sbernie2's profile

Frequent Visitor

 • 

18 Messages

Tuesday, September 24th, 2019 8:00 PM

Closed

"Utopia.net" DNS suffix coming from router?

 

What follows is a long story, so bear with me:

  1. I started internet service through Comcast and recieved an Arris model X5001 gateway from them for my new internet service. Let's say I named the network 'Bob'.
  2. After about a week, I start to get the following message on my antivirus program Norton Security multiple times an hour, every day, on both computers I use to connect to my new internet Bob. Category: Intrusion Prevention
    An intrusion attempt by cgqnpvkaxtasme.utopia.net was blocked. Malicious Site: Malicious Domain Request 21,"cgqnpvkaxtasme.utopia.net (208.91.197.27, 80)",wpad.utopia.net/wpad.dat,"10.0.0.44, 62050",cgqnpvkaxtasme.utopia.net (208.91.197.27),"TCP, www-http"
    Network traffic from wpad.utopia.net/wpad.dat matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.
  3. After a week of this, I get irritated and go looking through the internet to find out what's up. I eventually open command prompt and run 'ipconfig' to see my internet settings. My computer's DNS suffix now reads utopia.net no matter whether I'm connected to Bob or another network. I continue to get the antivirus block notifications (with slightly less frequency) when I use other wifi networks.
  4. I call my antivirus support team. They've seen this before, a lot in recent weeks. Helpful person assists me in changing my DNS suffix by deleting all instances of "utopia.net" from the registry.
  5. We attempt to reconnect to Bob, and "utopia.net" returns. We then follow instructions on how to perform a hard reset of the router and return it to factory settings, with changed passwords (new name zombieBob).
  6. We connect to zombieBob, and "utopia.net" returns.
  7. We clean up the PC's again and DON'T connect to zombieBob. Antivirus guy recommends a replacement gateway, so I call Comcast. They've never heard of this issue, but provide a replacement router anyway the next day.
  8. I set router firewalls to maximum, change every password, etc. I attempt to connect to the new wi-fi (let's say Jim) and test the ipconfig. "utopia.net" is labelled as the connection-specific DNS suffix. In the registry, it comes up as "Dhcp domain".
  9. I disconnect from Jim and check the ipconfig. "utopia.net" no longer appears there, or anywhere in the registry.
  10. I post here and on my antivirus's support forums because I am now thorooughly irritated and out of ideas.

with comcast ipconfigwith comcast ipconfigwith comcast registrywith comcast registryother network ipconfigother network ipconfigother network registryother network registry

 

 

This conversation is no longer open for comments or replies and is no longer visible to community members.

Frequent Visitor

 • 

18 Messages

6 years ago

Read those. And others. Several times. They don't come to a conclusion. Why the two xfinity topics about this are marked "solved", I have no idea.

 

I have managed to temporarily force my two computers with problems to choose a comcast DNS suffix instead of the automatic utopia one. However, I don't know if this is going to be a problem when I head over to my friend's place with Verizon internet, for example. Also waiting to see if this prevents the attacks my antivirus noticed.

 

I'm currently trying to get better help on another forum. Will post if I find a permanent solution.

Official Employee

 • 

1K Messages

6 years ago


@sbernie2 wrote:

Read those. And others. Several times. They don't come to a conclusion. Why the two xfinity topics about this are marked "solved", I have no idea.

 

I have managed to temporarily force my two computers with problems to choose a comcast DNS suffix instead of the automatic utopia one. However, I don't know if this is going to be a problem when I head over to my friend's place with Verizon internet, for example. Also waiting to see if this prevents the attacks my antivirus noticed.

 

I'm currently trying to get better help on another forum. Will post if I find a permanent solution.


Hi @sbernie2

 

We appreciate you posting to the Xfinity Forums. Were you able to find a solution to this?  

Gold Problem Solver

 • 

3.4K Messages

6 years ago

sbernie2, as we have not heard back from you in some time, I have closed this thread to further comments. I hope you were able to find a solution to removing this malware, but if you still need assistance, please feel free to start a new thread or reach out to our customer security assurance team at 1-888-565-4329.

forum icon

New to the Community?

Start Here