I had a very interesting job early this week. A customer in called me saying she had a problem where certain websites on her would redirect to porn and ad pages after around 30 seconds. I naturally assumed like anyone else would that there must be some sort of or on her system so I began by scanning her laptop with some tools designed to get rid of this sort of thing (, rootkits, hijack viruses etc).

Her laptop had a few bugs in it which I removed but the redirection problem strangely still occurred. After trying every single virus removal program I know and trust and getting 100% clean results on her laptop yet the website redirection bug still existing had me a little puzzled. I said to her I would take the laptop back to base to do some deeper testing using Linux and other methods but everything always came back clean. Here’s where it got very interesting… I then got a text from the lady saying that she was getting the same website redirection bug when using her Windows 10 work laptop and even seeing the same problem on her daughter’s Samsung tablet. I tested whether the laptop I brought back to base was still doing the redirection and even more strangely it now wasn’t redirecting.

This led me to believe that it must be a network issue and most likely related. I told my customer to call her internet provider but they shrugged it off saying something like that isn’t possible but I knew it had to be the case. The next day I returned to her house and logged in to her and found that the DHCP settings that assign an IP address to any device connected to the (wired or wireless) had a custom DNS server applied. I knew this wasn’t normal as the standard procedure is for people to automatically get their DNS settings from the internet provider without needing to input custom values.

Long story short, I removed these custom DNS settings and the redirection stopped as I expected it to. The real mystery is how the custom DNS settings got into her modem in the first place though as she didn’t put them there and had no knowledge of how to do that sort of thing. Very strange but glad to have it sorted in the end 🙂
Computers +
Mobile : 0404 110 526
Office : (08) 8387 9023