DNS hijack found by Wifi Inspector in my device(PC) , i'm also using NordVPN

[ckc037]

DNS hijack found by Wifi Inspector in my device(PC)  (HNS-DNS-HIJACK)

i'm also using NordVPN along with avast internet security

is this just because i've nordvpn installed or is it really a dns hijack issue

another question is : is dns hijack done at the router OR wifi adapter(wifi/lan interface) OR inside the device(like hacked software inside pc/tablet)

[ckc037]

update: when i did not connect with nordvpn(normal connection) wifi inspector says everything is fine

[Roger1959]

Hi ckc037 - I have the same thing happen with the NordVPN all the time. I do believe that Avast wants you to think you have a problem so that you'll purchase their VPN software. Hopefully an Avast employee can either confirm or deny this. I tend to doubt it though...

[RtFoW]

 (PC)  (HNS-DNS-HIJACK). When I checked my win 7 and win 10 thru a comcast modem with express VPN. avast WiFi found nothing. Then when I changed over to nord VPN. avast WiFi inspector. said infected on both win 7 and win 10. So I turn off nord VPN reran avast WiFi inspector and everything was fine. Turn Nord on and I was infected again. The truly amazing thing is my win 7 is on a LAN only................................( let still failed ). Windows 10 was the only one on WiFi. Chatted with Nord and they said it's because Avast and Nord do not confer with each other.   ...So in closing it's not a case of he said she said..it's a case on No we don't speak to each other. Hope they get in figured out. But Roger1959 my be right.

[MrDJ]

i can confirm i am also getting this.
win 7 pro
nord vpn
checked on wifi and ethernet with wifi turned off.

[Pondus]

DNS hijack found by Wifi Inspector in my device(PC) , i'm also using NordVPN

Try turn off avast real site .... did that change anything?


avast real site FAQ   

https://support.avast.com/en-ae/article/Antivirus-Real-Site-FAQ/

https://support.avast.com/en-ae/article/193/

[Pondus]

posting useless messages will not help you   

[HK]

Hello,

I can confirm DNS Hijack vulnerability is detected when connected to Nord VPN, it is caused by Nord VPN's feature called CyberSec. In this particular case CyberSec redirects ib.adnxs.com and widgets.outbrain.com to 103.86.99.99 which was detected by Wi-Fi Insepctor as DNS Hijack.

We put these addresses (ib.adnxs.com and widgets.outbrain.com) on whitelist so DNS Hijack vulnerability should not be detected anymore. Fix will be delivered via virus definition update at the start of next week.

Thank you for all your reports,
HK

[anonymus230740]

Hello HK,

I have the same problem with the Surf Shark VPN.
If the Surf Shark VPN is enabled, there is a hacked DNS alert message. If the VPN is disabled, no alert message.
I'm on Windows 10 with Avast premium security 20.1.2397 (version 20.1.5069.537).
I tried to deactivate the Real Site function, but the problem remains the same. Wifi inspector detects a problem with the DNS.

For avast teams: Would it be possible to do the same operation with Surf Shark as with Nord VPN, so that there are no more DNS alert messages hacked when the Surf Shark VPN is activated, if please?

thank you very much in advance

[jursa]

Hello HK,

I have the same problem with the Surf Shark VPN.
If the Surf Shark VPN is enabled, there is a hacked DNS alert message. If the VPN is disabled, no alert message.
I'm on Windows 10 with Avast premium security 20.1.2397 (version 20.1.5069.537).
I tried to deactivate the Real Site function, but the problem remains the same. Wifi inspector detects a problem with the DNS.

For avast teams: Would it be possible to do the same operation with Surf Shark as with Nord VPN, so that there are no more DNS alert messages hacked when the Surf Shark VPN is activated, if please?

thank you very much in advance

Hi, can you post here the printscreen of Wifi inspector result (we would like to see reported IP/domains) ? This is probably a false positive with Surf Shark VPN in DNS hijack detector.

Thank you,
David

[lukor]

Hi guys, I just wanted to clarify -- this is not a false positive. NordVPN is really modifying DNS results and by doing this they most probably block some ad portals (not sure, maybe to speed up browsing). We agree that this is not a threat, so we will update our code to ignore this issue, otherwise, it is a regular DNS tampering detection. Ad networks are frequent attack targets for malware authors - after all, they are present in basically every page you visit. This is the reason why we check a bunch of them in Wifi Inspector DNS-hijack test.