What follows is a long story, so bear with me:
I started internet service through Comcast and recieved an Arris model X5001 gateway from them for my new internet service. Let's say I named the network 'Bob'.
After about a week, I start to get the following message on my antivirus program Norton Security multiple times an hour, every day, on both computers I use to connect to my new internet Bob. Category: Intrusion Prevention An intrusion attempt by cgqnpvkaxtasme.utopia.net was blocked. Malicious Site: Malicious Domain Request 21,"cgqnpvkaxtasme.utopia.net (208.91.197.27, 80)",wpad.utopia.net/wpad.dat,"10.0.0.44, 62050",cgqnpvkaxtasme.utopia.net (208.91.197.27),"TCP, www-http" Network traffic from <b>wpad.utopia.net/wpad.dat</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.
After a week of this, I get irritated and go looking through the internet to find out what's up. I eventually open command prompt and run 'ipconfig' to see my internet settings. My computer's DNS suffix now reads utopia.net no matter whether I'm connected to Bob or another network. I continue to get the antivirus block notifications (with slightly less frequency) when I use other wifi networks.
I call my antivirus support team. They've seen this before, a lot in recent weeks. Helpful person assists me in changing my DNS suffix by deleting all instances of "utopia.net" from the registry.
We attempt to reconnect to Bob, and "utopia.net" returns. We then follow instructions on how to perform a hard reset of the router and return it to factory settings, with changed passwords (new name zombieBob).
We connect to zombieBob, and "utopia.net" returns.
We clean up the PC's again and DON'T connect to zombieBob. Antivirus guy recommends a replacement gateway, so I call Comcast. They've never heard of this issue, but provide a replacement router anyway the next day.
I set router firewalls to maximum, change every password, etc. I attempt to connect to the new wi-fi (let's say Jim) and test the ipconfig. "utopia.net" is labelled as the connection-specific DNS suffix. In the registry, it comes up as "Dhcp domain".
I disconnect from Jim and check the ipconfig. "utopia.net" no longer appears there, or anywhere in the registry.
I post here and on my antivirus's support forums because I am now thorooughly irritated and out of ideas.
with comcast ipconfig with comcast registry other network ipconfig other network registry
... View more