+ Post New Thread
Results 1 to 6 of 6
Windows Server 2000/2003 Thread, DNS being reset in Technical; My Server 2003 machine appears to be having it's network card DNS address set to 8.8.8.8 and 8.8.4.4. I know ...
  1. #1

    Join Date
    Jan 2008
    Posts
    11
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    DNS being reset

    My Server 2003 machine appears to be having it's network card DNS address set to 8.8.8.8 and 8.8.4.4. I know that's google dns but I haven't set the card's dns to that; we use SEGfL / RMs forwarders, 62.171.198.104 and 105. Is it possible that a virus / malware infection could be causing this? Can I monitor this in event viewer; what would be the event ID?
    Regards,
    Paul Vernon.

  2. #2
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    930
    Thank Post
    257
    Thanked 133 Times in 106 Posts
    Rep Power
    79
    Sounds to me like a botnet attack.

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    That's a symptom of the TDSS Rootkit.

    TDL4 – Top Bot - Securelist

  4. #4

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,942
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    hack hack hack, check your firewall ports & close them down, check your security logs, assume that server has been compromised.

  5. #5
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    930
    Thank Post
    257
    Thanked 133 Times in 106 Posts
    Rep Power
    79
    Yes, and I hate to say it, but change your admin password - or at least give it strong consideration.

  6. #6

    Join Date
    Jul 2009
    Posts
    267
    Thank Post
    6
    Thanked 43 Times in 37 Posts
    Rep Power
    16
    lots of malware does this too, check for the normal :

    startup entrys you do not recognize, unusual services, you could try tea timer from spybot to find out what changes the setting.
    check your local users passwords

SHARE:
+ Post New Thread

Similar Threads

  1. Old DNS Server being a pain
    By sarchs in forum Windows Server 2000/2003
    Replies: 12
    Last Post: 2nd November 2010, 04:12 PM
  2. No Internet could it be DNS?
    By markman in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 6th September 2010, 02:36 PM
  3. Slight DHCP problem - wrong DNS addreses being given
    By sidewinder in forum Wireless Networks
    Replies: 0
    Last Post: 9th April 2010, 01:47 PM
  4. Replies: 5
    Last Post: 15th June 2009, 07:47 PM
  5. Should all domain controllers be listed in DNS (and where)?
    By Gibbo in forum Windows Server 2000/2003
    Replies: 3
    Last Post: 22nd April 2009, 11:22 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •