Frequent Visitor
•
18 Messages
"Utopia.net" DNS suffix coming from router?
What follows is a long story, so bear with me:
- I started internet service through Comcast and recieved an Arris model X5001 gateway from them for my new internet service. Let's say I named the network 'Bob'.
- After about a week, I start to get the following message on my antivirus program Norton Security multiple times an hour, every day, on both computers I use to connect to my new internet Bob. Category: Intrusion Prevention
An intrusion attempt by cgqnpvkaxtasme.utopia.net was blocked. Malicious Site: Malicious Domain Request 21,"cgqnpvkaxtasme.utopia.net (208.91.197.27, 80)",wpad.utopia.net/wpad.dat,"10.0.0.44, 62050",cgqnpvkaxtasme.utopia.net (208.91.197.27),"TCP, www-http"
Network traffic from wpad.utopia.net/wpad.dat matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE. - After a week of this, I get irritated and go looking through the internet to find out what's up. I eventually open command prompt and run 'ipconfig' to see my internet settings. My computer's DNS suffix now reads utopia.net no matter whether I'm connected to Bob or another network. I continue to get the antivirus block notifications (with slightly less frequency) when I use other wifi networks.
- I call my antivirus support team. They've seen this before, a lot in recent weeks. Helpful person assists me in changing my DNS suffix by deleting all instances of "utopia.net" from the registry.
- We attempt to reconnect to Bob, and "utopia.net" returns. We then follow instructions on how to perform a hard reset of the router and return it to factory settings, with changed passwords (new name zombieBob).
- We connect to zombieBob, and "utopia.net" returns.
- We clean up the PC's again and DON'T connect to zombieBob. Antivirus guy recommends a replacement gateway, so I call Comcast. They've never heard of this issue, but provide a replacement router anyway the next day.
- I set router firewalls to maximum, change every password, etc. I attempt to connect to the new wi-fi (let's say Jim) and test the ipconfig. "utopia.net" is labelled as the connection-specific DNS suffix. In the registry, it comes up as "Dhcp domain".
- I disconnect from Jim and check the ipconfig. "utopia.net" no longer appears there, or anywhere in the registry.
- I post here and on my antivirus's support forums because I am now thorooughly irritated and out of ideas.
with comcast ipconfig
with comcast registry
other network ipconfig
other network registry
Andyr1
Gold Problem Solver
•
8K Messages
6 years ago
https://forums.xfinity.com/t5/Your-Home-Network/DPC3941T-Modem-hacked-Utopia-net/td-p/2888703
https://www.2-spyware.com/remove-utopia-net.html
0
0
sbernie2
Frequent Visitor
•
18 Messages
6 years ago
Read those. And others. Several times. They don't come to a conclusion. Why the two xfinity topics about this are marked "solved", I have no idea.
I have managed to temporarily force my two computers with problems to choose a comcast DNS suffix instead of the automatic utopia one. However, I don't know if this is going to be a problem when I head over to my friend's place with Verizon internet, for example. Also waiting to see if this prevents the attacks my antivirus noticed.
I'm currently trying to get better help on another forum. Will post if I find a permanent solution.
0
0
Xfinity_Support
Official Employee
•
1K Messages
6 years ago
Hi @sbernie2.
We appreciate you posting to the Xfinity Forums. Were you able to find a solution to this?
0
0
CCTambrey
Gold Problem Solver
•
3.4K Messages
6 years ago
sbernie2, as we have not heard back from you in some time, I have closed this thread to further comments. I hope you were able to find a solution to removing this malware, but if you still need assistance, please feel free to start a new thread or reach out to our customer security assurance team at 1-888-565-4329.
0
0