DNS Spoofing/Poisoning

I have been grappling with this problem for some months, There have been numerous attempts to run Ransomeware the latest being British Gas, detected by Norton.

I am quite desperate as my partner has terminal cancer and is taking much of my time. This is the last thing I wanted.

Would it help if I installed NordVPN?

I am with BT. I used a utility to find out the DNS which was given as 81.147.11.156

I ran Ccleaner at startup and this stopped the DNS poisoning happening immediately when I booted the computer.

Any help gratefully received

Very sorry to hear about your partner.

With respect to the PC, sounds like it's infected with some nasty malware. My attitude to these things is scorched earth - that is completely wipe it and start from a clean OS install, then reinstall the apps and finally data. Make sure the data is fully AV & malware etc scanned before re-installing it.

Hopefully you have an up to date backup that you can use.

Thank you for replying.

I've bought a version of Norton which prevents DNS spoofing.

It also has a VPN.

When switched on it will not allow me to go to any website apart from the router - which allowed me to change the admin password.

It is set to block all incoming remote desktop connections (both private and public).

On the Norton history I am getting DNS PUBLIC BLOCKED(UDP(17) traffic (10.252.6.179)

Apologies I can’t really help with specifics here. I’m not the person to be asking about Norton products unfortunately. I gave them up literally more than twenty years ago and have never had the compunction or need to ever go back.

Saying that although windows isn’t my daily desktop OS, I still have windows boxes running a variety of W11 desktop and Windows Server iterations (virtual and physical) but I always just use the built-in defence.

I hope you can get this sorted, but I stand by my earlier advice, which is to backup
your data and start afresh with a clean windows install and reload your apps and data.

In reply to a post by Pheasant:

I hope you can get this sorted, but I stand by my earlier advice, which is to backup
your data and start afresh with a clean windows install and reload your apps and data.

Absolutely this above. It may be a pain, but worth it in the long run.

Hi,

I wouldn't trust Norton as it's based in Russia where a lot of cyber attacks come from. Last time I used any Norton product was in the 90's. If you're using Windows then it comes with it's own AV / Malware detector, Defender, which is very good. IMHO, why pay for something extra when you have you can have something for nothing.

HTH,

Likely a false positive.

In reply to a post by mking90031:

Hi,

I wouldn't trust Norton as it's based in Russia where a lot of cyber attacks come from.

You may be thinking of Kaspersky: the folks who own the Norton brand have HQs in Czechia and the US.

In reply to a post by Tantalus:

Would it help if I installed NordVPN?

In short, no.

If your computer is infected with malware, as it very strongly sounds, then this malware will still be operating regardless of whether the VPN is up or down.

As has been already suggested: copy off any *data* files (not programs/executables) to an external drive, wipe your computer and start from scratch with a fresh OS installation.

If you're not comfortable doing this and you have a local friendly computer shop, you can probably pay them to do this.

You probably don't need any third-party anti-virus but do make sure Windows Defender is on.

10.252.6.179 is a private network address, but may be on a separate broadcast domain to your computer which maybe why it's tripping Norton.

I think you have DNS configured manually and not accepting DNS from DHCP so when you use a VPN it's not switching DNS servers. Have a look at your computer's settings.