Possible fix for Delude and or DNS Address changed to 69.57.146.14 or 216.127.92.38 by devious means

K

Kurtis

Yesterday one of our PCs would not browse the Internet anymore. If
this happens to you take a close look at the TCP/IP config. We found
out that the entry for DNS had been changed to 216.127.92.38.

So, it looked like one of the Qhosts or Delude variants. I found no
reg files or exes left behind. The hosts file was in the correct
place for this W2K PC. (winnt\system32\drivers\etc) Actually, it
showed no signs of having a virus except that it could not browse the
Internet.

Our internal network/router guru had stopped all DNS requests unless
they came from his DNS servers. Which was why it could not browse the
Internet. Anyway I thinkk the DNS servers at 216.127.92.38 have been
taken out of commision.

Here is the fix, run regedit and look at this key,

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Inside this branch there were three entries. They each had long names
and inside they had various TCP/IP info. The second one of the three
had a lot more entries inside than the others. This one had
216.127.92.38 placed inside the "NameServer" key. Just clear out that
216.127.92.38, leave "NameServer" empty and reboot.

Good Luck, and I hope this post helps. :)
 
K

Keith W. McCammon

I think that's a variant, or similar symptom. I saw a report of something
like that, just didn't hang on to it.
 
K

Kurtis

Keith W. McCammon said:
I think that's a variant, or similar symptom. I saw a report of something
like that, just didn't hang on to it.
Click to expand...


Yep, this one spooked me at first. I looked at the "ipconfig /all"
screen at least 5 times before I noticed that the DNS server was way
out of our normal Class B range. You look at these settings so many
times that your mind tends to see what it expects to see.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS Address changed to 69.57.146.14 by devious means... 1
How to determine if MY DNS server is responding? 2
Failure to connect with DNS?? 2
ICS DNS suddenly stopped working. 4
DNS cache and hosts file ignored 11
Connecting XP to LAN and Internet 1
Unable to Browse the Network Error HELP 0
DNS or TCP/IP problems? 3

Top