+ Post New Thread
Results 1 to 9 of 9
Windows Server 2000/2003 Thread, DNS Entries - Weird, Spammy Types in Technical; Hi, I did an IPCONFIG /DISPLAYDNS on 2 of the DCs and 2 Member servers and I've seen that I ...
  1. #1

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    118
    Thanked 64 Times in 52 Posts
    Rep Power
    31

    DNS Entries - Weird, Spammy Types

    Hi,

    I did an IPCONFIG /DISPLAYDNS on 2 of the DCs and 2 Member servers and I've seen that I have entries that should not be in there at all.

    How do I get rid of them?

    The entries are:

    Code:
    Windows IP Configuration
    
    
    
        smart-antivirus2009buy.com
    
        ----------------------------------------
    
        Record Name . . . . . : smart-antivirus2009buy.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www-download-antivirus.com
    
        ----------------------------------------
    
        Record Name . . . . . : www-download-antivirus.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        virgiio.it
    
        ----------------------------------------
    
        Record Name . . . . . : virgiio.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.virdgilio.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.virdgilio.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.tuttograatis.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.tuttograatis.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        spywarebot-t.com
    
        ----------------------------------------
    
        Record Name . . . . . : spywarebot-t.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        spermatrix.com
    
        ----------------------------------------
    
        Record Name . . . . . : spermatrix.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.searchfromyourbrowser.net
    
        ----------------------------------------
    
        Record Name . . . . . : www.searchfromyourbrowser.net
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.rosaoalice.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.rosaoalice.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        paginegialler.it
    
        ----------------------------------------
    
        Record Name . . . . . : paginegialler.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.nicecodec.net
    
        ----------------------------------------
    
        Record Name . . . . . : www.nicecodec.net
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.mylimewirenetwork.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.mylimewirenetwork.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        liberok.it
    
        ----------------------------------------
    
        Record Name . . . . . : liberok.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.l8bero.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.l8bero.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.justcount.net
    
        ----------------------------------------
    
        Record Name . . . . . : www.justcount.net
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        internet-optimizer.com
    
        ----------------------------------------
    
        Record Name . . . . . : internet-optimizer.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        httpwwwads.com
    
        ----------------------------------------
    
        Record Name . . . . . : httpwwwads.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.harddrevvagt.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.harddrevvagt.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        googlebawt.com
    
        ----------------------------------------
    
        Record Name . . . . . : googlebawt.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        frostwire.click-new-download.com
    
        ----------------------------------------
    
        Record Name . . . . . : frostwire.click-new-download.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.frostwire.click-new-download.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.frostwire.click-new-download.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.forseo.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.forseo.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        file7.qqhelper.com
    
        ----------------------------------------
    
        Record Name . . . . . : file7.qqhelper.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.errari.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.errari.it
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.energy-factor.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.energy-factor.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.download-all-area.com
    
        ----------------------------------------
    
        Record Name . . . . . : www.download-all-area.com
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        de98.remsys.org
    
        ----------------------------------------
    
        Record Name . . . . . : de98.remsys.org
    
        Record Type . . . . . : 1
    
        Time To Live  . . . . : 456120
    
        Data Length . . . . . : 4
    
        Section . . . . . . . : Answer
    
        A (Host) Record . . . : 127.0.0.1
    
    
    
    
    
        www.corroiere.it
    
        ----------------------------------------
    
        Record Name . . . . . : www.corroiere.it
    
        Record Type . . . .

  2. #2

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Isn't that the effect of some security software? It's not trying to hijack legit domains to dodgy ones, it's blocking dodgy ones by routing them to localhost - or am I missing the point...

    Edit - exactly the same response from /displaydns on my PC here, ESET NOD32, Spybot SD, MalwareBytes, MS Malicious Software Removal Tool etc have all been on here, sure one of them will helpfully have added a block...
    Last edited by OutToLunch; 23rd April 2009 at 12:35 PM.

  3. Thanks to OutToLunch from:

    Chuckster (23rd April 2009)

  4. #3

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    118
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    Would Spybot S&D do something like this?

    My LEA installed it because they believed there was a malware on the server.

  5. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Yes. Check the contents of your hosts file.

  6. #5

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    # This list is Copyright 2000-2007 Safer Networking Limited
    # End of entries inserted by Spybot - Search & Destroy
    At the end of my hosts file, which contains 127.0.0.1 entries for all the sites you listed above. If it was something like

    somerealipaddress nwolb.com
    sameipaddress midlandbank.com
    sameipaddress capitalone.co.uk

    then you should worry about malware infection.

    127.0.0.1 is the reverse - bad sites being redirected to localhost instead.

  7. #6

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    118
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    Where do I find the Host file?

  8. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    %WINDIR%\system32\drivers\etc\hosts

  9. Thanks to powdarrmonkey from:

    Chuckster (23rd April 2009)

  10. #8

    Join Date
    Apr 2009
    Location
    Spokane, WA (USA)
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I think I would immediately run a full virus scan on all DNS servers. Sounds like a pretty standard practice for some of these fake AV viruses.

    (Is it possible for these viruses to send a fake update to the DNS server?)

  11. #9

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by Innovation_Dan View Post
    (Is it possible for these viruses to send a fake update to the DNS server?)
    Only if your configuration is broken.

SHARE:
+ Post New Thread

Similar Threads

  1. Help with weird DNS issue
    By Cruiser in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 22nd April 2009, 08:46 PM
  2. iMacs and DNS Entries
    By techie08 in forum Mac
    Replies: 7
    Last Post: 11th August 2008, 01:36 PM
  3. DNS entries with port numbers
    By HodgeHi in forum Wireless Networks
    Replies: 15
    Last Post: 19th June 2008, 01:51 PM
  4. Random DNS Entries
    By Jackd in forum Wireless Networks
    Replies: 1
    Last Post: 23rd February 2008, 02:18 PM
  5. DHCP & DNS entries are not the same.
    By tosca925 in forum Windows
    Replies: 3
    Last Post: 7th June 2007, 08:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •