How to Reset DNS Settings After a Hijack

    Did your computer start acting strangely after clicking a suspicious link or downloading a dodgy file? You might be a victim of DNS hijacking. Don't worry, we'll walk you through how to fix it.

    When you're dealing with a hijacked DNS, time is of the essence. The sooner you clean it up, the less chance there is of further compromise to your online accounts.

    What is DNS Hijacking?

    DNS stands for 'Domain Name System'. Think of it as the internet's phone book. When you type a website name like 'google.com' into your browser, DNS translates that into a numerical address (an IP address) that computers understand. DNS hijacking is when a cybercriminal redirects you to a fake website, even if you type in the correct address.

    This can happen in a few ways. They might infect your computer with malware, change settings on your home Wi-Fi router, or even compromise your internet provider's DNS servers. The goal is often to trick you into entering login details on a fake site, allowing them to steal your usernames and passwords.

    • You're redirected to unexpected websites when you type in a known address.
    • Websites look different, have strange pop-ups, or display unusual ads.
    • You're locked out of security software or can't update your operating system.
    • Your internet searches are redirected to a different search engine than usual.

    Scan Your Computer for Malware

    Before you do anything else, you need to make sure your computer is clean. Malware is often the cause of DNS hijacking, and if you don't remove it, the problem will likely just come back. Use a reputable antivirus or anti-malware program to perform a full system scan.

    • Open your antivirus software (e.g., Windows Defender, Avast, AVG, Malwarebytes).
    • Look for an option like 'Full Scan' or 'Deep Scan'.
    • Allow the scan to complete, and follow any prompts to remove or quarantine detected threats.
    • Restart your computer after the scan is finished and threats are removed.

    Flush Your DNS Cache

    Your computer keeps a temporary record of recent DNS lookups to speed things up. If your DNS was hijacked, this 'cache' might contain wrong information. Flushing it forces your computer to get fresh DNS information.

    • **For Windows:** Search for 'cmd' in the Start menu, right-click 'Command Prompt', and select 'Run as administrator'. Type `ipconfig /flushdns` and press Enter.
    • **For macOS:** Go to Applications > Utilities > Terminal. Type `sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder` and press Enter. You may need to enter your computer's password.

    Change DNS Settings on Your Computer

    Even if malware is removed, the DNS settings on your computer might still be pointing to the attacker's server. We'll change them to use a trusted public DNS service.

    • **For Windows (Windows 10/11):** Go to Start > Settings > Network & Internet > Advanced network settings > More network adapter options. Right-click your active connection (usually 'Wi-Fi' or 'Ethernet'), select 'Properties'. Select 'Internet Protocol Version 4 (TCP/IPv4)' and click 'Properties'. Choose 'Use the following DNS server addresses' and enter Google's public DNS: Preferred DNS server: `8.8.8.8`, Alternate DNS server: `8.8.4.4`. Click OK then Close.
    • **For macOS:** Go to System Settings (or System Preferences) > Network. Select your active connection (e.g., 'Wi-Fi'), click 'Details' (or 'Advanced'). Go to the 'DNS' tab. Click the '+' button to add new DNS servers. Enter Google's public DNS: `8.8.8.8` and `8.8.4.4`. You might want to remove any suspicious existing entries by selecting them and clicking the '-' button. Click OK then Apply.

    Check Your Wi-Fi Router Settings

    Sometimes, attackers compromise your home router's settings to redirect all devices connected to it. Log in to your router's administration page and check its DNS settings. Make sure they're set to 'Automatic' (from your internet provider) or trusted public DNS servers like Google's.

    • Find your router's IP address (often `192.168.1.1` or `192.168.0.1`) — check the back of your router or its manual.
    • Open a web browser and type the router's IP address into the address bar. Press Enter.
    • Log in using your router's username and password (if you haven't changed it, it might be on a sticker on the router, e.g., admin/password).
    • Look for sections like 'DNS', 'WAN Settings', or 'Internet Settings'.
    • Ensure DNS settings are set to 'Get Automatically' or use trusted addresses like `8.8.8.8` and `8.8.4.4`. If you see unfamiliar IP addresses, change them.
    • While you're there, change your router's administrative password to something strong and unique if you haven't already.

    Changing Your DNS with Your Internet Provider

    In rare cases, the DNS hijacking might happen at your internet service provider's level. If the previous steps haven't solved the issue, or you suspect a broader problem, contacting them is the next step. They can check their systems and ensure your connection isn't being tampered with.

    • Call your internet service provider's technical support.

    Key takeaway

    Dealing with DNS hijacking can feel a bit technical, but by following these steps, you can effectively clean up your systems and restore your internet connection to normal. Remember, a clean computer and good browsing habits are your best defence against future attacks. Stay safe online!

    More from Network Security

    No image

    How to Use Email and Social Apps Safely on Public Wi-Fi

    Reduce the chance of repeat exposure on public networks.
    No image

    How to Recover Email and Social Accounts After an Evil-Twin Wi-Fi Login

    Reset access on each affected account from a clean device.
    No image

    How to Tell If Your Email or Social Login Was Captured on a Fake Wi-Fi

    You signed into email or social on a fake hotspot — those credentials should be considered stolen.