DNS Effing Up/Hijacking?

[EposVox]

Alright, I hate coming to forums for potential malware/virus/etc. stuff, but I'm not finding anything useful online.

I haven't gotten a "virus" or any sort of infection in like 3 years now. Common Sense + MalwareBytes + Web of Trust + BootUSB a/v scanning every couple of months has worked out great for me.

 

Well last weekend when I was changing Wordpress themes on my website. I lost access to it. Any time I go to it, I get "ERR_CONNECTION_TIMED_OUT" - still happens.

I finally yelled at my host and they said it's not a service outage. I had a couple of friends try it - and sure as can be, they can load the site and load it fine. (And I can load it via 4G on my phone.)

I've emailed them to try to work it out, figured my IP was blacklisted somehow - we had to fix that for FTP connections a while back.

 

Well then today I tried loading something and I got redirected to a few places before it automatically took me to where I was going. (A subreddit.) I couldn't get exact URLs, and I haven't been able to re-create it, but it was a pretty obvious browser hijack experience that I've seen quite a few times, only I still landed on my destination.

 

I also had a few sites load w/o CSS until I refreshed a few times, and then they wouldn't load and I'd get a DNS_PROBE_FINISHED_NXDOMAIN, and one other. 

I went to incognito mode to try and it somehow seemed worse.
It also interrupted my Lynda.com video playback, threw and error and I had to reload after all this was over for it to work.

 

Things are loading okay now, but only after my router manually rebooted during this whole process.

 

I haven't visited any shady sites afaik, haven't downloaded anything bad, and I went ahead and removed a few Chrome extensions, but no shady extensions or processes that I noticed, and MalwareBytes & Avira Free scans are showing up clean.

 

I also changed my ethernet adapter's DNS servers to Google's DNS servers, that didn't seem to have any effect. 

I've also run "ipconfig /flushdns" a few times since this weekend.

 

No matter how much sites wouldn't load, Skype and non-browser things seemingly stayed connected fine (other than during the router reboot, of course.)

 

Things seem to be okay now, but all this is very concerning.

 

This affected two different Chrome profiles, and the timeout for my domain affects every device on my network.

 

My ISP is TWC, I have a Motorola SBG6580 router - which doesn't appear to have any adjustable DNS settings on the router itself.

 

 

Any ideas?

 

---

 

Edit/Update: Checked the proxy settings and there was an old VPN connection set up from my usenet provider, but I don't think it was active. Removed it anyway. Didn't help.

[mikat]

https://productforums.google.com/forum/#!topic/chrome/nanfBxleQpw

maybe?

and no that's not a virus, i've had it before.

[EposVox]

https://productforums.google.com/forum/#!topic/chrome/nanfBxleQpw

maybe?

and no that's not a virus, i've had it before.

Does not seem to have worked.

 

I know it's not a virus, but it does need fixed.

[EposVox]

Update: Tried settings in above link and restarted PC. Manually restarted router and left it off for a few minutes.

 

I also ran nslookup for my domain, using Google's DNS servers and it found it, which means my router is managing my DNS and I can't change it.

[GoldenBE]

Does this happen on every device? Are you running Windows 10 on the device it's happening on? I have the same issues but only on my windows 10 desktop, and only for a few mintus after I rebooted my router. Happens to some sites youtube.com can load fine but google.com can get a connection timed out or dns error.

[EposVox]

Does this happen on every device? Are you running Windows 10 on the device it's happening on? I have the same issues but only on my windows 10 desktop, and only for a few mintus after I rebooted my router. Happens to some sites youtube.com can load fine but google.com can get a connection timed out or dns error.

I haven't/can't really use other devices enough to know if any others had a redirect, but my domain timing out happens on every device - PCs, Phones, etc.

[GoldenBE]

I haven't/can't really use other devices enough to know if any others had a redirect, but my domain timing out happens on every device - PCs, Phones, etc.

I would recommend resetting your router, and if possible try with another router. 

[EposVox]

I would recommend resetting your router, and if possible try with another router. 

Can't use another router; it's a cable modem router hybrid and I have no other cable modem to use w/ TWC. I have multiple routers/gigabit switches, but that does not affect this issue.

[pey5531]

You can setup DNS manually to use google one or opendns. that use solve your problem.

[EposVox]

You can setup DNS manually to use google one or opendns. that use solve your problem.

Already clarified I tried setting it for my LAN adapter, but it doesn't work because it's manually managed by my router/ISP - which I can't change.

[Aegis2x]

The only thing I can think of is having a SOCKS proxy configured or any other plugin-based proxy utility. Did you try different browsers? What about your host file, have you checked it for any weird entries? Most of the time those are pretty empty unless you have to access something specific via a specific IP and wish to use a DNS name or trick an application.

[EposVox]

The only thing I can think of is having a SOCKS proxy configured or any other plugin-based proxy utility. Did you try different browsers? What about your host file, have you checked it for any weird entries? Most of the time those are pretty empty unless you have to access something specific via a specific IP and wish to use a DNS name or trick an application.

Already checked proxy settings, happens across all browsers and all devices on my network.

 

Not blocked in hosts.

[GoldenBE]

Can't use another router; it's a cable modem router hybrid and I have no other cable modem to use w/ TWC. I have multiple routers/gigabit switches, but that does not affect this issue.

I'm not a router expert but I have the same thing ( router and modem in 1 ) that I got for free from my ISP, but they do allow you to put it in "bridge mode" meaning that the modem/router only acts as a modem and allows you to install a third party router. 

 

edit: seems to be possible with your router/modem: http://www.dslreports.com/forum/r27015950-TWC-How-to-run-a-Motorola-SBG6580-in-Bridge-mode

[EposVox]

I'm not a router expert but I have the same thing ( router and modem in 1 ) that I got for free from my ISP, but they do allow you to put it in "bridge mode" meaning that the modem/router only acts as a modem and allows you to install a third party router. 

 

edit: seems to be possible with your router/modem: http://www.dslreports.com/forum/r27015950-TWC-How-to-run-a-Motorola-SBG6580-in-Bridge-mode

 

Yes, but as far as been possibly determined, the modem or ISP manages DNS routing.

[GoldenBE]

Yes, but as far as been possibly determined, the modem or ISP manages DNS routing.

Yes but I think the issue is happening in the router part. The routers/modems isp's give for free are terrible and break for no reason I've been trough 5 so far in around 4 years, all had weird glitches after a while ( random disconnects, random reboots, not connecting to the network anymore, ... ) There was no way to explain how it happened but replacing them fixed it. ( resetting them didn't help )

[EposVox]

Yes but I think the issue is happening in the router part. The routers/modems isp's give for free are terrible and break for no reason I've been trough 5 so far in around 4 years, all had weird glitches after a while ( random disconnects, random reboots, not connecting to the network anymore, ... ) There was no way to explain how it happened but replacing them fixed it. ( resetting them didn't help )

Yes I've had those issues in my first 3 months of using it, haha.

 

Alright, I'll look into moving my other router in here and setting it up in bridge mode.

 

I'd hate to have to introduce a third point of relay though, modem - router - switch. Sigh.

[pey5531]

You can setup DNS manually to use google one or opendns. that use solve your problem.

What I meant is the DNS setting in windows not on your router.

[EposVox]

What I meant is the DNS setting in windows not on your router.

Yes, and I keep saying that it doesn't work, lol. I set a manual DNS server/alt server for 8.8.8.8 and 8.8.4.4 on my LAN adapter, and my traffic does not run through it. I've verified that, my ISP or modem seems to prevent that from actually happening.

 

And thus if I set that and ping my domain, it times out. But if I manually nslookup my domain via the 8.8.8.8 DNS, it finds it just fine.

[pey5531]

Yes, and I keep saying that it doesn't work, lol. I set a manual DNS server/alt server for 8.8.8.8 and 8.8.4.4 on my LAN adapter, and my traffic does not run through it. I've verified that, my ISP or modem seems to prevent that from actually happening.

 

And thus if I set that and ping my domain, it times out. But if I manually nslookup my domain via the 8.8.8.8 DNS, it finds it just fine.

Use a VPN then, problem solved?

[EposVox]

Use a VPN then, problem solved?

Not a permanent solution. Tis a temporary workaround.

[EposVox]

The rest of my issues seem to have disappeared and I'm working with my web host to find out about my domain issue. Marking this solved so I stop having to repeat myself.

[pey5531]

Not a permanent solution. Tis a temporary workaround.

Yes, you are correct. a more permanent solution would be for you to resolve this issue with the ISP directly or get a new ISP. 

Oh and did you check your host file?