Jump to content
zorba

Possible FP Trojan.DNSChanger

Recommended Posts

Hi thereI got 2 instances of this  possible fp detected which I quarantined:- 

*****************************************************************************************************************************************************************************************

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F0672BC0-CC99-4A3F-B690-3D27BB94A67F}|NameServer, No Action By User, [2874], [584838],1.0.7443
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68AF7EFA-E565-4D6B-BE5C-D0B05C9DC84F}|NameServer, No Action By User, [2874], [584838],1.0.7443

******************************************************************************************************************************************************************************************

I noticed that this issue (which only occured in the last few days) related solely to TCP/IPv4 DNSWatch alternative setting.   DNSWatch preferred setting on its own 84.200.70.40 was fine when no alternative setting was used. However when I used the DNSWatch alternative setting  84.200.69.80 MBAM threat scan removed the secondary entry after detecting both as Trojan.DNSChanger.

I repeated the test a number of times using the threat scan after each change.

To establish if this related solely to DNSWatch I tried using  4/5 different DNS servers with no problems, or issues, when using preferred and alternative settings together. Currently I am using Cloudflare  dns settings 1.1.1.1 - 1.0.0.1 and over the last few days there have been no more warnings from Threat scan.

This is something that you can easily test in 5/10 minutes by using DNSwatch preferred and alternative settings on ethernet/wireless etc, then running a 6/7 minute threat scan.

It is possible a recent update may have caused this issue. The fact that the issue only occurs with one dns provider may indicate a fp. You would know after checking if this is so.

Best wishes,

Howard

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.