Main Forum > General Computer Support
how change of dns, nullifies the vulnerability
Samson:
What I meant was....Compare your ISP DNS server addresses in your router with those on the Yandex site, this will establish if your ISP is using its own DNS or Yandex :wink:
As for the F Secure scan, wait and see what they come up with, maybe just busy and unable to complete the scan?
If OpenDNS works for you, then stick with it, like I said it is my personal choice, fast, reliable, offers a degree of protection from phishing and maliciou s websites. I won't touch anything to do with Google myself :wink:
PS each time that you change DNS servers you may want to clear your DNS cache, open a CMD prompt and enter " ipconfig /flushdns" (without the "s).
jraju:
Hi, There was no changein the dns server settings, which is my ISP, probably the server in router is compromized.I did find out the hns.log and it contains so much com, including yandex.ru, and vk.com, yahoo.com,etc etc. i only copy here the 5 entries i found in the hns.log, could you make anything out of it. It is too technical, but this is the alert, i am getting, i will copy both the prscreen and log of selected lines in hns.log
the log extract;
2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]
jraju:
can i pm with you, hi, samson, with notepad enclosure ,so that i could send the whole log, which contains so many com. It is a page attachement. I do not know how to send emails to the particular user in this forum. is it permissible? if yes, please say, what is the way
Samson:
J, that log means nothing to me.
I would ask that you set your NIC adapter settings to obtain dns addresses automatically and then open a CMD prompt and enter "ipconfig /all" (without the "s and post the result. So that I can compare your ISP's default DNS servers to see if they are using Yandex DNS as per the yandex DNS site that I linked to. If OpenDNS or Google works, why not just do that?
EDIT J, If you are unhappy with the help, or lack of it on the Avast forum, then you can request help directly on your DNS hijacking issue with Avast by raisng a support ticket. Click on "support" in the Avast GUI and select "request support", here you will be able to upload scan logs too. Screenshot is of an older version of Avast, but likely to be similar.
Boggin:
Your router will be set to your ISP default DNS settings but they will be overridden when you change them in the adapter DNS settings.
They take precedence.
However, you can change them to your choice in the router.
While I leave my router's settings to default, I have the adapters settings changed to Google's 8.8.8.8 / 8.8.4.4
Download MiniToolBox and check all of the boxes down to List Winsock Entries.
http://www.majorgeeks.com/files/details/farbar_minitoolbox.html
You can copy & paste its report to the reply box, but see if Avast's scan still picks up those hijacks.
If you select Save for the download, you'll be able to use it as and when from your Downloads folder.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version