Not what you are looking for? Ask the experts!
"utopia.net" DNS suffix coming from the router?
What follows is a long story, so bear with me:
- I started internet service through Comcast and received an Arris model X5001 gateway from them for my new internet service. Let's say I named the network 'Bob'.
- After about a week, I start to get the following message on my antivirus program Norton Security multiple times an hour, every day, on both computers I use to connect to my new internet Bob. Category: Intrusion Prevention
An intrusion attempt by cgqnpvkaxtasme.utopia.net was blocked. Malicious Site: Malicious Domain Request 21,"cgqnpvkaxtasme.utopia.net (184.108.40.206, 80)",wpad.utopia.net/wpad.dat,"10.0.0.44, 62050",cgqnpvkaxtasme.utopia.net (220.127.116.11),"TCP, www-http"
Network traffic from <b>wpad.utopia.net/wpad.dat</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.
- After a week of this, I get irritated and go looking through the internet to find out what's up. I eventually open command prompt and run 'ipconfig' to see my internet settings. My computer's DNS suffix now reads utopia.net no matter whether I'm connected to Bob or another network. I continue to get the antivirus block notifications (with slightly less frequency) when I use other wifi networks.
- I first try system scans using Norton Security and Norton PowerEraser - both give the two computers clean bills of health.
- I live chat the Norton support team. They've seen this before, a lot in recent weeks. Wonderfully helpful person assists me in changing my DNS suffix by deleting all instances of "utopia.net" from the registry.
- We attempt to reconnect to Bob, and "utopia.net" returns. We then follow instructions on how to perform a hard reset of the router and return it to factory settings, with changed passwords (new name zombieBob).
- We connect to zombieBob, and "utopia.net" returns.
- We clean up the PC's again and DON'T connect to zombieBob. Norton support person recommends a replacement gateway, so I call Comcast. They've never heard of this issue, but provide a replacement router anyway the next day.
- I set router firewalls to maximum, change every password, etc. I attempt to connect to the new wi-fi (let's say Jim) and test the ipconfig. "utopia.net" is labelled as the connection-specific DNS suffix. In the registry, it comes up as "Dhcp domain".
- I disconnect from Jim and check the ipconfig. "utopia.net" no longer appears there, or anywhere in the registry.
- I post here and on comcast's support forums because I am now thoroughly irritated and out of ideas.