Cadzow Knowledgebase

Normal view

Web Browser Opens MSN.COM When Attempting To Use Windows Update

Problem

When you attempt to visit Windows Update, or Microsoft Update, either by entering the address in the browser's address bar or using the links within Windows, you are redirected to www.msn.com.

Also, your computer does not download any updates via Automatic Updates, although the service is on and running. Windows Update may report error 80244019.

Solution

This may occur if your computer has been infected with a virus or trojan (possibly Zlob, Puper et al), and the system's DNS settings have been set to a malicious third-party.

The DNS addresses are the internet servers which resolve domain names to internet addresses, and it is most usual to use those provided by your ISP. Generally these are automatically configured into your broadband router or dial-up connection. Windows forwards domain-resolution requests via the router.

To resolve, simply reset the DNS settings to the default, which is most likely to be the “Automatic” setting.

In Windows Vista/2008:

  1. Click Start, choose Control Panel, and double-click Network and Sharing Center.

  2. Click Manage Network Connections.

  3. For each network connection (dial-up, LAN etc), right-click the connectoid and choose Properties.

  4. Click Internet Protocol Version 4 (TCP/IPv4) and choose Properties.

  5. Enable Obtain DNS server address automatically.

  6. Click OK.

  7. Click OK.

In Windows 2000/XP/2003:

  1. Click Start, choose Control Panel, and double-click Network Connections.

  2. For each network connection (dial-up, LAN etc), right-click the connectoid and choose Properties.

  3. Click Internet Protocol (TCP/IP) and choose Properties.

  4. Enable Obtain DNS server address automatically.

  5. Click OK.

  6. Click OK.

For Windows 2000 and greater, this setting change will take effect immediately. For Windows 95/98/NT4, reboot.

There may also be references to third-party DNS servers under the following registry keys:

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\NameServer

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{Adaptor}\DhcpNameServer

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{Adaptor}\NameServer

Some IP addresses that have been observed used in this inappropriate way have been 85.255.114.13, 85.255.112.78, 64.86.133.51 and 63.243.173.162.

Once the DNS settings have been set properly, conduct a virus scan to clean the system.

Then you must change your important passwords. If your system has been using a hostile DNS system, there's no telling which sites you visited were legitimate and which might have been faked or malicious. See Protecting Yourself After Virus Infection, Phish Attack or Theft.
Copyright © 1996-2019 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.

Question/comment about this page? Please email webguru@cadzow.com.au