wpad.domain.name and dreesfootler.uno

[AdvancedSetup]

Please see if this applies to you or not @Trifoilum

 

Fixing Malware Detection Alerts From WPAD.dat
https://businesshelp.avast.com/Content/Products/AfB_Management_Consoles/DeviceManagement/WPADdetectionalerts.htm#

 

 

[Trifoilum]

On 8/25/2023 at 3:14 PM, AdvancedSetup said:

Please see if this applies to you or not @Trifoilum

 

Fixing Malware Detection Alerts From WPAD.dat
https://businesshelp.avast.com/Content/Products/AfB_Management_Consoles/DeviceManagement/WPADdetectionalerts.htm#

 

 

...I'd like to think it does. I mean, it sure explains why the constant pinging even after so much scanning.

Also, I've been connecting to the Internet with my mobile data, and I find that the WPAD issue stops completely. A few hours have passed and there's zero alert. So most likely there's some kind of mess in the Wi-Fi I'm using.

...But the steps on this site looks overtly confusing O_O. Can I ask for another guide?

[AdvancedSetup]

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

• Disable acceptance of ICMP Pings
• Change the Default Router password using a Strong Password
• Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
• Disable Remote Management
• Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
  Example: Keep IoT devices on one network and mobile devices on another.
• Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
• Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
• Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
• Document passwords created and store them in a safe but accessible location.

 

 

If nothing else try shutting down the computer and leave it off.

Then unplug the modem/router and leave them off without power for 5 minutes.

Then plug the modem/router back in and leave them run for at least 2 minutes

Then power the computer back on and see if any change

 

[Trifoilum]

Alright, will try at least turning it off and on first.

[AdvancedSetup]

After you power cycle everything, please get me a new set of Farbar logs

 

FRST.TXT
ADDITION.TXT

 

Thanks

 

[Trifoilum]

Update, I haven't done any reset because things are busy and there's a lot of people in the house right now. Apologies! Will do it tomorrow. >_<

[AdvancedSetup]

Thank you for the update @Trifoilum

[Trifoilum]

....so I finally restarted the whole thing and the WPAD issue still persists.

Furthermore, I tried running Farbar. First it updated, but when I try to select Fix, the program said it cannot run because it required fixlist.txt.

And then when I run it the second time... This warning from Avast appears. That being said, further scan gives no result.

 

[Trifoilum]

Casual googling seems to indicate that this is a false positive from Avast?

Should I redownload FRST and then run it on safe mode again?

[AdvancedSetup]

You click on FIX but you should have clicked on SCAN from Farbar

Please temporarily disable Avast if needed and run Farbar again and click on the SCAN button

Make sure you have a check mark in the ADDITION.TXT check box

I'll check back on you again some time tomorrow. It's now 1 AM for me.

 

[Trifoilum]

Alright, no worries! Attached here are FRST.txt and Addition.txt!

for now I'll try logging into my router to prepare for updating my firmware.

 

Addition.txt FRST.txt

[AdvancedSetup]

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

• Disable acceptance of ICMP Pings
• Change the Default Router password using a Strong Password
• Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
• Disable Remote Management
• Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
  Example: Keep IoT devices on one network and mobile devices on another.
• Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
• Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
• Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
• Document passwords created and store them in a safe but accessible location.

 

 

[AdvancedSetup]

Perhaps also try uninstalling Avast temporarily and using their removal tool to remove all traces

Then see how the computer runs without it

Then if wanted, reinstall it?

 

https://support.avira.com/hc/en-us/articles/360003162153-How-do-I-uninstall-my-Avira-product-

 

[Trifoilum]

Alright, will do. I need to ask my brother in law because he's the one who installed the router, so it may take a while.

[AdvancedSetup]

No rush on my part. I'll be here when you're ready (assuming it's within the next few days)

Cheers @Trifoilum

 

[Trifoilum]

Hello, I'm coming back with a little bit of an update.

I cannot find the user manual for now, so updating the firmware becomes a bit risky.

Asking my brother in law also leads nowhere. It's been a while since we installed the router.

Disabling proxy requests and restarting also doesn't help.

At this rate I'm considering uninstalling avast. But I don't know if Microsoft Defender (and Malwarebytes) alone is enough to protect this.

[AdvancedSetup]

Do you have a paid subscription for Malwarebytes? @Trifoilum

If you do then Malwarebytes is just as capable of protecting the computer as Avast in testing. By adding Windows Defender to work alongside Malwarebytes it makes it even stronger.

 

[Trifoilum]

Oh, goodness gracious, been a while since I have the time to sort this out. My deepest apologies!

Let's see--

I've managed to access the router. Because of that I also managed to find the specific type of my router (D-Link DIR-612), the user manual, and the firmware.

From here, the way I see it I have to factory reset my modem, and then update the firmware, and then reestablish the connection. After that then I'll see if the problem still exist--if yes, then I'll probably consider uninstalling Avast.

Re: Paid subscription, I'm afraid I don't have any. And then I realize that microsoft defender is no longer free... Hmm. 

[AdvancedSetup]

Hello @Trifoilum

I'm just now back from vacation myself.

How are things going at this time?

FYI - Microsoft Windows Defender is still very much free and part of Windows 10 and 11 both. Yes, they do have a version sold mostly for business that includes some other features.

 

[Trifoilum]

Glad to hear that and I hope the vacation is good. Also good to hear re: Microsoft Windows Defender. I guess I'll try looking at it once more!

So I've googled around and there's someone who said to change a particular setting in the router from domain.name to domain.local. I tried that, and... there's been some MAJOR reduction. Not completely gone, I don't think--but it's reduced from like, 5 times an hour to once every couple hours. I'm not sure what happened, but we'll see for now.

Once more, @AdvancedSetup, thank you so much for the assistance. 

Of course, if you want to consider this case closed and close the thread, I think I'll be fine with it at this point. Any further issues is probably tied to the router...if not the ISP.

Edited September 20, 2023 by Trifoilum

[AdvancedSetup]

Let me check with a colleague that probably has a lot more recent experience in this area and see what they think and get back to you a bit later on.

 

[AdvancedSetup]

Let me send you a Private Message for some follow up

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you