Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Avast wifi inspecor, gives vulnerability alert, if i change google dns

20 May 2017   #1
jraju

windows 7 ultimate 32 bit
 
 
Avast wifi inspecor, gives vulnerability alert, if i change google dns

I have scanned my pc with wifi inspector, and found dns hijack vulnerabilities if i opted to obtain dns server address automatically. It produces results to the effect, that some hijacked domain like yandex.ru, and vk.com are vulnerable and could fetch me fake bank online address etc.etc.When i changed the dns server to the google dns, and then scan it, it produces no such vulnerabillities on subsequent future scans.
My question is how those com are found out by avast. Could the router dns server address be infected. please reply
My sub query is how those com address are found by the wifi inspector, of which there are no entries shown in router on my perusal
My computer is said to be having no vulnerabilities, so i suspect the only thing that is possible. Is my presumption correct? expecting a detailed reply


My System SpecsSystem Spec
.
20 May 2017   #2
jraju

windows 7 ultimate 32 bit
 
 

Hi, in support of my query , i am enclosing the png


Attached Thumbnails
Avast wifi inspecor, gives vulnerability alert, if i change google dns-dnshijack-found.png   Avast wifi inspecor, gives vulnerability alert, if i change google dns-freshscanafterdnschange.jpg  
My System SpecsSystem Spec
20 May 2017   #3
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

There are a couple of ways to find what DNS server you are using and Avast might be using one of them to figure out what DNS server you are using.

Method 1: Dos or Powershell command "nslookup www.google.com"

Code:
PS C:\WINDOWS\system32> nslookup www.google.com
Server:  pi
Address:  192.168.100.104

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4004:802::2004
          172.217.10.132

PS C:\WINDOWS\system32>
Your results will be different because I run my own DNS server locally.

In my case the DNS server name is Pi and the IP of my server is 192.168.100.104


Method 2: Dos or Powershell command "ipconfig /all"

Code:
PS C:\WINDOWS\system32> ipconfig /all
Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : Removed you don't need my Mac 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.100.99(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.100.1
   DHCPv6 IAID . . . . . . . . . . . : 237005450
   DHCPv6 Client DUID. . . . . . . . : Removed you don't need my Mac
   DNS Servers . . . . . . . . . . . : 192.168.100.104
                                       192.168.100.102
   NetBIOS over Tcpip. . . . . . . . : Enabled
This shows my DNS Servers 192.168.100.104 and 192.168.100.102

I do not know anything about those .com names but it is easy to change your DNS server's in your ethernet adapter's IPv4 settings. You would have to do a Google search to find the closest reputable DNS server near you.

You could also change DNS servers in your router config, my guess is that you are using your ISP's DNS right now


One reason Avast might be flagging your DNS server is because of the way it resolves sites that do not exist.
EG:
http://www.123rrryyyjjkl.com

should not exist and should return an error page, If you end up at a web site that means the server is redirecting your queries which is frowned upon by security experts. It does not mean they are malicious it's just not the recommended way to treat queries.

Chrome error page:
Avast wifi inspecor, gives vulnerability alert, if i change google dns-dns-warning.png


My System SpecsSystem Spec
.

20 May 2017   #4
jraju

windows 7 ultimate 32 bit
 
 

Hi, Thanks for your reply
On the first test cmd, my server is shown as unknown
Secondly the dns server shown in my case is only one which is given below

Windows IP Configuration

Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : removed as per suggestion
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : removed as per suggestion
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : removed as per suggestion
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
for nslookup cmd
Server: UnKnown
Address: 192.168.1.1

Name: Google
Addresses: 2404:6800:4007:805::2004
216.58.220.36
The click to the link , comes with server error as you have given , when using chrome
please . i expect clarification, since the router checker page does not show any vulnerabilities the last time i scanned. if the dns server of my isp if affected, does not that mean, that those who have enabled to obtain address automatically would also be vulnerable to attacks.
The other question is , even though avast scans by using Lan on my pc, how it comes with those com.pl
My System SpecsSystem Spec
21 May 2017   #5
jraju

windows 7 ultimate 32 bit
 
 

Hi, from avst hns.logs, there were so many checked coms by avast . relevant logs are enclose
d
the log extract;

2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]
My System SpecsSystem Spec
21 May 2017   #6
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

Unfortunately I do not use Avast, I would suggest going to their Forums Avast WEBforum - Index
My System SpecsSystem Spec
21 May 2017   #7
jraju

windows 7 ultimate 32 bit
 
 

No soluti0n fr0m them. would you. Pl gve fix. for unknown server. Is nslookup only works forserver having OS
My System SpecsSystem Spec
22 May 2017   #8
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

Try changing your you DNS server settings

Try this tutorial if your not sure how to do it.
DNS Addressing - How to Change in Windows 7 - Windows 7 Help Forums
My System SpecsSystem Spec
22 May 2017   #9
jraju

windows 7 ultimate 32 bit
 
 

Hi, Thanks . I know how to change the dns server settings in my pc. But nslookup says that it is unknown server and i want a fix to know about my dns server. So only i asked about the commands availabiity of using only in server OS and not in windows 7 stand alone computer. Thanks for detailed help to proceed further.
My System SpecsSystem Spec
22 May 2017   #10
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

I don't know what you mean, just change your DNS server and see what happens. I really can't help you any further.
My System SpecsSystem Spec
Reply

 Avast wifi inspecor, gives vulnerability alert, if i change google dns




Thread Tools




Similar help and support threads
Thread Forum
How to overcome rom 0 vulnerability in a router teracom adsl wifi
Hi, while scanning with avast network scan, an option in avast free antivirus, it shows a rom 0 vulnerability in the router. The check shows port 80 and 21 are shown as vulnerable ports. I have enabled SPI along with firewall in the router settings. Still this vulnerability,...
Network & Sharing
File type assistant and Google alert
Dear Forum, I was working on my computer - looking at the answers to my forum posts and I noticed the following high usage from a program on my CPU. I was wondering if it a regular program. I am not deleting anything from the program files as yet. I just found it quite weird as I have never...
Software
google chrome security alert
for each time i start google chrome lately i get an alert message as follows: "do you want to allow this following program to make changes to this computer?" i have tried unistalling and re-installing the browser... there is no error of certificate or something related... and there are no other...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:09.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App