Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Detected DNS Cache Poisoning Attack


  • Please log in to reply
47 replies to this topic

#1 bin101

bin101

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 05:06 PM

Hello,

I was told by forum member nasdaq to make a post over here to see if anyone over here is able to solve my problem at the moment. The link below is all the information posted in my other post:

http://www.bleepingcomputer.com/forums/topic454317.html

I am currently running on a Windows 7 Professional x64 with a ESET Smart Security version 5.2.9.1 with a wireless setup at the moment. The router is a D-link DIR-615 router. I'm usually right above the router or within ~20feet within the router (usually 3-5bars). And it should be a DSL internet...


I've tried flushing the DNS, resetting my router, and a few things in between for the last couple of days. But there is always the notification saying:

Detected DNS cache poisoning attack
Remote IP address:
192.168.0.1

The link given has the ComboFix.exe outputs and a few other outputs that I referred to from another post...

I really hope someone here is able to solve this problem for me. If there is a need of additional information, please let me know how to retrieve it and I will try the best I can to find out.

Thanks in advance :)



Here is the result of the MiniToolBox text:

MiniToolBox by Farbar Version: 14-01-2012
Ran by sony (administrator) on 26-05-2012 at 15:12:48
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JoSuN-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : vf.shawcable.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : A0-88-B4-01-33-E9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : A0-88-B4-01-33-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : vf.shawcable.net
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
Physical Address. . . . . . . . . : A0-88-B4-01-33-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c75:a801:991d:4f8a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.191(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : May-26-12 8:16:21 AM
Lease Expires . . . . . . . . . . : May-27-12 8:16:21 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 362842292
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-DA-8D-CB-F0-BF-97-5D-32-F1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vf.shawcable.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-BF-97-5D-32-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E843DB13-A99E-4050-9CE7-54D12135112A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{64E2ABF2-3DAE-4C10-B0F3-83F9B1E8A3E6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.vf.shawcable.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:100e:2fee:b9bb:9d38(Preferred)
Link-local IPv6 Address . . . . . : fe80::100e:2fee:b9bb:9d38%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.33.40
173.194.33.33
173.194.33.32
173.194.33.46
173.194.33.39
173.194.33.38
173.194.33.36
173.194.33.34
173.194.33.41
173.194.33.37
173.194.33.35


Pinging google.com [173.194.33.40] with 32 bytes of data:
Reply from 173.194.33.40: bytes=32 time=15ms TTL=57
Reply from 173.194.33.40: bytes=32 time=26ms TTL=57

Ping statistics for 173.194.33.40:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 26ms, Average = 20ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=281ms TTL=50
Reply from 98.139.183.24: bytes=32 time=304ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 281ms, Maximum = 304ms, Average = 292ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...a0 88 b4 01 33 e9 ......Microsoft Virtual WiFi Miniport Adapter #2
13...a0 88 b4 01 33 e9 ......Microsoft Virtual WiFi Miniport Adapter
12...a0 88 b4 01 33 e8 ......Intel® Centrino® Advanced-N 6205
11...f0 bf 97 5d 32 f1 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.191 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.191 281
192.168.0.191 255.255.255.255 On-link 192.168.0.191 281
192.168.0.255 255.255.255.255 On-link 192.168.0.191 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.191 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.191 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:79fb:100e:2fee:b9bb:9d38/128
On-link
12 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::100e:2fee:b9bb:9d38/128
On-link
12 281 fe80::1c75:a801:991d:4f8a/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11801304

Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11801304

Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11800259

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11800259

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11799120

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11799120

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11798106


System errors:
=============
Error: (05/26/2012 02:57:44 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 11:39:05 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 11:21:24 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 08:41:55 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 08:31:56 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 08:16:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/26/2012 04:29:51 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/26/2012 04:06:45 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 04:06:44 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (05/26/2012 03:00:39 AM) (Source: ipnathlp) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11801304

Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11801304

Error: (05/26/2012 02:57:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11800259

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11800259

Error: (05/26/2012 02:57:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11799120

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11799120

Error: (05/26/2012 02:57:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2012 02:57:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11798106


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8107.82 MB
Available physical RAM: 5690.77 MB
Total Pagefile: 16213.84 MB
Available Pagefile: 13404.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.58 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:226.54 GB) (Free:161.5 GB) NTFS

========================= Users: ========================================

User accounts for \\JOSUN-VAIO

Administrator Guest sony


**** End of log ****

Edited by bin101, 26 May 2012 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 05:33 PM

I am almost certain there is no infection. Your computer is generating nat translation errors and eset is seing this as an attack, you also need to update your cdrom drivers. When was the last time you ran windows update? It should have been recently otherwise Eset would have notified you unless its disabled. I am looking up the fix for your error on Microsoft. please give me a few minutes to get to my desk
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 bin101

bin101
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 05:43 PM

I am almost certain there is no infection. Your computer is generating nat translation errors and eset is seing this as an attack, you also need to update your cdrom drivers. When was the last time you ran windows update? It should have been recently otherwise Eset would have notified you unless its disabled. I am looking up the fix for your error on Microsoft. please give me a few minutes to get to my desk


Thank you for the quick response.

My windows is up-to-date (I double checked it just now) and yes Eset reminds me whenever this is something out of date. For my hardware, this computer (a VAIO) has a program called "VAIO update" which informs me when there are new updates to my hardware. So should I be manually updating my cdrom driver by looking for an update on google or something? What can be the problem?

#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 05:50 PM

I need you to post the system log errors in your next post to identify the source of your error. Please go to the start menu and in the Run box type eventvwr.msc and press enter. From the list in the left side of the window select Windows logs then below that select System. Place the cursor on System, right click and select Filter Current Log. Check the box before Error and click on OK and you see only Error reports. Click on the Date and Time Column Header to sort. You may need to click a second time to see the latest Report at the top. Please copy and past all errors occuring on 5/26/2012 (If the list exceeds 25 you can post the first 25). As for your Cdrom drive we will tackle that one next. Glad to hear you have Windows up to date it makes it much easier to diagnose the problem
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:23 AM

Posted 26 May 2012 - 05:55 PM

Also post a screenshot of the alert window that Eset is throwing up on your screen.

#6 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 06:04 PM

Glad you use the same screen name you used on Sevenforums.com I was about to suggest the Batch file :wink:

Edit: Read the Article they linked too, it explains the Virus Eset is possibly flagging and why you don't have it.

Edited by Sneakycyber, 26 May 2012 - 06:05 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#7 bin101

bin101
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 06:13 PM

Copied the detailed version and result is below:

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 2:57:44 PM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T21:57:44.000000000Z" />
<EventRecordID>278953</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 11:39:05 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T18:39:05.000000000Z" />
<EventRecordID>278934</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 11:21:24 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T18:21:24.000000000Z" />
<EventRecordID>278920</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 8:41:55 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T15:41:55.000000000Z" />
<EventRecordID>278869</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 8:31:56 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T15:31:56.000000000Z" />
<EventRecordID>278865</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 26/05/2012 8:16:20 AM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The following boot-start or system-start driver(s) failed to load:
cdrom
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T15:16:20.396018500Z" />
<EventRecordID>278807</EventRecordID>
<Correlation />
<Execution ProcessID="644" ThreadID="648" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
cdrom</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 26/05/2012 4:29:51 AM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T11:29:51.000000000Z" />
<EventRecordID>278671</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 4:06:45 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T11:06:45.000000000Z" />
<EventRecordID>278658</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 4:06:44 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T11:06:44.000000000Z" />
<EventRecordID>278656</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 3:00:39 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T10:00:39.000000000Z" />
<EventRecordID>278584</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 26/05/2012 3:00:35 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T10:00:35.000000000Z" />
<EventRecordID>278581</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 26/05/2012 2:24:44 AM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JoSuN-VAIO
Description:
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-26T09:24:44.000000000Z" />
<EventRecordID>278436</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JoSuN-VAIO</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</Data>
</EventData>
</Event>

And here is the image of the notification from ESET:

Posted Image

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:23 AM

Posted 26 May 2012 - 06:16 PM

In all honesty, I would disable Eset's firewall and enable WIndows Firewall or run without one running on the PC due to your router being a firewall.

#9 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 06:20 PM

Since you are not experiencing any other symptoms I would follow cryptodan's advice since Microsoft, Eset, Myself (I can't speak for cryptodan but I think he is onboard) agree its a false report generated by system activity.

Credit: Microsoft

I am looking at your OTL log again to find the Cdrom problem.

Edited by Sneakycyber, 26 May 2012 - 06:21 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#10 bin101

bin101
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 06:21 PM

Yea, I've been trying the methods floating around the internet for the last week before posting here on this forum. The Eset guys were no use at all, they simply to me to hide the notification (since its an external attack, they can't do anything about it...blah blah blah). But with the other forum member nasdaq helping me out, the notification of the attack became less frequent, and now by turning the problem here, I hope this problem can be fixed.

Thank you again for helping me out :)

#11 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 06:24 PM

What is the make and model of your laptop?
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#12 bin101

bin101
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 06:24 PM

In all honesty, I would disable Eset's firewall and enable WIndows Firewall or run without one running on the PC due to your router being a firewall.


In a professional point of view, is the windows firewall enough to block any attacks?? Having a firewall seems to give a better sense of assurance, is there any other firewall I can install to replace my disable Eset firewall?

#13 bin101

bin101
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2012 - 06:25 PM

What is the make and model of your laptop?


its a VAIO VPCSA26GG (shipped from somewhere in asia)

Edited by bin101, 26 May 2012 - 06:26 PM.


#14 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:23 AM

Posted 26 May 2012 - 06:29 PM

I am going to be away for a bit, I will be monitoring the topic should a catastrophic failure occur I will post from my smart phone. I will return this evening and let you know what I find.
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#15 coxchris

coxchris

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:23 AM

Posted 26 May 2012 - 06:30 PM

Have you restore the HOSTS file to Defaults

http://support.microsoft.com/kb/972034

the host file could be corrupt with entry's


Did ESET tell you anything or just ignore the message

http://kb.eset.com/esetkb/index?page=content&id=SOLN2933 see this link

ESET Personal firewall is detecting the threat "DNS Cache poisoning attack"
ESET Customer Care directed you to this article to flush your DNS cache and restore the MS Hosts
Solution

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users