Community Forum
Top

About sbernie2

since ‎09-24-2019
‎10-02-2019
sbernie2
New Poster

Re: "Utopia.net" DNS suffix coming from router?

by in Your Home Network
‎10-02-2019 08:03 PM
‎10-02-2019 08:03 PM
Read those. And others. Several times. They don't come to a conclusion. Why the two xfinity topics about this are marked "solved", I have no idea.   I have managed to temporarily force my two computers with problems to choose a comcast DNS suffix instead of the automatic utopia one. However, I don't know if this is going to be a problem when I head over to my friend's place with Verizon internet, for example. Also waiting to see if this prevents the attacks my antivirus noticed.   I'm currently trying to get better help on another forum. Will post if I find a permanent solution. ... View more

"Utopia.net" DNS suffix coming from router?

by in Your Home Network
‎09-24-2019 11:58 PM
‎09-24-2019 11:58 PM
  What follows is a long story, so bear with me: I started internet service through Comcast and recieved an Arris model X5001 gateway from them for my new internet service. Let's say I named the network 'Bob'. After about a week, I start to get the following message on my antivirus program Norton Security multiple times an hour, every day, on both computers I use to connect to my new internet Bob. Category: Intrusion Prevention An intrusion attempt by cgqnpvkaxtasme.utopia.net was blocked. Malicious Site: Malicious Domain Request 21,"cgqnpvkaxtasme.utopia.net (208.91.197.27, 80)",wpad.utopia.net/wpad.dat,"10.0.0.44, 62050",cgqnpvkaxtasme.utopia.net (208.91.197.27),"TCP, www-http" Network traffic from <b>wpad.utopia.net/wpad.dat</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE. After a week of this, I get irritated and go looking through the internet to find out what's up. I eventually open command prompt and run 'ipconfig' to see my internet settings. My computer's DNS suffix now reads utopia.net no matter whether I'm connected to Bob or another network. I continue to get the antivirus block notifications (with slightly less frequency) when I use other wifi networks. I call my antivirus support team. They've seen this before, a lot in recent weeks. Helpful person assists me in changing my DNS suffix by deleting all instances of "utopia.net" from the registry. We attempt to reconnect to Bob, and "utopia.net" returns. We then follow instructions on how to perform a hard reset of the router and return it to factory settings, with changed passwords (new name zombieBob). We connect to zombieBob, and "utopia.net" returns. We clean up the PC's again and DON'T connect to zombieBob. Antivirus guy recommends a replacement gateway, so I call Comcast. They've never heard of this issue, but provide a replacement router anyway the next day. I set router firewalls to maximum, change every password, etc. I attempt to connect to the new wi-fi (let's say Jim) and test the ipconfig. "utopia.net" is labelled as the connection-specific DNS suffix. In the registry, it comes up as "Dhcp domain". I disconnect from Jim and check the ipconfig. "utopia.net" no longer appears there, or anywhere in the registry. I post here and on my antivirus's support forums because I am now thorooughly irritated and out of ideas. with comcast ipconfig with comcast registry other network ipconfig other network registry     ... View more
Latest Tags
No tags yet