Results 1 to 2 of 2

Thread: DNS or redirect problem - virus/malware?

  1. #1
    Join Date
    Nov 2012

    DNS or redirect problem - virus/malware?

    Hi all - (somewhat) long time lurker, first time poster. Thanks in advance for any help you can provide.

    I am having an issue with web browsing where following certain links (for instance, the "Ask the seller a question" link in this eBay auction) redirects me to a different website, one which shows this image:

    The IP address of the page is The issue is only happening from my laptop and home server, which are both running 12.10. All other computers in my household (a few Windows 7 laptops and an iMac) are having no such problem.

    I have done some googling to try to figure out what the source of the issue is, but I haven't found anything yet that solves the problem. Here are the steps I've taken so far:

    (1) Tried using Google Chrome in Incognito mode so that browser extensions are disabled. Same results.

    (2) Tried using Firefox. Same results.

    (3) Tried commenting out the line in /etc/NetworkManager/NetworkManager.conf that says "dns=dnsmasq"; restarted network-manager service and verified that /etc/resolv.conf no long showed as the nameserver. Still no change.

    Contents of /etc/NetworkManager/NetworkManager.conf:

    Contents of /etc/resolv.conf:

    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    search WORKGROUP
    (4) Ran whois on IP address Output:

    % Information related to ' -'
    inetnum: -
    netname:        UK-AOL-00
    descr:          UUNET AOL dial up pool for UK
    country:        GB
    admin-c:        WERT1-RIPE
    tech-c:         MDRa2-RIPE
    status:         ASSIGNED PA
    remarks:        Please send abuse notification to
    mnt-by:         AS1849-MNT
    source:         RIPE # Filtered
    role:           MCI Dial Repair and Server Surveillance Support Team
    address:        Network Management Unit
    address:        UUNET Deutschland GmbH
    address:        MCI Group
    address:        Sebrathweg 20
    address:        D-44149 Dortmund
    address:        Germany
    phone:          +49 231 972 0
    fax-no:         +49 231 972 1207
    admin-c:        WERT1-RIPE
    tech-c:         AA715-RIPE
    tech-c:         IA304-RIPE
    tech-c:         MB5310-RIPE
    tech-c:         OC250-RIPE
    tech-c:         EE266-RIPE
    tech-c:         MK3732-RIPE
    tech-c:         PM3050-RIPE
    tech-c:         HOS-RIPE
    nic-hdl:        MDRa2-RIPE
    mnt-by:         AS1849-MNT
    source:         RIPE # Filtered
    role:           WCOM EMEA Registrar Team
    address:        Verizon
    address:        EMEA Network Services
    address:        J. Muyskenweg 22
    address:        NL-1096 CJ Amsterdam
    address:        The Netherlands
    phone:          +31 20 711 6000
    fax-no:         +31 20 711 6001
    admin-c:        AK111-RIPE
    admin-c:        ARK-RIPE
    admin-c:        HTV5-RIPE
    admin-c:        TONE1-RIPE
    admin-c:        USB1-RIPE
    tech-c:         AK111-RIPE
    tech-c:         ARK-RIPE
    tech-c:         HTV5-RIPE
    tech-c:         TONE1-RIPE
    tech-c:         USB1-RIPE
    nic-hdl:        WERT1-RIPE
    mnt-by:         AS1849-MNT
    source:         RIPE # Filtered
    % Information related to ''
    descr:          UUNET-DE AOL/CS Pool
    origin:         AS702
    member-of:      AS702:RS-DE,
    inject:         upon static
    aggr-mtd:       outbound
    mnt-by:         WCOM-EMEA-RICE-MNT
    source:         RIPE # Filtered
    I don't know where to go from here, as I'm no networking expert, and can't find anybody who has had similar issues. Your advice and insight would be greatly appreciated.

  2. #2
    Join Date
    Jul 2005

    Re: DNS or redirect problem - virus/malware?

    Router malware is not uncommon. A Windows computer could have infected your router, though of course you say your Windows computers are fine now.

    Ruling out router malware is pretty easy, though. First, obviously you can connect the laptop to some other internet connection at a coffee shop or something? If you have the same problem there, then you know it's not your internet connection at home. You could also try setting DNS on you Ubuntu computers to use, say, Google's DNS servers ( and

    If you can't do that, you could reset the router and/or modem to factory settings and set them up again for your home network. Depending on your setup, that might be really easy or kind of a pain.

    An easy way to avoid router malware is to set the admin password to something different from the default, FYI. Usually the default username is "admin" and the default password is "admin" or "password" or "1234" or just blank. Router malware can obviously guess those pretty easily, but it can't guess a unique password you've set, even an easy one.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts