Author Topic: Highjacked DNS records. Need help BIGTIME help please  (Read 26429 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #45 on: January 15, 2016, 04:25:52 PM »
Thank you very much for your replies and your support! I tried to update Avast manually. Then, I scanned again and the same problem was identified.
Nevertheless, I suppose that the problem has not been already fixed and there is no reason for concern!!!

thank you for your help!

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #46 on: January 15, 2016, 04:30:28 PM »
Thank you very much for your replies and your support! I tried to update Avast manually. Then, I scanned again and the same problem was identified.
Nevertheless, I suppose that the problem has not been already fixed and there is no reason for concern!!!

thank you for your help!
I also tried the manual update but there is no new version yet.
(Mine is still 160115-1 from 11:37 this morning).

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #47 on: January 15, 2016, 04:44:59 PM »
Guys, just be patient, it shouldn't take too long...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #48 on: January 15, 2016, 04:52:12 PM »
Guys, just be patient, it shouldn't take too long...
Most folks, when they have a problem, seem to loose patience.
It always seems to return right after the problem is resolved. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline jursa

  • Avast team
  • Jr. Member
  • *
  • Posts: 39
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #49 on: January 15, 2016, 06:34:02 PM »
Hi all,

fix will be delivered in the new VPS update (probably tonight).

Some clarification for this problem:
DNS hijack detetector found an issue with resolving google domains, because all IP addresses returned from this query belongs to your ISP, not to Google. Which is basically DNS hijack on ISP level.
Good article about ISP hijacking here:
https://hackercodex.com/guide/how-to-stop-isp-dns-server-hijacking/
E.g. - "Redirect pings to google to their own IP address. This way speed tests and pings all seem to respond very fast, giving a higher rating. In reality, you are pinging the ISP and not google."

How to test it manually:
- Run the following command: nslookup -q=A google.com
- Then check IP addresses returned from this query on http://www.infobyip.com
- ISP in the result must be "Google Inc.", not your ISP.

Here is an example from some support package delivered today, what was resolved on google.com from client computer:
http://www.infobyip.com/ip-194.78.0.210.html

And good google.com resolve looks like this:
http://www.infobyip.com/ip-173.194.122.18.html

Thnx,
David

Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #50 on: January 15, 2016, 06:52:54 PM »

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #51 on: January 15, 2016, 07:00:55 PM »
I am not experienced with things like that and I am a little bit confused after reading the last two comments. i do not how the run commands and check IP addresses. Do the last two comments mean that we have to make any setting or do we have simply to wait for Avast to fix the problem? Is there any danger?


Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #52 on: January 15, 2016, 07:17:22 PM »
My Home Network Security scans have always shown my home network is secured.
« Last Edit: January 15, 2016, 09:11:40 PM by -midnight »
.

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #53 on: January 15, 2016, 07:45:17 PM »
Hi all,

fix will be delivered in the new VPS update (probably tonight).

Some clarification for this problem:
DNS hijack detetector found an issue with resolving google domains, because all IP addresses returned from this query belongs to your ISP, not to Google. Which is basically DNS hijack on ISP level.
Good article about ISP hijacking here:
https://hackercodex.com/guide/how-to-stop-isp-dns-server-hijacking/
E.g. - "Redirect pings to google to their own IP address. This way speed tests and pings all seem to respond very fast, giving a higher rating. In reality, you are pinging the ISP and not google."

How to test it manually:
- Run the following command: nslookup -q=A google.com
- Then check IP addresses returned from this query on http://www.infobyip.com
- ISP in the result must be "Google Inc.", not your ISP.

Here is an example from some support package delivered today, what was resolved on google.com from client computer:
http://www.infobyip.com/ip-194.78.0.210.html

And good google.com resolve looks like this:
http://www.infobyip.com/ip-173.194.122.18.html

Thnx,
David


Can somebody please help me - where am I supposed to run the following command: nslookup -q=A google.com? In my browser? That's not doing anything though. Command prompt?

I read the article about ISP hijacking. Hopefully this will not break forum rules if I ask about it a bit.

Internet service providers redirects requests for unresponsive servers and non-existent domains to their own ISP-branded, ad-laden search pages.

Does this mean that ISP hijacking is shoving ISP favoured search pages to user? Or does it go even further - going for email and other account passwords?
Because I actually don't remember having this redirecting issue. I think.
« Last Edit: January 15, 2016, 07:51:47 PM by WorriedPerson »

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #54 on: January 15, 2016, 07:49:07 PM »
Do we have to run the command? Is this necessary? Do we have to do something?
I am really confused and I wonder whether there is any danger if we merely wait for Avast to solve the problem.

Offline Filip Braun

  • Avast team
  • Jr. Member
  • *
  • Posts: 97
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #55 on: January 15, 2016, 08:21:00 PM »
Hello all,

Fix for this issue was just released with latest VPS update (16011502).
It should download automatically, based on your settings.
If you want to download it immediately, follow these steps:
  • Go to Settings > Update
  • Click on update in the "VIRUS DEFINITIONS" box
The update will download and your VPS version will be 160115-2.

Thank you for your patience and help,
Filip

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #56 on: January 15, 2016, 08:36:10 PM »
Fix for this issue was just released with latest VPS update (16011502).
The update will download and your VPS version will be 160115-2.
I am sorry, but this fix didn't help.
I installed 160115-2, even rebooted my PC, but I still receive the same error.

20160115_1932_9PWLU_4192011058.zip
9PWLU


Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #57 on: January 15, 2016, 09:06:50 PM »
Fixed here with VPS 160115-2.

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #58 on: January 15, 2016, 09:46:26 PM »
The problem seems to have been fixed for me too! Many thanks for the support provided!

However, I have one more question. Were our DNS records actually highjacked or was it a "false alarm"??? Do we need to change our passwords and do actions like that? if we do not make any further action are we totally safe?

I am waiting for your responses!! Thank you!

REDACTED

  • Guest
Re: Highjacked DNS records. Need help BIGTIME help please
« Reply #59 on: January 15, 2016, 10:32:07 PM »
I am sorry, but this fix didn't help.
I installed 160115-2, even rebooted my PC, but I still receive the same error.

Just to inform the community: The fix is finally OK, but I had to run the "repair" option in my program list to activate it.

Thanks all!
This was my first contact with this forum and the result was more than could be expected for a free version of the tool!