Unraveling an Internet Connectivity Nightmare: A Call for Expertise

As a seasoned IT professional with a decade of experience under my belt, it’s rare for me to encounter a problem that leaves me scratching my head. Yet, here I am, reaching out to the community for guidance on a particularly perplexing internet connectivity issue with one of my long-standing clients.

The Situation: A Deep Dive into Connectivity Issues

My relationship with this client spans several years, during which I’ve tackled countless technical hurdles. Recently, they reached out to me regarding internet connectivity problems. Initially, I assumed it would be a straightforward fix—perhaps a modem reset or a driver update—an affair that I thought would take no more than 25 minutes. Unfortunately, I quickly realized that this was not going to be a quick solution. Now, two days later and still without resolution, I find myself seeking advice from fellow IT experts.

The Unusual Symptoms

The primary issue at hand is that all internet traffic from the client’s computers is inexplicably redirecting to msftconnecttest.com. Meanwhile, Windows displays a “no internet access” message, which typically suggests a lack of connectivity, leading the system to direct users to this page in an attempt to connect. My first step involved resetting the modem (a Frontier/Verizon model), which yielded no improvement.

Next, I attempted to reset the network settings and drivers on the computers. A peculiar observation is that while both Mac and PC devices are unable to access the network, only the PCs are being redirected to msftconnecttest.com. I even suppressed msftconnecttest in the registry, yet when trying to load any website, the original site attempts to load, only to be hijacked by the msftconnecttest page.

Testing connectivity with ping commands revealed an alarming outcome—a return IP of 172.19.1.254, which is clearly not Google’s IP address. The ping response was less than 1ms, indicating that all traffic, no matter the destination, resolves to this IP. Additionally, devices on both wired and wireless connections cannot even ping the modem at this stage.

When I contacted Frontier’s support, I was met with a shocking statement from a technician—that “the modem has been hacked by Russia.” While I’d love to say I’m exaggerating, I assure you this was a direct quote.