POV-Ray: Newsgroups: povray.off-topic: Domain Poisoning?: Re: Domain Poisoning?

POV-Ray : Newsgroups : povray.off-topic : Domain Poisoning? : Re: Domain Poisoning?		Server Time 28 Sep 2024 23:26:29 EDT (-0400)

From: Mike Raiford
Date: 23 Sep 2009 08:46:25
Message: <4aba18a1$1@news.povray.org>

Sabrina Kilian wrote:

> I have seen this behavior with viruses, the annoying Vundo strain in
> particular. It leaves the DNS entries alone, but installs several
> proxies and tries to redirect all traffic through those. DNS appears to
> work fine, as I threw a second computer into the network with a packet
> sniffer. But when you request a page, that traffic gets sent to the
> proxy, which then adds in the pop-up windows and who knows what else.
> 
> My best advice to see what is happening is a packet sniffer on a second
> computer. If it is a virus, the computer will send a DNS request, get
> back an address for the website, and then send packets to the proxy at a
> third address. If the packets go to a DNS server that is not the one you
> think it should be, also a virus. If neither of those, then you can sort
> out which DNS is junk; on the computer, the router, the ISP, or worse.
> 
> If both the PCs with the problem are running Windows, I would be looking
> at something like the Opachki virus, not DNS poisoning. Specifically
> because your computer has not experienced it, if it is on the same
> network as your wife's.

Neither of those... Virus scanners & Adaware on both computers comes up 
empty ... Hmmm.

-- 
~Mike

Post a reply to this message