DNS/Cookie hijacking

I have this issue again after a similar problem has been fixed: http://forum.notebookreview.com/windows-os-software/722534-browser-virus-redirect-isp.html

Now it happens on firefox and after a restart and flushing+renew ipconfig it doesn't work

TDSS/Antirootkit standalone detects nothing


Firefox V23/Win7 x64

-Pinging website works
-Can be opened in Chrome/IE9
-IPV4 DNS config locked on google 8.8.8.8/8.8.4.4
-Windows Defender detects no threats

 

Have you looked at your hosts file?

How do I modify my hosts file? | Knowledge Center | Rackspace Hosting

 

Definitely check out the host file first to see if there's anything in there. Ideally, there shouldn't be any entries in there, except maybe 127.0.0.1 (loopback).

 

Host file seems clean.

I also tried disabling/reenabling network adapter, seem to have no effect :|

 

If you really think someone upstream (like your ISP) is doing this, there is not much you can do about it. DNS is unencrypted and modifying packets on the wire is trivial, there is even dedicated hardware to do this in realtime with no speed penalty for most major protocols.

The only real way around it would be a VPN to hardcoded ips, assuming they don't block the ports (or you can pick a common open port on both ends) and/or hope they don't use some kind of packet inspection to drop tunnels. (if they paid for the injection hardware, odds are they will block simple SSL vpns too)

I would not surprise me at all for a cell carrier to do this with the usual excuse of bandwidth/service management, they also want to do things like force proxy use etc.

 

Tried HSS VPN, does not work w/ normal - private browsing

Tried PPTP and OpenVPN, same result