Thanks to everyone who has chimed in. I ended up getting a new gateway from Comcast (an Arris TG1682G) and haven't had the hijack since (although I am now completely unable to disable the public wifi hotspot in the new modem). I did add the utopia.net line to my "hosts" file on my main laptop and I deleted the Utopia.net entry from my laptop registry. I have to get my husband to check his too. We had about 32 devices online- Sonos, TivoMinis and Roamio, printers, ipads and iphones, 5 laptops, a router set as an repeater and an extender, powerline and Moca adapters (big old house with 2 foot brick walls and two sets of wiring circuits!) and a few other ramdom wifi enabled devices like watches and a crockpot even, so I hope there is nothing hidden somewhere in any of these. We are moving so most of those are down and I hope our new Hughesnet network doesn't catch this (Comcast wanted $26k to build out to our new farm in the country!) None of my virus or malware detectors ever found anything, and my main laptop has Trend Micro protection through work.
... View more
utopia.net is part of a DNS hijacking attack. You should check all of your systems for malware, and then make sure your devices are getting their DNS servers from us automatically or set them manually:
Unfortunately once this hijack has taken hold, I am locked out of the modem and can't adjust the settings. The signal push by Comcast has restored things briefly so I'll try to put so,e security measures into play.
... View more
Has anyone else had this problem? In an effort to be as secure as possible, I have disabled the Wifi options for this DPC3941T gateway and I opted-out in My Account from being a WiFi hotspot. I use a separate Netgear router for my Wifi, but I have used the DPC3941T as a MoCa router for my home network and I had several TiVo's on the MoCa network, as well as Sonos and other devices.
Twice in the last two weeks my internet connectivity has stopped and after a hard reset of the modem, my modem browser config page becomes inaccessible (cannot open 10.0.0.1 at all, even when hard-wired to the modem by Ethernet) and my DNS settings point to "utopia.net" instead of the comcast.net servers. Because I cannot access the modem configuration at all I cannot change this, and none of my devices can connect. Both times I have called Comcast and they pushed a modem reset which eventually restored my internet access and then I am able to access the modem page.
If it weren't for the MoCa network going down, I might never have even noticed this hijack because apart from being unable to reach the modem home page, I can access other web pages, so I still have internet access. But I fear that this "utopia.net" DNS server might be redirecting our web activity to phony or phishing sites in order to collect logins and financial details?
I have changed the firewall settings on the modem to High, and I changed my modem admin password. Aside from thoroughly virus checking my computers, is there anything else I can do to prevent this from happening again?
... View more