All non FQDN requests are resolving to 72.172.91.230
I have run into a situation where some of our Windows 7 PCs are having any non-FQDN requests resolving to 72.172.91.230.
I have run scans from Malware Bytes, Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, and Symantec Endpoint Protection. Only Malware Bytes has detected any problems. One PC had registry entries for PUM.Hijack.DisplayProperties and the other PC had the PUP.FunWebProducts virus. Both machines cleaned "successfully" according to Malware Bytes but the problem is still there.
I checked the Hosts and LMHosts files on the affected PCs but there were no entries other than the standard Windows Entries that ship with Windows.
Oddly enough the problem isn't affecting FQDN resolution or Internet usage. I've always been under the impression that DNS redirect viruses are primarily targetting Internet redirection. While I can get around the situation by using FQDN I still feel a vulnerability exists since the problem still exists on some machines.
Has anyone else out there experienced something like this? Was it a virus and if so how did you remove it?
Answers (1)
When we have this happen we usually either block the request. I find most times that I google search what it is and then run Microsoft processmon to determine if it's something on the machine. In your case it's
| Host | 72.172.91.230 |
| Location |  US, United States |
| City | Whittier, CA 90607 |
| Organization | Findology |
| ISP | Net2EZ |
