« Photo Stream/iCloud Control Panel 3.1 with Windows XP | Main | What is my Apple ID? »

January 16, 2014

OpenDNS Virus Hijacked my Router

I noticed something odd about the behavior of one of my PC's upstairs...the browser was acting funny and saying something about OpenDNS, which wasn't really expected. Don't know how long this has been going on, but today it bothered me enough that I stopped it.

OpenDNS is a virus. The people that own it say it isn't. Everyone with brain knows otherwise. I think that these people should be found and ceremoniously drowned in a fountain. We could flog them on Pay-Per-VIew from a third-world country. Let people pay $100 a head to watch their backs slowly turn into hamburger meat in the heat of the day.

But I digress...

First, I tried to follow the directions on this website

Start - Settings - Control Panel - Network Connections.
Doubleclick my internet connection icon.
Properties.
Select Internet Connection Protocol TCP/IP
My TCP/IP DNS Servers both said "Obtain DNS server address automatically".

So, I was thinking this would be my problem, but on my upstairs PC, this was not the issue.

The problem would be if it said "Use the following DNS Server Addresses:" and had these two listed:

Preferred DNS Server: 208.67.222.222
Alternate DNS Server: 208.67.222.220

But I didn't have that. I had "Obtain DNS server address automatically".

So, really, this looked correct to me. I decided to look at the TCP/IP configuration in DOS.

Start - Run - CMD

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : master
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : My Essentials

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : My Essentials
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-11-43-B5-52-E2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
208.67.222.222
208.67.220.220
Lease Obtained. . . . . . . . . . : Wednesday, January 15, 2014 3:18:33 AM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 8:14:07 PM


So, what's interesting here is that these two DNS servers that I'm somehow configured to use (208.67.220.222 & 208.67.220.220) are definitely the servers of OpenDNS, so we don't want to use them. Ever. But where did they come from?



I decided to go into my router configuration and see what that looked like.

So, these DNS server addresses are widely documented to be OpenDNS server addresses.

But it doesn't allow me to check "Automatic from ISP" box above, for some reason.

The problem is that since my "Connection Type" is set to "Static" in the Belkin My Essentials ME1004-R Router, it won't allow me to modify the DNS Server addresses.

So, I click on "Connection Type" and change the Connection Type from "Static" to "Dynamic".

Changing the Connection Type to Dynamic cleared out the DNS server addresses.
Now the Automatic from ISP box can be checked.

Checked the "Automatic from ISP" box and wait for router to reboot.

Now, I go back to Connection Type, put Static, and re-enter my static IP information. (I happen to have a static IP address. Not may people do.)

Click Apply Changes

Now, it prompts me for DNS Server Addresses.

I noticed the dynamically obtained DNS server names were listed elsewhere in the Status Screen earlier:

So I enter the DNS server names that I saw in the Status Screen (above):

The router reboots, and now the router is fixed. It's working fine now.

Rebooted the PC upstairs, and now it's fixed.

Start - Run - Cmd - ipconfig/all

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : master
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : My Essentials

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : My Essentials
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-11-43-B5-52-E2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
208.68.50.70
72.19.128.99
Lease Obtained. . . . . . . . . . : Thursday, January 16, 2014 11:29:57
AM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 8:14:07 PM


I no longer see the dreaded OpenDNS routers listed in my DNS servers.

Upstairs PC is working fine.


Downstairs PC


But then, I go into the configuration of one of my downstairs PC's, only to discover that the OpenDNS DNS servers are in the TCP/IP configuration of the computers downstairs. Great.

Start - Settings - Control Panel - Network Connections.
Doubleclick my internet connection icon.
Properties.
Select Internet Connection Protocol TCP/IP

Great.

OK. The trick here is that you have to do essentially the same thing we did with the router...change it to "dynamic", change the DNS servers to "dynamic", and then re-enter our static IP address data.


Select "Obtain dynamic DNS server address automatically".

Re-enter the static-ip address information.

Initially, I tried saying "Obtain DNS server address automatically", but then I couldn't find any websites. So, to resolve this issue, I copied the "Preferred DNS Server" and "Alternate DNS Server" data from another PC.

Preferred DNS Server: 72.19.128.53
Alternate DNS Server: 208.68.50.70

Rebooted PC.

Problem solved.

Posted by Rob Kiser on January 16, 2014 at 11:14 AM

Comments

Post a comment




Remember Me?

(you may use HTML tags for style)


NOTICE: IT WILL TAKE APPROX 1-2 MINS FOR YOUR COMMENT TO POST SUCCESSFULLY. YOU WILL HAVE TO REFRESH YOUR BROWSER. PLEASE DO NOT DOUBLE POST COMMENTS OR I WILL KILL YOU.