I have run into a situation where some of our Windows 7 PCs are having any non-FQDN requests resolving to 72.172.91.230. 

I have run scans from Malware Bytes, Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, and Symantec Endpoint Protection.  Only Malware Bytes has detected any problems.  One PC had registry entries for PUM.Hijack.DisplayProperties and the other PC had the PUP.FunWebProducts virus.  Both machines cleaned "successfully" according to Malware Bytes but the problem is still there. 

I checked the Hosts and LMHosts files on the affected PCs but there were no entries other than the standard Windows Entries that ship with Windows.

Oddly enough the problem isn't affecting FQDN resolution or Internet usage.  I've always been under the impression that DNS redirect viruses are primarily targetting Internet redirection.  While I can get around the situation by using FQDN I still feel a vulnerability exists since the problem still exists on some machines.

Has anyone else out there experienced something like this?  Was it a virus and if so how did you remove it?

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

When we have this happen we usually either block the request. I find most times that I google search what it is and then run Microsoft processmon to determine if it's something on the machine. In your case it's

 

Host 72.172.91.230
Location US US, United States
City Whittier, CA 90607
Organization Findology
ISP Net2EZ
Answered 10/25/2012 by: ms01ak
Tenth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity