ipv4 settings revert automatically, how can I stop this?

Hello,

I signed up for a DNS service a while back. When I stopped using their service I removed their DNS entry from the ipv4 settings and considered it done (this was all they stated for install/uninstall, just update the DNS in ipv4)

At random, the PC will revert back to their DNS server. I have no virus (Malewarebytes Pro), my hosts file is empty. The company has zero idea how to fix this problem and it's like listening to a broken record (19 emails back/forth) with their tech support.

Here's what I've done:

1) Removed it from ipv4 settings manually and reset to Obtain DNS Automatically
2) Open cmd as admin and ran the following sequence:
ipconfig /flushdns

ipconfig /registerdns

ipconfig /release

ipconfig /renew

netsh winsock reset

netsh int ip reset

3) Reboot

On reboot, everything is normal, anywhere from 24 hours to 30 DAYS later it automatically reverts back to their DNS servers. I am on a .edu domain. I do not have access to the router, but I never modified anything in the router. Can anyone please provide a suggestion as to why my PC keeps reverting to their DNS servers?

So the ipconfig /flushdns command isn't working either? Sounds like this DNS server messed with the host file or something.

The following link shows more methods for flushing the DNS.
How to Flush DNS

Check to make sure that you do not have any software running from this service. Same with checking that the router is not set with this previous set of DNS IP's.

chev65 said:

So the ipconfig /flushdns command isn't working either? Sounds like this DNS server messed with the host file or something.

The following link shows more methods for flushing the DNS.
How to Flush DNS

Click to expand...

My host file is untouched. I'll run through this video a bit later. The big issue is the randomness. Meaning, I can try your solution and I guarantee it will work for a bit. But after 24 hours to a few days, it keeps reverting.

broe23[/FONT said:

]Check to make sure that you do not have any software running from this service. Same with checking that the router is not set with this previous set of DNS IP's.

Click to expand...

There is no software running that seems out of order (I'm pretty familiar with this kind of stuff). I do not have access to the router. I only updated ipv4 settings on my laptop, I'm unsure how that can get sent upstream to the router and written into it, but even if it did, I have no access to remove it.

Edit again: Email 20 now, and back in a circle to their same suggestion, remove ipv4, flush dns, flush cache. This stuff is not working.

The routers DNS setting can't really change or effect the static DNS settings in IPv4. It certainly won't erase the static DNS settings.

If the flush DNS commands aren't working then there is a rogue software causing the problem.

Look in Add/Remove programs for the program or, run virus scan's etc. We can't really fix or reproduce this problem from here.

chev65 said:

The routers DNS setting can't really change or effect the static DNS settings in IPv4. It certainly won't erase the static DNS settings.

If the flush DNS commands aren't working then there is a rogue software causing the problem.

Look in Add/Remove programs for the program or, run virus scan's etc. We can't really fix or reproduce this problem from here.

Click to expand...

Yes but he said he reverted it back to automatic. If his router has the details in them then the PC will automatically pick up the details from the router. If he knows what his DNS is supposed to be then these should be manually entered into the iPv4 details as manual. Then unless he has a virus they will stay put.

veldthui said:

chev65 said:

The routers DNS setting can't really change or effect the static DNS settings in IPv4. It certainly won't erase the static DNS settings.

If the flush DNS commands aren't working then there is a rogue software causing the problem.

Look in Add/Remove programs for the program or, run virus scan's etc. We can't really fix or reproduce this problem from here.

Click to expand...

Yes but he said he reverted it back to automatic. If his router has the details in them then the PC will automatically pick up the details from the router. If he knows what his DNS is supposed to be then these should be manually entered into the iPv4 details as manual. Then unless he has a virus they will stay put.

Click to expand...

I just mentioned that the router's DNS settings can't make the static DNS settings vanish or appear from the IPv4 properties.

Yes the Op removed the DNS from IPv4 but they keep coming back which is pretty strange and suspicious. The router's DNS settings do not cause the IPv4 static DNS settings to change.

The router's DNS settings won't make a static DNS IP appear or disappear from the IPv4 properties.

Something is making those static DNS settings appear. That is just the point.

chev65 said:

Something is making those static DNS settings appear. That is just the point.

Click to expand...

Can you suggest a way to log the events? I've not touched anything since they reappeared. I've flushed the dns every way possible in the past two months taking suggestions from reddit, the dns host, and everyone else in the book. The DNS host has actually quoted this forum for solutions to my problem and they are wiping their hands of it. It just reappears at random. The best I've had it go away is exactly 1 month. It has reappeared after 12 hours, after a few days, weeks, whatever.

What can I do to find this? It's not a rouge app that appears in the task process list, it is not a virus, I have scanned a few times, I get nothing. Surely there is some intensive log program I can run that I can parse through with some keywords to find this sucker.

Just because you have scanned for viruses and stuff and nothing was found does not mean there may still not be one there. It may be the scanner you are using does not know about that one.

If it is being changed from auto back to manual then something is actually doing it. Did you remove the details of the old DNS numbers before reverting back to automatic?

One thing to try is to find out what your current DNS is supposed to be and manually entering them in and leave it on static. That is how I run mine all the time.

veldthui said:

Just because you have scanned for viruses and stuff and nothing was found does not mean there may still not be one there. It may be the scanner you are using does not know about that one.

If it is being changed from auto back to manual then something is actually doing it. Did you remove the details of the old DNS numbers before reverting back to automatic?

One thing to try is to find out what your current DNS is supposed to be and manually entering them in and leave it on static. That is how I run mine all the time.

Click to expand...

Yes I remove the details first.

I do not want to force the DNS as the laptop changes locations frequently.

Can you suggest a better virus check? I've scanned it with AVG, Avast, Malwarebytes, Windows Defender. What other scanner would you like me to try, because these found nothing.

And just so I'm clear, the sole purpose of this 'virus' is to redirect my DNS to a specific companies host server? What virus would do this?

I'd need to know the IP of the DNS server so I can run a search on the server and see what can be done.

DNS redirection is a classic symptom of a virus or malware infection.

You might want to check the group policy for this at the following location, Computer Configuration\Policies\Administrative Templates\Network\DNS Client\DNS servers.

Even if you can fix this you won't really know if it's fixed for an entire month so it won't be something you can confirm for quite awhile.

There are many who have had this problem in the past, some of the solutions may work for you.

TCP IPv4 DNS server address keeps changing to a specific IP address - Microsoft Community

DNS 1: 208.122.23.23
DNS 2: 208.122.23.22

There is nothing setup under the group policy you pointed me to.

The link you sent me to links to another microsoft link (which I mention in my first post, "been there done that"). The rest of the solutions are only related to Sony Vaio (I'm on a new Dell Inspiron 7000), so that suggestion doesn't work. The other suggestion to delete the adapter and rebuild the profile - I'm going down that path now.

Edit: Ran the following:

netsh wlan show profile (listed 4 networks, all are familiar)
Set PC to airplane mode (disable wifi)
set ipv4 to obtain auto (deleting each value manually)
netsh wlan delete profile 'networkname' (did this for ALL profiles)
ipconfig /flushdns
wifi enabled
reconnect to the work network, everything works like a champ...we'll see what happens in a few days.

I'd like to note that the solution in the above link from Chev has the same nonsense of "it's a virus", but then suddenly the solution works for Sony laptops only. I'd like to submit this as further evidence that this is not a virus, as people are fixing the problem without "removing a virus". As best I can tell, this is an internal Windows problem where it is keeping these settings somewhere only to be restored.

Before someone suggests I scan for a virus again, please read some of these posts that are being linked where other people report the SAME problem and they SOLVE it without finding a virus.

Edit edit: If you are thoroughly convinced this is a virus, then please provide more detailed info than "Run a virus scan", what scan, what company, what am I looking for?. I've been down the scan road a few times with different software. My next solution is to reformat and reinstall windows, but that seems overkill for a stupid DNS problem.

Edit, few days have passed without issue. The more I read, the more it seems the profile is the culprit.

Well, I was wrong. The problem returned today. So that was 7 days.

I'm up for new ideas.

The DNS you mention seems to often be used to access streaming networks etc by hiding actual physical location, and were probably part of some program\installation file. If they reappear there must (maybe...) be residues of 'something' from the original installation, you may have to search in every corner of the hd\registry\config etc.

Didn't read everything, but have you tried manually entering DNS, for example OpenDNS IP Addresses | OpenDNS or google, and see if they stick.

4wd said:

The DNS you mention seems to often be used to access streaming networks etc by hiding actual physical location, and were probably part of some program\installation file. If they reappear there must (maybe...) be residues of 'something' from the original installation, you may have to search in every corner of the hd\registry\config etc.

Click to expand...

No, there is no installer, program, script or anything downloaded. The install instructions are, "Modify your ipv4 to point here". The uninstall instructions are, "Modify your ipv4 to auto-detect, flush dns." Unblock-us has chalked this up to a Windows 8.1 problem. Other people report similar problems with other DNS servers, and Windows keeps auto updating the DNS to old servers.

I've not tried using another DNS, but what's the procedure then? Just always run through google? That doesn't quite help me as my company DNS allows access to subscription web content that isn't available if hiding behind a DNS server, kind of a major part of my job function.

My latest attempt, good so far...

1) Deleted profiles
2) Deleted Wifi
3) Uninstalled wifi drivers/adapters, deleted any remaining adapter or wifi connections
4) Rebooted
5) Reinstalled latest wifi drivers (interestingly, released 6/2/2014, so 3 days ago)
6) Reconnect to work server - Back in action, all is normal.

In my case, the solution was killing (long term uninstalling) the DYN DNS update from DYN.com. Apparently that's part of how it registers the domain.

Maybe look for similar software?