 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> Now, whether this is what happens in the field, IDK...
I think it started happening shortly after hackers started poisoning domain
caches. :-) Otherwise, it just slows you down.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mike Raiford wrote:
> What happens is this: You click on a website (in my wife's case, it was
> a result form a google search, in my case, a bookmark to Tor Olav's
> website) but instead of the site you were expecting you're redirected to
> some bogus virus scanner website, which then tells you you have hundreds
> of infected files and to download their "virus scanner", which is
> actually a trojan horse, that loads up your computer with all sorts of
> malware, then demands you pay for the program to clean your infected
> computer.
I have seen this behavior with viruses, the annoying Vundo strain in
particular. It leaves the DNS entries alone, but installs several
proxies and tries to redirect all traffic through those. DNS appears to
work fine, as I threw a second computer into the network with a packet
sniffer. But when you request a page, that traffic gets sent to the
proxy, which then adds in the pop-up windows and who knows what else.
My best advice to see what is happening is a packet sniffer on a second
computer. If it is a virus, the computer will send a DNS request, get
back an address for the website, and then send packets to the proxy at a
third address. If the packets go to a DNS server that is not the one you
think it should be, also a virus. If neither of those, then you can sort
out which DNS is junk; on the computer, the router, the ISP, or worse.
If both the PCs with the problem are running Windows, I would be looking
at something like the Opachki virus, not DNS poisoning. Specifically
because your computer has not experienced it, if it is on the same
network as your wife's.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Sabrina Kilian wrote:
> I have seen this behavior with viruses, the annoying Vundo strain in
> particular. It leaves the DNS entries alone, but installs several
> proxies and tries to redirect all traffic through those. DNS appears to
> work fine, as I threw a second computer into the network with a packet
> sniffer. But when you request a page, that traffic gets sent to the
> proxy, which then adds in the pop-up windows and who knows what else.
>
> My best advice to see what is happening is a packet sniffer on a second
> computer. If it is a virus, the computer will send a DNS request, get
> back an address for the website, and then send packets to the proxy at a
> third address. If the packets go to a DNS server that is not the one you
> think it should be, also a virus. If neither of those, then you can sort
> out which DNS is junk; on the computer, the router, the ISP, or worse.
>
> If both the PCs with the problem are running Windows, I would be looking
> at something like the Opachki virus, not DNS poisoning. Specifically
> because your computer has not experienced it, if it is on the same
> network as your wife's.
Neither of those... Virus scanners & Adaware on both computers comes up
empty ... Hmmm.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
