New
#1
Detected DNS cache poisoning attack.
My Eset Smart Security 5 alert me with this message.
Detected DNS cache poisoning attack
Remote IP address:
xxx.xxx.xx.xxx <---<Numbers here.
What exactly is this for?
My Eset Smart Security 5 alert me with this message.
Detected DNS cache poisoning attack
Remote IP address:
xxx.xxx.xx.xxx <---<Numbers here.
What exactly is this for?
"Run an Anti spyware program such as Spyware Terminator to clean your system from any malware", as suggested by one person.
I would suggest instead that you install malwarebytes to remove malware. Also, Microsoft Security Essentials is my favorite Antivirus, but I don't know very much about Eset Smart Security (why didn't it remove the problem? It only notifies you of it? Kinda lame isn't it?). DO NOT uninstall an antivirus through the control panel (if that is what you want to do). Rather, download an antivirus removal tool so that you do not corrupt anything in your system.
However, Eset recommends this method of uninstallation of antivirus software: How do I uninstall or reinstall ESET Smart Security/ESET NOD32 Antivirus? (4.x) - ESET Knowledgebase
Flush the DNS cache and restore MS's Hosts file ...
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.
Now run a full scan with Eset and let me know if it still detects a DNS cache poisoning.
Definitely follow Jacee's instructions.
See World's stealthiest rootkit pushes DNS hijacking trojan • The Register for additional information.
End users who want to know if their systems are infected should check the DNS server settings of their operating system and routers. Compromised systems will show server IP addresses within the following ranges:
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
To check DNS settings on Windows open a command prompt and type "ipconfig /all" and then check the DNS Server field. On a Mac, choose System Preferences and then select Network. Then click on the Advanced button of the active connection. Users may also want to check the DNS servers used by their router.
I agree, very nice. Expert opinion nailed the problem exactly. Thats why we should all go to university :)
Following the advice from both Jacee and Corrine is a very wise thing to do!
Hello - I know this is an old thread, but this is exactly the problem I am having - except I think it is seeing my own IP address? It is the same IP address every time - I only just installed ESET Smart Security yesterday - it is updated and has run a scan with no detection.
I have done the above "flush.bat" instructions and the computer rebooted ok, and as soon as I opened a web page I got the same error as the OP: Detected DNS cache poisoning attack - with my own IP.
I ran Malware Bytes and got this report:
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 6.0.6002 Service Pack 2
21/02/2012 11:09:13 AM
mbam-log-2012-02-21 (11-09-13).txt
Scan type: Quick Scan
Objects scanned: 41351
Time elapsed: 2 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)