Author Topic: WIFI Inspector Alert  (Read 1288 times)

0 Members and 1 Guest are viewing this topic.

Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
WIFI Inspector Alert
« on: September 26, 2017, 07:55:51 PM »
Seeing the below error while Wifi Inspector runs. Any ideas how to fix it.
I have set the DNS to Google DNS in the WIfi Adapter and in the router too. Still seeing those alerts.


Description
This device has been compromised and your network connections are being routed through a malicious remote DNS server.
This device's settings have been changed by an attacker.
Catalogue ID HNS-DNS-HIJACK
Details
Risks
Traffic to important sites (like banks) can be redirected to fake copies created by attackers.
Attackers can intercept and view all communications on your network.
Hijacked domain myspace.com
Hijacked domain vk.com

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37128
Re: WIFI Inspector Alert
« Reply #1 on: September 26, 2017, 08:18:24 PM »
If you click on "Details" what does it say?


Check router here  >>  https://www.f-secure.com/en/web/labs_global/router-checker
what does it say


Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
Re: WIFI Inspector Alert
« Reply #2 on: September 26, 2017, 08:37:37 PM »
DDNS is disabled as per the troubleshooting of router. DNS set to 8.8.8.8 and 8.8.4.4
F-Sucure Router Checker is good. Unsure what is the exact issue.

Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
Re: WIFI Inspector Alert
« Reply #3 on: September 26, 2017, 08:39:43 PM »
However, my router account gets locked out and I have to forcibly reset my router to log in.
Any ideas!!!!


Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
Re: WIFI Inspector Alert
« Reply #4 on: September 26, 2017, 08:42:41 PM »
However, interestingly the alert is showing for the desktop not for the router by avast.
I have set the DNS in the WIfi NIC to 8.8.8.8 and 8.8.4.4

Now, im really connfused whether there is an issue with the router or the laptop

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37128
Re: WIFI Inspector Alert
« Reply #5 on: September 26, 2017, 08:43:16 PM »
Try factory reset your router, if avast still report the same issue i recomend follow instructions here  >> https://forum.avast.com/index.php?topic=194892.0

Attch requested diagnostic logs and a malware expert will have a look



Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
Re: WIFI Inspector Alert
« Reply #6 on: September 26, 2017, 08:48:12 PM »
Let me do that first thing in the morning. Will revert back as soon as i can.

Offline Raj_goswami

  • Jr. Member
  • **
  • Posts: 21
Re: WIFI Inspector Alert
« Reply #7 on: September 26, 2017, 09:21:17 PM »
Below is my hosts file which malwarebyte continue to detect as malware.
Everything else is good. I'm going to do a router reset and see what happens.


# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 ca.telemetry.microsoft.com
0.0.0.0 cache.datamart.windows.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 db3wns2011111.wns.windows.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 fe3.delivery.dsp.mp.microsoft.com.nsatc.net
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 m.hotmail.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-207-46-194-33.search.msn.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 pricelist.skype.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 schemas.microsoft.akadns.net 
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings.data.microsof.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sO.2mdn.net
0.0.0.0 spynet2.microsoft.com
0.0.0.0 spynetalt.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com.nsat-c.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 v10.vortex-win.data.microsoft.com
0.0.0.0 view.atdmt.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 win10.ipv6.microsoft.com
0.0.0.0 www.msftncsi.com
0.0.0.0 keystone.mwbsys.com
127.0.0.1 license.piriform.com
127.0.0.1 www.mefeedia.com
127.0.0.2 www.mefeedia.com
127.0.0.1 delivery.anchorfree.us/land.php
127.0.0.1 http://www.hsselite.com
127.0.0.1 http://www.hsselite.com/trial/step2.php
127.0.0.1 techbrowsing.com/away.php
127.0.0.3 techbrowsing.com/away.php
127.0.0.1 http://www.driver-soft.com
127.0.0.1 www.driver-soft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsat-c.net
0.0.0.0 telecommand.telemetry.microsoft.com.nsat-c.net
0.0.0.0 telecommand.telemetry.microsoft.com.nsat-c.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 keystone.mwbsys.com