We are techies at heart! T: 01923 537247
IT Support services that help transform your IT function to underpin current business objectives and future aspirations
IT Support Solutions in London & Hertfordshire
Malware Issues
Recently we came across a virus, not a hugely unusual occurrence, but in this case the infection was identified via IPCONFIG. It's a useful command but not one I would have expected to help with finding infections.

The client called us with a machine that was suffering from slow internet speeds. Once we identified that it was a single machine problem we knew the issue was with the PC, not the internet connection itself.

On investigation we found that when the user typed in a domain it would take 60 seconds to 2 minutes for the page to display, yet once it had displayed navigating around the site was fast. To those who know this sounds like a problem with DNS.
Malware Issues
 
Now this particular network has a manually setup IP configuration and used multiple internal DNS servers (complicated reasons for all that). The immediate thought was something in the machines config was wrong. However, after double checking every setting we could find nothing. Yet still the problem persisted.

Eventually we ran a command to show the local DNS cache, IPCONFIG /displaydns. In here we saw evidence of the issue, multiple calls to domains with completely random names, jsfwfwpqdj.com for example. Now the machine should not have been trying to find these domains and the immediate thought was a virus or botnet trying to phone home for instructions. Thankfully OpenDNS was in use and had been blocking the domains so no real harm had been done. In fact, what was happening was each time they tried to get to a web site the machine would try contacting malware sites for a minute or two. Only after having tried, and failed, would it then go to the correct website. Who knows what would have happened should it have been able to reach the infected sites!
So now we understood the issue we needed to clean up the infection, and get the machine working properly.

Anti-Virus software would not run, Malware cleaning tools wouldn't install and Safe Mode resulted in a Blue Screen of Death. Leaving only a few options.

So we turned to a trusty old Rescue CD, and booted the infected machine from this. If ran a full scan, found the problem files and fixed them.

The lesson learnt;
  • Rescue CD's do what they say on the tin
  • OpenDNS really does work, and prevents issues