Windows Server 2000/2003 Thread, DNS being reset in Technical; My Server 2003 machine appears to be having it's network card DNS address set to 22.214.171.124 and 126.96.36.199. I know ...
17th October 2012, 02:19 PM #1
- Rep Power
DNS being reset
My Server 2003 machine appears to be having it's network card DNS address set to 188.8.131.52 and 184.108.40.206. I know that's google dns but I haven't set the card's dns to that; we use SEGfL / RMs forwarders, 220.127.116.11 and 105. Is it possible that a virus / malware infection could be causing this? Can I monitor this in event viewer; what would be the event ID?
17th October 2012, 02:23 PM #2
Sounds to me like a botnet attack.
17th October 2012, 02:36 PM #3
That's a symptom of the TDSS Rootkit.
TDL4 – Top Bot - Securelist
17th October 2012, 03:01 PM #4
hack hack hack, check your firewall ports & close them down, check your security logs, assume that server has been compromised.
17th October 2012, 03:03 PM #5
Yes, and I hate to say it, but change your admin password - or at least give it strong consideration.
17th October 2012, 03:13 PM #6
lots of malware does this too, check for the normal :
startup entrys you do not recognize, unusual services, you could try tea timer from spybot to find out what changes the setting.
check your local users passwords
By sarchs in forum Windows Server 2000/2003
Last Post: 2nd November 2010, 05:12 PM
By markman in forum Windows Server 2000/2003
Last Post: 6th September 2010, 03:36 PM
By sidewinder in forum Wireless Networks
Last Post: 9th April 2010, 02:47 PM
Last Post: 15th June 2009, 08:47 PM
By Gibbo in forum Windows Server 2000/2003
Last Post: 22nd April 2009, 12:22 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread