Windows 7 - myhome.westell.com as dns suffix

I don't recall this entry but that doesn't mean it wasn't there from day one.

IPCONFIG /ALL shows following for the Atheros wireless adapter built into my Toshiba laptop.
--------------------------------------------------------------------------

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : myhome.westell.com
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-F5-BB-C7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bc8f:3906:4767:2847%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.42(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 23 February, 2010 10:09:43
Lease Expires . . . . . . . . . . : Wednesday, 24 February, 2010 10:09:44
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218112355
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-7C-94-00-1E-33-97-25-69
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
---------------------------------------------------------------------
TCPVIEW then gives many entries similar to:
[System Process]:0 TCP karl-pc.myhome.westell.com:49484 nuq04s01-in-f104.1e100.net:http TIME_WAIT

If I've posted this in the wrong forum, please move to the correct location and I'll carry on from there and I apologize for the inconvenience.
Karl

Karl

Everything looks in order. what problem are you having? just concerned abt westell.com in dns?


Let us know

Ken

Yes, why is everything going thru them?

ISP or router thing (no router = isp / modem thing)

Brady,
Please refrain from replies with no factual content.

I apologize if you felt that wasn't factual... I'll rephrase.
Those settings were set from your ISP (internet service provider) or your Router.

True. And I apologize for the abrupt reply. I've been trying to run down a piece of malware (which may be actually harmless in this case) that hides behind nulls in a registry key. I can make the malware ineffective but am trying to run down the source and have been running a little short on sleep and consequently on logic.

Following validates your statement:

C:\Users\karl>nslookup google.com
Server: dslrouter
Address: 192.168.1.1

Non-authoritative answer:
Name: google.com
Addresses: 74.125.19.106
74.125.19.147
74.125.19.104
74.125.19.105
74.125.19.103
74.125.19.99


C:\Users\karl>nslookup dslrouter
Server: dslrouter
Address: 192.168.1.1

Name: dslrouter.myhome.westell.com
Address: 192.168.1.1


In other words, the myhome.westell.com is coming from the router in the local sandwich and salad shop which offers free wifi, good coffee (definitely better than Starbucks) and free refills.

--------------------
karl

If you wish, You can download and install HiJackthis. If you want, copy the contents of the scan in a reply and I'd be happy to take a look.

Thanks but I've already run ComboFix on it and analyzed the results. This one gets by the approaches used by ComboFix and HijackThis.

Am getting ready to run Rootkit Unhooker but first will do a full backup using Win 7's excellent backup (and I'm not being facetious). With Win 7, MS finally got the whole backup and restore sequence correct and reliable.

westell is your dsl modem brand. your computer gets its dns from it via dns bridge. the modem acquires the dns address from the phone company and then sends your computer a dns address equal to the gateway address. it serves dns to your computer and then passes those requests on to the dns offered by the phone company. thats why the dns suffix is displayed the way it is.

the hosts file entries you've noted are likely malicious. they generally represent a trojan that has tried to convince you that an online antivirus popup brand is valid and trustworthy by redirecting your search queries to their own servers.

if you require more information please reply to this thread or baarod@gmail.com