Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

potential fix for copy-book.com google redirect


  • Please log in to reply

#1
docdlb

docdlb

    New Member

  • Member
  • Pip
  • 2 posts
If I point my non-infected computer to this "so-called google" page (IP address = 64.28.190.83) which I got when pinging www.google.co.uk from infected computer) I get links which incorrectly redirect to copy-book.com
Conclusion: this is some kind of DNS poisoning redirecting to a spoofed google site. Reverse DNS lookup = 64-28-190-83-rev.cernel.net ie: non-google domain as far as I can tell.
Looking through some other blogs and at my comupter in question the DNS server settings in the TCP/IP control panel are shown to be set manually to two servers 85.255.115.60/85.255.115.106. I have also seen
another similar server in this blog http://www.geekstogo...om-t204906.html. A simple fix may be to revert DNS selection to automatic then flush the dns cache. However I cannot say which malicious program has altered these settings. These "DNS-servers" reverse IP to user.mvnet.at - which seems like a funny name for a legit DNS server. Conclusion: some malware has manually altered DNS to request from this sever which is most likely run by the joker behind all this.

Edited by docdlb, 14 July 2008 - 06:25 PM.

  • 0

Advertisements


#2
docdlb

docdlb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
PS this fake DNS server also seems to block requests from Windows update (which presumably are not directly requested via an IP) and Windows defender. Taking this DNS server out of the equation allows me to use google normally and access Windows update again. UNbelieveable.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP