dns poisoning?

I've two pc's on the network; 1 is windows7, the other XP. The network aslo has a couple of wifi clients (phones and laptops)
Anyways; I've had it a couple times now, where the home page (google.ca) loads to an adobe update page that insists on having me download an exe for update. This page url is showing Google
I've scoured the pc and could not find anything; same with results with pcs2(xp).
I did solve this by ipconfig /flushdns on both pc's and rebooting the router.
Everything works again?
Then a couple of days later, this problem returns.
Is my dns being poisioned, and how? Any Idea's. I'm pretty certain there are no viruses on both of the systems I'm using, and the router is locked down with passwords.

No findings; I'm usually pretty good with indentifying crap and removal. I've rest browsers to default; cleared caches, and ran virsu scans via safe mode.
Out of options

It found some things and removed them...stuff like search conduit, which I think were old entries from a long time ago.
After reboot; adware scan says clean.
Funny thing I've noticed; even though my hompegae comes up fine for now; If I type in the web address bar http://yahoo.com, I recieve that annoying adobe update page....so the problem still exists.

I'm not sure if this is external dns (a router problem) or internally manipulated dns (my system infected)

raylward102 said:

~~~
...the home page (google.ca) loads to an adobe update page that insists on having me download an exe for update.
~~~
I did solve this by ipconfig /flushdns on both pc's and rebooting the router.
~~~

I would be tempted to go ahead with the download and then upload it to virustotal... but that is just me. You might not feel comfortable doing that.

You can disable the service named DNS Client on XP and W7. You will never miss it. Then there will be no DNS cache to be poisoned or flushed. It is not the kindest thing to do to your DNS provider, but it should not cause any problems while you are troubleshooting this issue. You might also consider pointing your DNS to OpenDNS.

If the redirects still happen while the DNS Client is disabled, then you might want to consider scanning the computers while the operating system is not running (offline) What is Windows Defender Offline?

Sometimes these offline scanners take a while - so plan to run them overnight.


I don't pretend to understand the output of the command...
nslookup -d google.ca
...but you might want to compare that info when the redirect is and is not happening.

raylward102 said:

~~~
I'm not sure if this is external dns (a router problem) or internally manipulated dns (my system infected)

Can you test without the router turned on?
e.g. plug one computer directly into whatever jack the router normally connects to.

Adobe updates prompt for update by application windows only!; not web pages.
Msconfig has been explored; no changes.
I'm stumped. System seems to function correctly on all levels except for the stated issue