Virus in the router - malicious DNS. Yandex.DNS: protecting PCs and smartphones from viruses and scammers

Sometimes it becomes very annoying that you cannot use the Internet due to a completely banal error “DNS server is not responding.” In the vast majority of cases, when it is not possible to find the DNS address of the server, the problem can be solved in a matter of minutes. In this article we will look in detail at all the ways to solve this problem.

DNS server is a utility that redirects the Internet user to a website. The fact is that any Internet page is stored on a server that has its own IP address. To give a user access to a site, a DNS server connects his computer to the server. In other words, the DNS server is connecting link between the user and the site.

Errors “DNS server is not responding” or “DNS address cannot be found”

Often the browser complains that it cannot find the DNS address of the server. This message occurs most often among desktop users using a connection without cables (3G/LTE modem or Wi-Fi router). However, it can also appear in those who use wired Internet. This error means that the unit from which the user accesses the site cannot find a DNS address that will redirect him to the server with the page he is looking for.

What to do if the DNS server is not responding or is unavailable

Before you try to decide this problem, you need to first find out why it arose:

Because of incorrect settings modem or router;
Due to incorrect operating system settings (the site is blocked by a virus or firewall, or the Windows DNS client has failed);
Due to outdated driver network card.

To do this, you need to go to the network control panel located in the lower right corner of the task bar. It has a monitor icon, next to which there is an Enternet cable. Click on it with the left button of the manipulator. Next click right key the manipulator on the field where it says “Connected”, then go to “Properties”. Click on the “Network” tab and go to the “Properties” item, after clicking “Internet Protocol Version 4”. In the DNS addresses tab, try selecting the “Load DNS server automatically” option. If this does not help, then enter the address (preferred and alternative) yourself. It is written in the contractual connection certificates. You can also find out the DNS address from your ISP by calling them.

Advice: the correct DNS address can be registered not only in Windows settings, but also in the control panel of the router itself. If you are using software utilities from TP-LINK, then use the parameter quick setup(Quick Setup).

Often a virus carelessly downloaded by a user blocks access to other sites. To check your system for existing malware, you should scan it with an antivirus. In this case, it is better to perform scanning with a program that does not require installation on the desktop and is located on a Live-CD or Live-flash drive (Live media is storage space independent of the main system). For such purposes, we can recommend Dr. Web CureIt! Portable anti-malware programs are good because, being placed on a Live-CD or Live-flash drive, they cannot be infected with viruses.

Setting up a firewall

There is a possibility that access to the site has been blocked native Windows Farewall or firewall (another name for firewall) that comes with your antivirus. The firewall blocks access to sites that it considers malicious. If you know that the blocked page is really safe, you can temporarily disable the firewall or reset its settings to the initial settings (then the list of blocked pages will be reset to zero). How to turn off Microsoft's firewall? Click Control Panel->Windows and Security-> Windows Firewall. In the left panel there will be an item “Enable and shutting down windows Firewall". Click it, then turn all the toggle switches to “Turn off Windows Firewall.” Save these settings.

Advice: Windows firewall– key. By turning it off, you will disable other firewalls.

Updating network card drivers

Often the desktop refuses to go online due to outdated drivers network card. To check their status, use the utility Driver Booster. This application will help you find not only drivers for network controllers and install them, but also update the functionality of other components.

Advice: you can update the drivers network card and standard Windows utilities. Go to “Devices and Printers”, then double-click the left mouse button on the icon of your desktop. In the “Equipment” tab, find the components marked as “ Network adapters” and go to their “Properties”. There, click on “Driver” and select “Update”.

This method involves resetting the desktop and router settings. The sequence of actions is as follows: you need to disconnect the router from the 220V network and leave it unconnected for 5 minutes. Next, you need to restart your computer and plug the router back into the outlet.

Advice: Before turning off the router, you should go to its settings menu and reset the default settings.

This problem can be resolved in two ways. The first - the least painful - register the DNS address not through the Panel Windows management, but through the router menu. The second is to perform a system restore. Go to the Control Panel, then – “System and Security” – “Restore a previously saved desktop state”. After a few minutes, when the utility collects all the registered backup points, you need to select one of them. The date of its creation is written next to each point. Select the one where the DNS client was functioning normally and confirm the system reset.

How to find out the dns address of a server

The correct DNS address is specified in the agreement on connecting the desktop to the Internet. It was compiled by the provider, so there is no possibility of error. If you do not have access to the certificate, you can call the provider or contact him via technical service support and ask him to provide the exact DNS address again.

Where can I configure the DNS server address in Windows?

It can be configured through Windows utilities (path: network icon in the taskbar - “Settings” - “Network” - “Internet Protocol v4” - “Properties” - tab with DNS addresses) or through the control panel of your router or modem.

Programs for setting up a DNS server

If the DNS server is unavailable, then the DNS Jumper utility will help fix this problem. Its advantage is that it is portable and does not require installation. In the “DNS Server Selection” tab, you can select a DNS address manually or let the utility itself select it. In this case, DNS Jumper will choose the most stable and fast server on this moment, and the “DNS server does not respond to windows” problem will be removed. You can also download the DOT VPN add-on to your browser. This extension allows you to select not only the address, but also the country from which the user will log in. That is, you can physically be in Germany, but access the site as a resident of the Netherlands. Very useful extension, since some pages are blocked by state governments, and DOT VPN allows you to bypass this ban. “ VPN setup» in the Opera browser. It is turned on like this: Settings->Security->VPN (switch the toggle switch to “Enable” and select “Optimal location”).

3 more useful articles:

Windows Repair - rare type programs that can save your Personal Computer from almost everyone...

A program that checks the strength of system user passwords. This utility use network administrators to calculate users with...

If you need to protect certain personal data, you can, of course, set a password in...

To protect yourself from the Trojan.Rbrute Trojan that attacks modems/routers TP-link company need to do several simple conditions. The virus spreads by brute-force scanning of IP addresses in the nth range, after which password guessing begins using the brute force method. Almost everyone is susceptible to attack popular models Tp-link routers. Making its way into the device settings, the Trojan changes addresses DNS provider to the addresses of the attackers.

Your router is infected if:

When trying to log out any site, be it remont-sro.ru or the Gmail.com service, a fake download site opens Google Chrome or other suspicious resources. Initially, the redirect only worked for user requests containing the words Facebook or Google, but now the Trojan responds to any of them. The indication on the modem remains the same, “Internet” lights up steadily, the computer shows that the connection is complete, authorization has been completed, but the Internet itself does not work, it only redirects to advertising and/or fake download pages

Point 1. Reset. Reconfiguring the modem
The instructions were prepared by Maria Korchagina, a specialist at the GTP TsOO

If you cannot access the modem settings via 192.168.1.1, then try doing it via the address 192.168.42.1

On this page the settings are indicated only for Internet service. For IP-TV settings and WI-FI download full manuals

Russian version - http://yadi.sk/d/JC6l6FPVRbU9P

English version - http://yadi.sk/d/j6Ly7bA4RbU8r

1. To properly reset the settings on the modem, hold down the button with a needle/paste/toothpick Reset in a small recess. Hold for 5 to 15 seconds until the indication on the device disappears. The lights should go out just like after a normal router reboot.

2. To configure, the modem should be connected with a cable to any LAN port; do not configure via a Wi-Fi connection.

3. Login via Internet browser Explorer to the router interface, at: 192.168.1.1. A dialog box will open. In the “Username” and “Password” fields, enter admin/admin respectively. The router's home page will open (see below)

On this page you will see what settings already exist:

4. Before you start setting up the router, you need to delete all previously created settings; to do this, go to the section “Interface settings” -> “Internet”, select “Virtual channel” - PVC0, at the bottom of the page click the “delete” button. We do this with each virtual channel (there are 8 in total).

As a result, this is what should happen (go to the section again "State"):

5. Now go to the section "Interface settings", then select a subsection "Internet"(see screenshot below). We specify the parameters as in the screenshot below (user and password: rtk), then save all the parameters by clicking the “Save” button.
This completes the setup for PPPoE mode.

Point 2. Changing the router login password

To change your password, go to the section "Device Operation", then "Administration", where the password for logging into the router is actually changed (come up with complex password) (see screenshot below). Then press the button "Save"

Clause 2.5 List of passwords that are not recommended for entering the router

111111
12345
123456
12345678
abc123
admin
Administrator
password
qwerty
root
tadpassword
trustno1
consumer
dragon
gizmodo
iqrquksm
letmein

The virus already “knows” all these passwords and guessing the password will take 1 second. The password should not only consist of numbers or letters. Special characters (hashes, asterisks, percentages, quotation marks) and letters of different case (uppercase and lowercase) MUST be present. The larger and more varied the password, the longer it will take to “brute force” it (if at all).

Point 3. Restrict access to the modem to the WAN port.

1. Go to the modem settings and look for the menu "Access Control" and set the parameters as in the screenshot below:

2. As a result, a line with parameters should be added (see figure below):

Same for ENGLISH versions:

Point 4. LAN setup(DHCP + DNS)

The beginning

It all started when one of my friends complained that the mobile version of VKontakte was closed. I was very surprised because I didn’t see any way for this objective reasons, and hastened to check if this was so. Switching to m.vk.com dispelled my doubts - everything worked. When questioning a friend, it turned out that m.vk.com reported that the entire service had moved to mobile app and offers to download this application. Obviously, viruses are playing pranks, I thought, and asked a friend to let me look at his car.

First of all, I personally looked at this fake, everything looked very plausible: it was well laid out and the URL was exactly m.vk.com. So one would really think that mobile version VK has closed.
Well, what could it be? Of course, hosts! Opening it, I was ready to save my friend from a terrible misfortune, but... there was nothing in the file except standard comments. There were also no other hidden hosts, as sometimes happens. Careful Study running processes did not yield anything interesting, just like googling the application offered for download. I thought about it.

My thought process was interrupted by a friend who said that the same thing happens when I try to log into VK from my phone. This was a clue. The phone was connected to home wi-fi point to the same point as problem computer. Having asked a friend to log into VK with mobile internet, having disconnected from wi-fi, I dismissed the option of infecting the phone - the real version opened. There was only one conclusion - the router was infected.

It's all due to irresponsibility

Having switched to 192.168.1.1, I asked a friend for the login and password for the router and heard in response... admin:admin! What?! How could you not change the password on the router that distributes wi-fi?! Amazing irresponsibility! The friend shrugged.
After checking the DNS I found the following:
The second address is well known to me, it is Google DNS, but I’ve never seen the first one before. He wasn't even from our region.
Nothing came to mind other than going to this address. A fake QIWI appeared before me, and, again, it was of excellent quality. (By the way, it's still there).

I removed this address from DNS, replacing it with the standard one for our region, changed the password on the router and restarted it. After that, everything worked as expected. After listening to my friend’s gratitude, I decided to take a closer look at the fake.

What a twist

2ip.ru said that the address was Ukrainian and showed what range it was from. The range was small, so it would be logical to scan it. No sooner said than done. Half an hour of fiddling around and another interesting address was discovered. Here he is: 176.102.38.39 .

Now there is profanity there, but when I found it, there was a form called “Fake admin panel” and fields for login and password. You never know? I thought and entered admin:admin. What do you think happened?

I found myself in the admin panel, with logs of all logins to the fake scammers! Amazingly, they were caught using their own method of infection.
I admit, at first I thought it was a honeypot and tried to enter one of the QIWI wallets from the log. The data was correct, there were about 1000 rubles in the wallet account. So it's not a honeypot. I left the wallet and started studying the admin panel.

Behind enemy lines

The admin panel was designed tastefully

(these toys on top moved when you pointed a rat at them, and made a sound (and it was not a flash drive))

In the Stat section you could see how many logged entries there were. The situation is something like this:

VK ~72000
OK ~45000
QIWI ~9000
BTC - 5

Not bad results (not counting btc), huh?

Separately, it is necessary to note the QIWI log, apparently, for the sake of it all this was done. The QIWI log displayed not only the login, password and IP, but also the balance at the time of login, as well as whether SMS confirmation for payments was turned on (which is amazing, in most accounts it was turned off). This log suggests that after authorization through a fake, the person was authorized on the real QIWI, and the poor guy didn’t even suspect there was a catch.

On the right top corner the number of records that have not yet been archived is displayed (note that these records were replenished very quickly).
And at the bottom (not visible in the picture), there were buttons for convenient export of non-archived logs to txt file and a button to restore all records from the archive.

Feeling that my time was running out, I restored all the records from the QIWI archive and downloaded them for myself. I wanted to do the same with the other services, but I couldn’t. Because at the next request I saw a 403 error, and then what is there now.

results

I cleared the resulting file of identical entries and checked to see if my friend’s wallet was there. An acquaintance was lucky; his wallet did not fall into the hands of scammers.
This

Dns Unlocker is a virus that belongs to the adware subclass. This program is installed on your PC without your confirmation, and then installs various advertisements in your browser. Due to the presence of malware in system registry, getting rid of Dns Unlocker is a rather complicated process. This malware enters the computer in most cases when downloading various torrents, illegal patches for computer games, free software and others free files. The creators of these resources monetize the content by wrapping the virus in boot file. The bootloader is special software, which transmits the desired content to the user, while at the same time it can install ad viruses, which prescribe various redirects, change home page, add ads in browsers and much more. Dns Unlocker belongs to such programs.

How to remove Dns Unlocker

To remove Dns Unlocker from your PC, you need to find and remove all extensions in browsers with named Dns Unlocker, all registry keys associated with this virus and everything virus files from the hard drive.
In most cases, when you normally get rid of a malicious add-on from your browser, the virus will only go away until you restart the browser. The virus repairs itself. You can remove it using the “Add or Remove Programs” menu, remove add-ons in the browser, find malicious files program and remove the virus physically. The work will be useless. It is necessary to clear all registry branches, namely the keys that are associated with the virus, but only well-trained users should do this operation. If you make the slightest mistake in the registry, you will need to reinstall the OS or it will work, but errors will appear on permanent basis. In this regard, we strongly recommend that only fairly advanced users clean the registry themselves, and you clean the registry at your own peril and risk. Therefore, we recommend automatically getting rid of Dns Unlocker using universal utility Spyhunter 4, produced by Enigma software.

Remove Dns Unlocker automatically

Why spyhunter?

Will remove all add-ons in browsers called Dns Unlocker.
It will clear all registry keys that are associated with Dns Unlocker and destroy only them. The computer registry will not be damaged, operating system will start working as before.
This program will destroy Dns virus Unlocker from your computer.
Optimizes the computer, it will function faster.
Provides your computer with protection from new viruses.
Cleans others unwanted programs and viruses from PC.

Instructions for manual removal of Dns Unlocker

Let us repeat that without the necessary experience it is better not to clean out the registry. Each operating system has its own differences. It doesn’t matter that the main registry keys, folders, files are mostly similar, the presence of some program that has the key name Dns registry Unlocker (this is a common occurrence), and, in fact, deletion will lead to the destruction of the OS.

Step 1: Create a restore point.

Be sure to make a restore point. Without a restore point, if the system crashes, you will no longer be able to restore it.

There is a problem (in my opinion) with the Yandex browser. Namely, DNS substitution. With his appearance in my computer life (December 2012), tensions began. Once a month (consistently) someone persistently tries to hack me. At first this amused me. He himself broke them in response. But now I'm tired and angry. The essence of the question is this. I set up all my mail on Yanlex. Stocks from social networks too (more convenient to work with). Previously I was on Mozilla, I transferred the same configuration to Yandex.browser ( hurry up Chroma even, in my opinion). When surfing the Net, sometimes you have to go through Mail.ru. (it’s clear what a dump it is).

So, my browser has become so attached to Male that it’s clear that personal information is leaking out confidential information and on its basis it is easier to come to me through the “back door”. I try to keep it closed. But you can’t sit at the computer for days. I clean Host periodically. I tried all the antiviruses - only Avast (Casper sometimes) blocks this crap. At the moment... I reinstalled Windows three times this year because of this bug. Today there is Avast Free + Avast Security + Adblock Plus + Adblock integration into the browser from Avast + windows defender(native). They figured out how to get through anyway.

Tried AZT - nothing. Cureit doesn't always detect. I tried Acronis and it helped once. Reinstalling the browser is awesome, but links, letters... hemorrhoids. Today we repulsed the attack. It all started today with going to Microsoft for Word and copying emails from the browser just in case. I have Windows 7x64 maximum speed, Litsuha (OEM installed it myself, went for 9 months, everything flew, performance 6.3 with the usual Seagate). Machine Icore(TM) i7-2600/4x3700 GHz/RAM-8/Gts 560Ti…

In general, a good gaming car, a year old. Here’s what other program to install to defeat the “Indians” without resorting to their methods (they are tempted to bullshit them, but I can hurt others, most likely; and I’m not 15 years old...). I contacted Yandex and blame the provider. The guys came from the provider, brought everything with a laptop, tested it with their programs, looked at the computer - everything was hockey. I also thought maybe my neighbors were using WiFI - everything is great there, double password...

There is only one mistake left - Yandex.browser (raw), which distributes my accounts left and right to its “partners”. Maybe I'm wrong. And I still like it)), it’s a good product, tweak it a little... So what should I do? What super program can be used here? Maybe I don't understand something...? Best regards, Valery.