DNS Server Isn’t Responding After Malware or Browser Hijacker?

If Windows says “DNS server isn’t responding” after malware, adware, a suspicious VPN/proxy tool, or a browser redirect cleanup, treat it as a configuration problem until proven otherwise. Do not start by changing random router settings. First confirm whether the issue affects only one PC, only one browser, or every device on the network. Then check local DNS, proxy, VPN, browser Secure DNS, and Winsock settings before resetting the router.

This guide focuses on the security-adjacent version of the error: DNS breaks after a suspicious download, unwanted extension, browser hijacker, fake update, or cleanup attempt. For the broader attack concept, see our explanation of DNS spoofing vs DNS hijacking.

What Usually Changed?

DNS is the lookup step that turns a domain name into an IP address. Malware and unwanted software do not need to “break the internet” directly to create this error. They can leave behind one bad setting that makes normal lookups fail or redirect.

• Manual DNS servers: an adapter may be pinned to an unknown resolver instead of automatic DNS from the router or ISP.
• Proxy leftovers: Windows or a browser may still point web traffic through a local or remote proxy that no longer works.
• VPN/filtering app remnants: removed VPN, parental-control, ad-filter, or “privacy” tools can leave network drivers or DNS rules behind.
• Browser Secure DNS overrides: Chrome or Firefox can use a DNS-over-HTTPS provider that ignores the system DNS path.
• Router DNS changes: if every device on the Wi-Fi has the same redirect or DNS failure, the router’s DNS settings may have been changed.
• Damaged TCP/IP or Winsock state: cleanup tools, security suites, and network filters can leave Windows networking in a broken state.

Fast Isolation Test

1. Try another device on the same Wi-Fi. If the phone and another PC work, the problem is probably local to the Windows machine.
2. Try another network. Use a phone hotspot briefly. If DNS works there, focus on the router or ISP path.
3. Try a direct IP test. If an IP address responds but domains do not, DNS is the likely failing layer.
4. Try another browser. If Edge works but Chrome does not, check extensions and Secure DNS before resetting Windows.
5. Note the timing. DNS that breaks after 5-15 minutes can point to a service, scheduled task, VPN helper, or unwanted app reapplying settings.

Check Windows DNS Settings

Open Settings → Network & Internet → Advanced network settings, choose the active Wi-Fi or Ethernet adapter, and inspect the DNS server assignment. On a home network, “Automatic” is often the expected value. A manual resolver is not automatically malicious, but unknown DNS addresses after an infection are a red flag.

If you need a temporary clean resolver for testing, use a known provider such as Cloudflare 1.1.1.1 / 1.0.0.1 or Google Public DNS 8.8.8.8 / 8.8.4.4. This should be a test and recovery step, not a way to ignore a setting that keeps coming back.

Remove Proxy and VPN Leftovers

Open Settings → Network & Internet → Proxy. For most home users, “Use a proxy server” should be off unless they intentionally use one. Also review installed VPN, “DNS changer,” ad-blocking, traffic filtering, and unknown security tools. Remove software you do not recognize, then restart Windows.

If a redirect or unwanted search page appeared before the DNS error, also review browser extensions. A browser hijacker can combine extension changes with DNS/proxy settings, which is why DNS repair alone may not be enough. Our browser hijacker removal guide covers the extension and notification side.

Flush DNS and Reset the Network Stack

After removing suspicious DNS, proxy, and VPN settings, open Terminal or Command Prompt as Administrator and run:

ipconfig /flushdns
netsh winsock reset
netsh int ip reset
ipconfig /release
ipconfig /renew

Restart the PC after these commands. This clears stale DNS cache, rebuilds Winsock, resets TCP/IP state, and asks the router for a fresh lease. Microsoft documents network reset and TCP/IP settings as normal Windows troubleshooting paths, but the security angle is to do them after removing the suspicious setting source, not before.

Check Browser Secure DNS

If only one browser fails, check its DNS-over-HTTPS or Secure DNS setting. In Chrome, open Settings → Privacy and security → Security and review Use secure DNS. In Firefox, review Settings → Privacy & Security → DNS over HTTPS. Use the default/provider you intentionally chose, or temporarily disable the override to test whether Windows DNS works again.

This matters after malware cleanup because some “privacy” or adware bundles alter browser networking separately from Windows. A system DNS fix can look ineffective when the browser is still using its own resolver path.

When to Inspect the Router

Move to the router only when multiple devices on the same network show the same DNS failure, redirects, or suspicious search results. Log in to the router from a clean device, check the WAN/LAN DNS fields, and compare them with the ISP or resolver you intentionally use. Also update router firmware, disable remote administration if you do not need it, and change the router admin password if it is still default or reused.

If you cannot verify the router settings, contact the ISP or reset the router using the vendor’s instructions. Do not keep unknown DNS servers “because the internet works again.” DNS hijacking can send you to look-alike login pages even when browsing appears normal.

Scan Before You Declare It Fixed

If DNS or proxy settings return after reboot, the source is still active. Check Startup apps, Task Scheduler, browser extensions, installed programs, and recently downloaded installers. Then run a full malware scan. Gridinsoft Anti-Malware can help identify adware, PUA, proxy changers, browser hijackers, and persistence entries that keep reapplying network changes.

Signs It Was DNS Hijacking, Not a Normal Outage

• DNS changes return after you set them back to automatic.
• Only search, shopping, antivirus, banking, or login sites redirect.
• Chrome and Firefox disagree because one uses Secure DNS and the other does not.
• The router DNS field contains addresses you did not set.
• The issue started after a fake update, cracked software, driver updater, VPN, or browser extension.
• Security software reports blocked outbound traffic from a browser helper, script host, PowerShell, or unknown process.

If the DNS failure came after a fake update or script-based infection, also review our guide to a fake Chrome update that opened Terminal and our cleanup checklist for PowerShell outbound connection alerts.

Safe Fix Order

1. Confirm whether the issue is one PC, one browser, or the whole network.
2. Remove unknown VPN, proxy, DNS changer, adware, and browser extensions.
3. Set adapter DNS to automatic or a known resolver for testing.
4. Flush DNS and reset Winsock/TCP-IP.
5. Check browser Secure DNS if only one browser fails.
6. Inspect router DNS only if multiple devices are affected.
7. Run a malware scan if settings return or redirects continue.
8. Change important passwords from a clean device if you saw phishing-style redirects.

FAQ

References

1. Microsoft Support. “Fix network connection issues in Windows.” Microsoft, accessed May 31, 2026. https://support.microsoft.com/en-US/windows/fix-network-connection-issues-in-windows-10-166a28c4-14c1-bdb1-473c-09c1571455d8
2. Microsoft Support. “Essential Network Settings and Tasks in Windows.” Microsoft, accessed May 31, 2026. https://support.microsoft.com/en-gb/windows/change-tcp-ip-settings-bd0a07af-15f5-cd6a-363f-ca2b6f391ace
3. Google Chrome Help. “Manage Chrome safety and security.” Google, accessed May 31, 2026. https://support.google.com/chrome/answer/10468685
4. Mozilla Support. “Firefox DNS over HTTPS.” Mozilla, accessed May 31, 2026. https://support.mozilla.org/en-US/kb/firefox-dns-over-https-redirect-1
5. Cybersecurity and Infrastructure Security Agency. “Home Network Security.” CISA, accessed May 31, 2026. https://www.cisa.gov/news-events/news/home-network-security