www.ditl.org

Anybody else ever have this problem? Once in a very great while when I type ditl.org/forum into my address bar, I will be taken to www.yeah.com/forum, and told there's been an error. Any ideas? I'm using Firefox 3.6.13 -- it happened before I upgraded as well.

Never seen that before.

Sonic Glitch wrote:Anybody else ever have this problem? Once in a very great while when I type ditl.org/forum into my address bar, I will be taken to http://www.yeah.com/forum, and told there's been an error. Any ideas? I'm using Firefox 3.6.13 -- it happened before I upgraded as well.

Nope, I've never seen that. It's possible to have a DNS hijack installed.

IanKennedy wrote:

Sonic Glitch wrote:Anybody else ever have this problem? Once in a very great while when I type ditl.org/forum into my address bar, I will be taken to http://www.yeah.com/forum, and told there's been an error. Any ideas? I'm using Firefox 3.6.13 -- it happened before I upgraded as well.

Nope, I've never seen that. It's possible to have a DNS hijack installed.

A what now?

DNS = Domain Name System, it's the thing that takes the names of sites you type and turns them into proper internet addresses. For example if you type "www.ditl.org" then the DNS turns that into the IP address 66.172.75.35. Your requests and their replies are then routed to that address.

A DNS hijack replaces your DNS settings with a DNS that does not tell the truth. You type http://www.ditl.org and instead of giving you the correct 66.172.75.35 it will give you a false address, for example 216.234.246.150 (the address of http://www.yeah.com). Now it may only do that once in a while so that it doesn't get too annoying and then found out and removed.

I would check that your DNS settings are correct for your ISP. You can do that on Windows by starting a command prompt (select 'Run' from the start menu and enter 'cmd' and then click the run button). In the screen you can then type 'ipconfig /all' and press return. You should see something like this:
Check the 'DNS Servers' like and see if that agrees with you ISPs published DNS settings. Or post you ISP name here and I can tell you what their DNS should be. If the numbers don't match then you have an issue.

IanKennedy wrote:DNS = Domain Name System, it's the thing that takes the names of sites you type and turns them into proper internet addresses. For example if you type "www.ditl.org" then the DNS turns that into the IP address 66.172.75.35. Your requests and their replies are then routed to that address.

A DNS hijack replaces your DNS settings with a DNS that does not tell the truth. You type http://www.ditl.org and instead of giving you the correct 66.172.75.35 it will give you a false address, for example 216.234.246.150 (the address of http://www.yeah.com). Now it may only do that once in a while so that it doesn't get too annoying and then found out and removed.

I would check that your DNS settings are correct for your ISP. You can do that on Windows by starting a command prompt (select 'Run' from the start menu and enter 'cmd' and then click the run button). In the screen you can then type 'ipconfig /all' and press return. You should see something like this:

Code: Select all

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : localdomain
        Description . . . . . . . . . . . : Parallels Ethernet Adapter
        Physical Address. . . . . . . . . : 00-1C-42-F8-2B-A2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.211.55.3
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.211.55.1
        DHCP Server . . . . . . . . . . . : 10.211.55.1
        DNS Servers . . . . . . . . . . . : 10.211.55.1
        Primary WINS Server . . . . . . . : 163.1.2.52
        Secondary WINS Server . . . . . . : 129.67.1.152
        Lease Obtained. . . . . . . . . . : 15 December 2010 18:17:32
        Lease Expires . . . . . . . . . . : 15 December 2010 18:47:32 

Check the 'DNS Servers' like and see if that agrees with you ISPs published DNS settings. Or post you ISP name here and I can tell you what their DNS should be. If the numbers don't match then you have an issue.

If the numbers don't match, how do I fix it?

Now that we've established there is a problem, how do I rid myself of it? A website I found suggested downloading and running Malwarebytes -- first downloading it somewhere uninfected and then changing the name. If Malwarebytes is already on my computer and has been since before the problem, will it still be effective?

Probably not. Most new viruses are designed to make things like Malwarebytes and popular anti-virus suite's inactive. The last time I got a virus Malwarebytes wouldn't update and couldn't scan, same with Avira. Do what they suggest, downloading the version to a stick from an uninfected computer, change the name, and also download the manual update. That should let you get moving with it.

I've got an old 512mb stick that I just keep as a matter of course with backups of all my anti-virus programs and tools.

Sonic Glitch wrote:Anybody else ever have this problem? Once in a very great while when I type ditl.org/forum into my address bar, I will be taken to http://www.yeah.com/forum, and told there's been an error. Any ideas? I'm using Firefox 3.6.13 -- it happened before I upgraded as well.

I've had this happen to me in the past with Wikipedia (mostly on school computers running XP). I'll type in a perfectly formed Wiki address for an article I know to exist, and it will redirect me to yeah.com.

Sonic Glitch wrote:Now that we've established there is a problem, how do I rid myself of it? A website I found suggested downloading and running Malwarebytes -- first downloading it somewhere uninfected and then changing the name. If Malwarebytes is already on my computer and has been since before the problem, will it still be effective?

It's worth a try, but as others have said it's likely that it won't work. You can try downloading a new version of them and see what happens.

The DNS numbers still don't line up. Would the fact that I'm connected via a wireless network not a landline be an issue?

If you open up the control panel and open Network Connections. You can then find you active connection and right click on it and select Properties. In the list that appears in the window find 'Internet Protocol (TCP/IP)'. Click on it and click the properties button. In the lower half of the window that opens there's a setting that says how to obtain the DNS settings. It will either be 'Obtain DNS server address automatically' or 'Use the following DNS server addresses'. Which is it set to? If it's set to 'use the following' change it to automatic. The Click OK button.

Now open a command prompt (Select Start / Run... and enter 'cmd' and click the run button). In the window that opens type 'IPCONFIG /renew'. It will take a little time to return. Once it's complete type 'IPCONFIG /all' and look for the DNS row. Is it still 'wrong' or has it changed. If it's changed, great. I would then restart your computer and see if that new setting is retained. You can do that by entering 'IPCONFIG /all' in a command prompt once you have restarted.

If it stays the same or is changed and then changes back again after a period of time then there's something running on your machine that is causing it to change back once it's 'fixed'. To be honest that's quite likely, as something must of changed it in the first place. The goal is to kill off that culprit and then you can use the above procedure to repair the settings.

IanKennedy wrote:If you open up the control panel and open Network Connections. You can then find you active connection and right click on it and select Properties. In the list that appears in the window find 'Internet Protocol (TCP/IP)'. Click on it and click the properties button. In the lower half of the window that opens there's a setting that says how to obtain the DNS settings. It will either be 'Obtain DNS server address automatically' or 'Use the following DNS server addresses'. Which is it set to? If it's set to 'use the following' change it to automatic. The Click OK button.

Now open a command prompt (Select Start / Run... and enter 'cmd' and click the run button). In the window that opens type 'IPCONFIG /renew'. It will take a little time to return. Once it's complete type 'IPCONFIG /all' and look for the DNS row. Is it still 'wrong' or has it changed. If it's changed, great. I would then restart your computer and see if that new setting is retained. You can do that by entering 'IPCONFIG /all' in a command prompt once you have restarted.

If it stays the same or is changed and then changes back again after a period of time then there's something running on your machine that is causing it to change back once it's 'fixed'. To be honest that's quite likely, as something must of changed it in the first place. The goal is to kill off that culprit and then you can use the above procedure to repair the settings.

Hm. Interestingly enough, while the numbers did not change after going through all that nothing has changed, at least one of the DNS numbers is validly connected to my internet provider. Am I supposed to have 3 DNS numbers tho?

You are posting from an IP address of 24.102.128.73 which belongs to someone called PenTeleData Inc, looking at them they've actually got 6 DNS servers:

DNS1.PTD.NET which is 204.186.0.201
DNS2.PTD.NET which is 207.44.96.129
DNS3.PTD.NET which is 204.186.0.203
DNS4.PTD.NET which is 207.44.0.1
DNS5.PTD.NET which is 198.69.185.1
DNS6.PTD.NET which is 198.69.184.1

Are all the numbers you are seeing listed amongst these here. If so then it's working correctly, if not then you've definitely got an issue.

Typically, an ISP will balance the load on their servers by randomly allocating ones to clients. Typically, they will allocate 2 or maybe 3 servers to each client, so that they will continue to work when one of the servers isn't running.

IanKennedy wrote:You are posting from an IP address of 24.102.128.73 which belongs to someone called PenTeleData Inc, looking at them they've actually got 6 DNS servers:

DNS1.PTD.NET which is 204.186.0.201
DNS2.PTD.NET which is 207.44.96.129
DNS3.PTD.NET which is 204.186.0.203
DNS4.PTD.NET which is 207.44.0.1
DNS5.PTD.NET which is 198.69.185.1
DNS6.PTD.NET which is 198.69.184.1

Are all the numbers you are seeing listed amongst these here. If so then it's working correctly, if not then you've definitely got an issue.

Typically, an ISP will balance the load on their servers by randomly allocating ones to clients. Typically, they will allocate 2 or maybe 3 servers to each client, so that they will continue to work when one of the servers isn't running.

Interestingly enough, none of those numbers correspond. My DNS settings are appearing under "Wireless LAN adapter Wireless Network Connection" -- should that make a difference? (I.E. would the numbers for my wirelessly connected laptop differ from the landline connected desktop?)