DNS Poisoning?

[paul881]

My PC has been infected recently with various malware programs that McAfee and SpySweeper failed to detect bur SpyBot did the job But each time I reboot my PC, SpySweeper tells me it has blocked a communication from AYB.DNS.com. The first three letters actually change from time to time and I have seen variations of those letters over the past week.

This seems to be DNS poisoning where a rogue server takes the identity of my intended ISP server? I don't quite know the technicalities but thats what I have ascertained with a bit of resarch.

However, I cannot seem to find any methods/programs to cure this issue - do you have any suggestions?

[bgelfand]

I assume you are running Windows and you are not a server yourself.

Although there are several places IP redirection could occur, I suspect that malware has altered your hosts file. On my Windows 2000 system, the file resides at C:\WINNT\system32\drivers\etc and the file name is hosts, with no file type. The file is a text file; you may open and edit the file with Notepad.

Look in the hosts file. Lines starting with the # character are comment lines. The only line that is not a comment line in a standard hosts file is:

127.0.0.1 localhost

If you file contains other entries, copy the file to another directory and rename it to say, hosts_old. This will preserve it should any of the other entries prove valid and needed for other software you may be running.

Next use NOTEPAD to edit the hosts file and remove all other non-comment - lines that doe not begin with # - except the line 127.0.0.1 localhost. Save the edited file in its original directory and exit NOTEPAD.

Reboot. This will clear any cache.