Sunday, April 5, 2009

Problem Solved: Windows Update redirecting to Google

I had a piece of adware installed that seemed to randomly redirect me to various sites I didn’t ask for… sometimes reputable, sometimes offshore viagra. Turns out it also consistently redirected any link to a microsoft update or download site to Google’s English language home page.

I think the cluprit was Vundo.JC.dll — found this little tidbit of love after running Defender in safe mode. However, even after removal, the redirection continued.

The clue was that this redirection was consistent, worked in all browsers (or, actually, was broken in all browsers — if it were only broken in Internet Explorer, a “browser helper object” add-in would probably have been the cause), and even returned the wrong address from the command line. After a little digging, I discovered that my DNS settings had been hijacked. That is, the stinking adware changed my DNS settings to point to the publisher’s servers. In this case, the new server settings were 85.255.112.69 and 85.255.112.209. If you see these in your Network configuration, you’ve found your culprit!

I reset my DNS back to “automatically via DHCP” and all returned to normal. Hooray!