sites

Someone reported in NTBugtraq that the DNS server settings on their desktops are getting changed to point to 2 IP addresses on the Internet (216.127.92.38 and 69.51.146.14).

It has affected W2K Pro workstations and Registry entries have been added/changed. One interesting one is:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\windows]
"r0x"="your s0x"

Has anyone else seen this? I'm concerned...ok maybe paranoid (call me that if you want)...that this maybe a new worm/virus.
Reply With Quote

Quick Navigation Network Security Discussions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Desktop DNS settings suspiciously changed pointing to Internet sites

Thread Tools

Display

Threaded View

Desktop DNS settings suspiciously changed pointing to Internet sites

Posting Permissions