MY safe zone browser hijacked! goes to fake google

[DraKuL]

just noticed that the dnshttp.dll file you sent is larger than the one I had.. Only a small difference in the file size though, just wanted to mention it..

[pk]

One more thing: sometimes click on "Reset SafeZone" button (when no process is running on SafeZone -- use "Turn Off" button to terminate them). This will cleanup SafeZone data and reset to default state.

just noticed that the dnshttp.dll file you sent is larger than the one I had.. Only a small difference in the file size though, just wanted to mention it..

latest version is: dnshttp.dll (617,284 bytes), signed on Friday March 4

[Hermite15]

DraKuL, please follow these steps:

1. Disable avast self protection
2. If SafeZone was actived (i.e. you used it after reboot), switch to SafeZone and use Turn Off button (=> it'll terminate all running processes in SafeZone)
3. Download http://public.avast.com/~kurtin/x7.zip (14Mb)
4. Backup (= delete from original location) \Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe (+ SafeZoneBrowser.dll, dnshttp.dll)
5. Unpack x7.zip into \sfzone folder
6. Switch to SafeZone, was it fixed or not?

pk, I hope you have a shorter/easier fix at hand...!!
Not every user is able to do this.

hmm Asyn, they first have to know if mailshell DNS is the faulty link or not, so they're just experimenting with the patch right now... once they know for sure where the network issue comes from, they'll probably send an update for everyone through Avast updater

[DraKuL]

One more thing: sometimes click on "Reset SafeZone" button (when no process is running on SafeZone -- use "Turn Off" button to terminate them). This will cleanup SafeZone data and reset to default state.

just noticed that the dnshttp.dll file you sent is larger than the one I had.. Only a small difference in the file size though, just wanted to mention it..

latest version is: dnshttp.dll (617,284 bytes), signed on Friday March 4

After resetting the SZ, flushing DNS, with the OLD files - and with the old DLL file I had - I get redirected.. Then I reset SZ, flushed dns, patched ONLY the dll file then it works fine!

the dll file I have is  605,096bytes..

PS - I referred to dnshttp.dll as the dll file.

[pk]

please rephrase the answer
you got redirected with 605 or 617 version?

605,096bytes version is beta5 (don't know when it was released, maybe in old avast beta version)
617,384bytes is final version

not sure if it's the main reason -- could you still play with those two DLL versions and verify it?

[Hermite15]

anyway... this is a serious blow thrown at SafeZone security... not sure how it's gonna be possible to trust it in the future. I may be wrong but Avast does't seem to control the DNS server, hosted and maybe also managed by mailshell. The issue will be solved I'm sure, but what tells that it can't happen again...

[DraKuL]

please rephrase the answer
you got redirected with 605 or 617 version?

605,096bytes version is beta5 (don't know when it was released, maybe in old avast beta version)
617,384bytes is final version

not sure if it's the main reason -- could you still play with those two DLL versions and verify it?

I never used a beta version of Avast and I update my AV  daily.. I have now patched SZ folder with 605(the older version) it shows as 590KB where as the new one is 603KB.. Anyway the weird part is, I flushed dns, reset SZ several times with the old patch files and the old dll file(605) sometimes I get redirected and sometimes its working fine..

[DraKuL]

Well earlier it was reproducable, 5 out of 10 times I was redirected.. but not anymore.. I played around with the 2 dll files - swapping them but still couldnt reproduce it..

EDIT: there was an avast update a few minutes ago, after that, the issue is back..

EDIT*:
AFTER the update, OLD patch, OLD DLL file, dns flushed, SZ reset - proplem persists.

Then OLD patch, NEW DLL file, dns flushed, SZ reset - problem persists.

Then NEW patch, removed dll file, dns flushed, SZ reset - working fine.

Again OLD patch, New DLL, dns flushed SZ reset - working fine..

Atleast we know that its not caused by the old dll file..

[dagrev]

DraKuL, thanks for trying all this to help avast fix the problem.  I just don't have time to fool with all this tinkering around today.  I'll wait for the patch, but thanks for all your work on testing.

[DraKuL]

Also I just noticed that whenever I manually update Avast, the patch file is replaced to the old file.. New one - 602KB, OLD - 591KB.. Everytime I update it downloads that old dll file and replaces the new one..

[DraKuL]

DraKuL, thanks for trying all this to help avast fix the problem.  I just don't have time to fool with all this tinkering around today.  I'll wait for the patch, but thanks for all your work on testing.

Well I wanted this to be resolved asap and since only a few people are experiencing this I did all this.. Anyway its pretty late now, I'm off to sleep, hope they come up with a solution..

[Nesivos]

Ok so I just copy pasted the old files and still it works fine.. So I'm not sure if it was resolved because I patched the files.. Like I said this happens on and off I think..

DNS records are usualy cached, you can use: "ipconfig /flushdns"

Here is a link to a little more information about "ipconfig /flushdns" and How to Flush DNS

How to Flush DNS in Microsoft Windows

Turning Off DNS Caching under Microsoft Windows

Tuning DNS Caching under Microsoft Windows

http://www.tech-faq.com/how-to-flush-dns.html

[BTCentral]

One more thing: sometimes click on "Reset SafeZone" button (when no process is running on SafeZone -- use "Turn Off" button to terminate them). This will cleanup SafeZone data and reset to default state.

just noticed that the dnshttp.dll file you sent is larger than the one I had.. Only a small difference in the file size though, just wanted to mention it..

latest version is: dnshttp.dll (617,284 bytes), signed on Friday March 4

Though I am not having this (DNS) issue, I can confirm the "x7_old.zip" file contains a different version of dnshttp.dll to the one installed when you run the AVIS 6.0.1000 setup.

The dll included with the AVIS installer is version 1.0.0.0 - 590 KB (605,096 bytes), was signed on 23 February 2011 and has an MD5 hash of B9F9E6D7D1DD21440690049CD604BF33
The dll in x7_old.zip is version 1.1.0.0 - 602 KB (617,384 bytes), was signed on 04 March 2011 and has an MD5 hash of 44E5566011ECBCD6D7EE2D2D945807D7

[pk]

There's no problem with different dnshttp.dll versions (official build 1000 uses beta5: 605Kb version), beta 1044 uses final version (607kb). Both versions should work. There were only minor changes in 607kb version.

We're still waiting for mailshell guys' reply.

[dagrev]

We're still waiting for mailshell guys' reply.

From the Mailshell site:
Key Features & Benefits
Why Use Mailshell DNS SDK?

   "First DNS service with military-grade encryption."

Somebodies military is unsafe!