Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has my DNS been poisened?


  • Please log in to reply
2 replies to this topic

#1 airtac

airtac

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 08 March 2013 - 09:31 AM

Hey Guys,

 

I just did a ipconfig /displaydns on my Windows XP computer and I got a long list of dodgy looking urls (see below). Should this be a cause for concern? I flushed the DNS and ran MBAM and Spybot scans, but those urls are still coming up. Should I be concerned? Maybe I'm out of depth and there's something bigger going on. Any help would be appreciated.

 

Thanks,

 

airtac

 


         www.nicecodec.net
         ----------------------------------------
         Record Name . . . . . : www.nicecodec.net
         Record Type . . . . . : 1
         Time To Live  . . . . : 602845
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         mythical-casino.ru
         ----------------------------------------
         Record Name . . . . . : mythical-casino.ru
         Record Type . . . . . : 1
         Time To Live  . . . . : 602845
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.mylimewirenetwork.com
         ----------------------------------------
         Record Name . . . . . : www.mylimewirenetwork.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 602845
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.mygoldendice.net
         ----------------------------------------
         Record Name . . . . . : www.mygoldendice.net
         Record Type . . . . . : 1
         Time To Live  . . . . : 602845
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.medxdrugx.com
         ----------------------------------------
         Section . . . . . . . : Answer

C:\Documents and Settings\airtac>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\airtac>ipconfig /displaydns

Windows IP Configuration

         www.xxokoriq.cn
         ----------------------------------------
         Record Name . . . . . : www.xxokoriq.cn
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www-download-antivirus.com
         ----------------------------------------
         Record Name . . . . . : www-download-antivirus.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         webslots2009.com
         ----------------------------------------
         Record Name . . . . . : webslots2009.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         virgiio.it
         ----------------------------------------
         Record Name . . . . . : virgiio.it
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.virdgilio.it
         ----------------------------------------
         Record Name . . . . . : www.virdgilio.it
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.tuttograatis.it
         ----------------------------------------
         Record Name . . . . . : www.tuttograatis.it
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         stovescasino.com
         ----------------------------------------
         Record Name . . . . . : stovescasino.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         spywarebot-t.com
         ----------------------------------------
         Record Name . . . . . : spywarebot-t.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         spermatrix.com
         ----------------------------------------
         Record Name . . . . . : spermatrix.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         smart-antivirus2009buy.com
         ----------------------------------------
         Record Name . . . . . : smart-antivirus2009buy.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         sexmultis.info
         ----------------------------------------
         Record Name . . . . . : sexmultis.info
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.searchfromyourbrowser.net
         ----------------------------------------
         Record Name . . . . . : www.searchfromyourbrowser.net
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         rvporn3.info
         ----------------------------------------
         Record Name . . . . . : rvporn3.info
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.rosaoalice.it
         ----------------------------------------
         Record Name . . . . . : www.rosaoalice.it
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.ripuvat.cn
         ----------------------------------------
         Record Name . . . . . : www.ripuvat.cn
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.presuloxa.com
         ----------------------------------------
         Record Name . . . . . : www.presuloxa.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         popstar24.com
         ----------------------------------------
         Record Name . . . . . : popstar24.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         paginegialler.it
         ----------------------------------------
         Record Name . . . . . : paginegialler.it
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         p2p-paradies.com
         ----------------------------------------
         Record Name . . . . . : p2p-paradies.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         onlylocalopportunities.com
         ----------------------------------------
         Record Name . . . . . : onlylocalopportunities.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.nicecodec.net
         ----------------------------------------
         Record Name . . . . . : www.nicecodec.net
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         mythical-casino.ru
         ----------------------------------------
         Record Name . . . . . : mythical-casino.ru
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.mylimewirenetwork.com
         ----------------------------------------
         Record Name . . . . . : www.mylimewirenetwork.com
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.mygoldendice.net
         ----------------------------------------
         Record Name . . . . . : www.mygoldendice.net
         Record Type . . . . . : 1
         Time To Live  . . . . : 601910
         Data Length . . . . . : 4
         Section . . . . . . . : Answer
         A (Host) Record . . . : 127.0.0.1


         www.medxdrugx.com
         ----------------------------------------
         Section . . . . . . . : Answer

 

 



BC AdBot (Login to Remove)

 


#2 Doug Mackie

Doug Mackie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 15 March 2013 - 04:45 PM

Hello airtac,

 

No cause for concern. Evidentally, you have a HOSTS file with those entries. The /displaydns switch displays such entries (or at least some of them).  If you restore  the basic HOSTS file as supplied with Windows and then flush DNS, you won't see those entries.  But then you won't be blocking all those nasty ad and porn sites....

 

Doug Mackie



#3 airtac

airtac
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 19 March 2013 - 03:25 PM

Thanks Doug,

 

I never knew about the HOSTS file. I checked it out and it looks like Spybot added them in. As you said only some of them.

 

More info here:

 

http://www.safer-networking.org/faq/hosts-file/

http://www.bleepingcomputer.com/forums/t/346681/spybots-hosts-file-protection/

 

airtac






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users