Sunday, April 5, 2009

Problem Solved: Windows Update redirecting to Google

I had a piece of adware installed that seemed to randomly redirect me to various sites I didn’t ask for… sometimes reputable, sometimes offshore viagra. Turns out it also consistently redirected any link to a microsoft update or download site to Google’s English language home page.

I think the cluprit was Vundo.JC.dll — found this little tidbit of love after running Defender in safe mode. However, even after removal, the redirection continued.

The clue was that this redirection was consistent, worked in all browsers (or, actually, was broken in all browsers — if it were only broken in Internet Explorer, a “browser helper object” add-in would probably have been the cause), and even returned the wrong address from the command line. After a little digging, I discovered that my DNS settings had been hijacked. That is, the stinking adware changed my DNS settings to point to the publisher’s servers. In this case, the new server settings were and If you see these in your Network configuration, you’ve found your culprit!

I reset my DNS back to “automatically via DHCP” and all returned to normal. Hooray!

1 comment:

  1. These machines are found in numerous areas, for example, comfort stores and banks and can frequently be gotten to 24 hours every day. Check Cashing chicago