What to do if you are a victim of a DNS Hijack

Yesterday I did something what I am not normally doing.
Because I missed one episode from the series The Mentalist and one from NCIS, I looked for them on the net. I know, bad idea. I found and downloaded them from two sites: The Mentalist came from XTVi and NCIS from other site.
XTVi came with a Trojan.
When I tried to watch The Mentalist, I was prompted to upgrade Windows Media Player in order to do that. I made a big mistake and chose to run the ‘upgrade’ via a program that was a malware.
Next morning- as in today- when I tried to open Firefox I was prompted that the server tried to redirect the link. I could not use Firefox.
WTF??!!! I could feel my blood freezing. Oh my God! I suddenly understood that something really bad happened.
On a verge of panicking I scanned my computer with SmitfraudFix and sure enough I got this message
“Your computer may be victim of a DNS Hijack: 85.255.x.x detected !”
OK, now I was in full panic mode.
I opened Explorer- because Firefox did not want to collaborate with me- and looked for a fix.
I found it and cleaned my computer (or so I hope)

This is what you should do if you are stupid like me and made the same mistake:

1. Reboot computer in Safe Mode (you know the gig: restart the computer, before the Windows icon appears tap the F8 key)
2. In Safe Mode, open SmitfraudFix- assuming that you do have SmitfraudFix… if you don’t, do yourself a favor and get it- folder and double-click smitfraudfix.cmd. Select option#2- Clean by typing 2 and then press ‘Enter’ to delete infected files
3. When prompted ‘Registry cleaning- Do you want to clean registry?’ answer Yes by typing y and press ‘Enter
4. The tool will check if wininet.dll is infected. If the file is found, you may be prompted to replace it. In my case it was not found
5. Restart the computer into normal Windows. You are going to get a text file with results from the cleaning process

Next: I went to http://www.besttechie.net/tools and looked for the file: mbam-setup.exe.
This is Malwarebytes’ Anti-Malware.
1. Download the application
2. Make sure that checkmark is placed nest to Update and Launch Malwarebytes’s Anti-Malware, then click Finish
3. Once the program is loaded, select ‘Perform Quick Scan’ and then click on ‘Scan’
4. After the scan is complete click OK, then Show Results
5. Make sure that everything that shows on the list is checked and then click ‘Remove Selected’
6. When disinfection is completed, the report will show up in Notepad
7. Restart your computer

Now Firefox is running again and I have learnt my lesson. Beware of XTVi!!!

Leave a Reply