Now this is an annoying one.
You go to any of google’s sites including any site that has google-analytics.com javascript included in it’s body and BOOM! ..either you get redirected to a bullshit search page you didn’t ask to go to or the browser shows a blank white screen while apparently analytics loads..

It turns out this is actually a virus that infects routers!

There are “short-lived-ways” to solve this problem and the one I adopted was to add the following into a windows batch file and run it every bloody time just before doing a google search.

ipconfig /flushdns

For other platforms see here: http://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/

This will flush your local DNS cache and for a very short while allow you to do what you actually want to.

A lot of people who have experienced this problem say that you should simply update the firmware on your router (which does not always work).

If you login to your router’s control panel (usually http://192.168.0.1) and check under your DNS settings, you will see that the DNS IP addresses are not set to “automatic” and instead show 2 IP addresses:

If you do some investigating then you will find out that these IP addresses are run from somewhere in Russia and that it’s a MALWARE servlet!

Finally a solution perhaps?

Take a look at opendns online and get some “valid” DNS servers to rather have instead of those bogus bullcrap ip addresses and replace it?

If that didn’t work then perhaps this will?

Perform a hard-reset of your router, not sure how to do that? While your router is on press the “reset button” with a ballpoint pen or similar object that fits.
You will probably have to go in and enter all your settings again, so take note of them all before you do this!!!


7 Comments

John · January 26, 2011 at 02:01

The Most Important Information missing from all this help is: How did this happen in the first place? PUT A PASSWORD ON YOUR ROUTER!
This whole bug is successful because everyone has left the default router login as: admin and the password blank. All you have to do after you return the DNS back to normal is password your router. If you don’t it will happen again and again….

Ben · December 20, 2010 at 10:26

Make sure to alter the router’s password from the default and to disable remote management otherwise it will happen again.

    Andrew · December 20, 2010 at 11:19

    Good tips, thanks Ben

Rick Cierzan · December 2, 2010 at 00:05

My D-Link wireless router did have the two addresses
above. I reset the router and now that the addresses are gone, no redirect problems.
Thanks

Noel Godard · November 23, 2010 at 18:25

We’ve read the blog for some time, love the idea!

ip masking · August 27, 2010 at 15:56

If you have a VPN router that can make one connection for you then you might be able to use your computer VPN for the second. However, this is not usually the case for most home routers. Since the VPN is a tunnel within the existing IP connection you generally cant get two of them to work at the same time.

Redirecting Virus Fix – The tool that inspired this page. | Redirecting Virus Fix · June 10, 2011 at 08:43

[…] can try the tips from this article I found as if offers some free detailed information particularly the part that effects your router. […]

Leave a Reply

Your email address will not be published. Required fields are marked *