All non Fully Qualified Name requests are redirecting to 72.172.91.230
I am running into an odd issue that I believe to be virus related. Some of our Windows 7 machines are redirecting all of their non-FQDN requests to 72.172.91.230. If you use the FQDN everything works perfectly.
I have checked the hosts and lmhosts files and there are no entries in their other than the Windows Default entries. \
I have run Malware Bytes, Microsoft Security Essentials, Microsoft Malicious Software Removal tool, TDSSKiller, and Symantec Endpoint Protection 11 on two of the machines. Malwarebytes detected the pup.funwebproducts virus on one of the PCs. It found Malware.Trace and PUM.Hijack.DisplayProperties registry entries. They were all cleaned successfully according to MalwareBytes.
The odd thing is that the behavior hasn't redirected web traffic on the PCs. It just seems to be affecting the NETBIOS resolution.
Has anyone else ran into an issue like this and if so how did you fix it?
Answers (1)
The IP is listed all over on various malware lists -
http://support.clean-mx.de/clean-mx/viruses.php?ip=72.172.91.230&sort=first%20desc
Have you scanned the registry for that IP? Also, have you cleared the NETBIOS cache?