Flyby Spud
User avatar
Posts: 266
Joined: Tue Aug 28, 2012 12:58 pm

Strange DNS Errors In Windows Logs...Malware?

Postby Egg » Sun Dec 08, 2013 3:30 am

Hey guys. I'm noticing a couple odd DNS errors in my Windows Logs.

#1
Name resolution for the name http://www.crawlability.com timed out after none of the configured DNS servers responded.

#2
Name resolution for the name http://www.clubfiat.net timed out after none of the configured DNS servers responded.


Normally I wouldn't think much of this, but earlier this evening I was viewing a website called "Encyclopedia Dramatica", and allowed it through NoScript in order to see some content. Apparently it's not a trustworthy site, because I immediately got an XXX popup in Firefox. I *never* get popups in Firefox with my current config. Even more troubling is that when I googled this problem, I was only able to find this post, which cites the same two DNS urls. I find it hard to believe that we both got the same errors by chance.

Do you guys think I picked something up?

Flyby Spud
User avatar
Posts: 223
Joined: Thu Aug 30, 2012 1:36 am
Location: Definitely Not Seattle, Washington

Re: Strange DNS Errors In Windows Logs...Malware?

Postby One Fan To Another » Sun Dec 08, 2013 3:40 am

Egg wrote:Hey guys. I'm noticing a couple odd DNS errors in my Windows Logs.

#1
Name resolution for the name http://www.crawlability.com timed out after none of the configured DNS servers responded.

#2
Name resolution for the name http://www.clubfiat.net timed out after none of the configured DNS servers responded.


Normally I wouldn't think much of this, but earlier this evening I was viewing a website called "Encyclopedia Dramatica", and allowed it through NoScript in order to see some content. Apparently it's not a trustworthy site, because I immediately got an XXX popup in Firefox. I *never* get popups in Firefox with my current config. Even more troubling is that when I googled this problem, I was only able to find this post, which sites the same two websites.

Do you guys think I picked something up?


You must have. Encyclopedia Dramatica is a huge site. It wouldn't have genuine XXX popups. The site itself has entries of porn images because it covers crude material, but it doesn't advertise it.

Recently, I was getting a strange full window popup that was a blank white page with the Google Chrome circle logo at the top and the sentence (something along these lines) "Your browser's video player appears to be out of date. Please click hear to update" with a button below the sentence to download a supposed update. I never clicked it, of course, 'cause I'm not a stupid a$$-hole. But, when I used Malware-Bytes to clean my computer, which required a restart, it locked the computer - completely. I had to F8 and chose to revert back to a saved state from a few days prior just to get back into my shit (luckily I hadn't changed anything between the dates). Yet, the popup never came back. When I checked the popup's origins, or where the link in it would have directed me, it turned out to be some random address that did nothing. I even tried Googling every single variance of the popup's description and never found a single relevant result.

In conclusion: yes, you picked something up.

Flyby Spud
User avatar
Posts: 266
Joined: Tue Aug 28, 2012 12:58 pm

Re: Strange DNS Errors In Windows Logs...Malware?

Postby Egg » Sun Dec 08, 2013 3:46 am

Damn. For the record though, it absolutely came from Encyclopedia Dramatica. The popup was instantaneous after I allowed it through NoScript. Aside from the popup though, I haven't seen anything else strange, from my AV program or otherwise. Aside from those DNS logs of course.

Flyby Spud
User avatar
Posts: 223
Joined: Thu Aug 30, 2012 1:36 am
Location: Definitely Not Seattle, Washington

Re: Strange DNS Errors In Windows Logs...Malware?

Postby One Fan To Another » Sun Dec 08, 2013 4:00 am

Egg wrote:Damn. For the record though, it absolutely came from Encyclopedia Dramatica. The popup was instantaneous after I allowed it through NoScript. Aside from the popup though, I haven't seen anything else strange, from my AV program or otherwise. Aside from those DNS logs of course.


Hmm, well that forum you linked mentioned that a once off DNS error is often caused by to many requests sent at once. So, if it doesn't happen again who cares? The popup I was getting seemed to happen everyday.

Then again the popup I was getting was found by Malware Bytes and eliminated. If you run a top notch ant-virus and it finds nothing, and you don't notice the problem again, then I guess you have nothing to worry about.

Have you been to ED before? I use that site every once in a while for a good laugh and I've never noticed any popups.

Flyby Spud
User avatar
Posts: 266
Joined: Tue Aug 28, 2012 12:58 pm

Re: Strange DNS Errors In Windows Logs...Malware?

Postby Egg » Sun Dec 08, 2013 4:46 am

Yeah....but the problem is, I've never been to either of those sites, so there's no reason they should be appearing as a DNS error. The guy I found in the google search specifically mentioned those two as well, which is what concerns me the most (what are the chances?). I have virtually all advertising blocked at all times, so I can't see them coming from an advertisement elsewhere. The logs also appeared a couple hours after the incident, and I could find no prior instances of them (though my windows install is only about a month old). Google is turning up very little info.

To elaborate on the actual event, I was viewing an article which had inline video content which was blocked by NoScript. They looked like standard Youtube frames, so I allowed only the main Encyclopedia Dramatica site through. I don't think ED would intentionally host something, but since it's a wiki site which anyone is allowed to edit, it's possible that one of the users could have.

If I did get something, it's fairly stealthy. Neither Malwarebytes or MSSE detect anything. I'm interested to hear more thoughts.

Flyby Spud
User avatar
Posts: 266
Joined: Tue Aug 28, 2012 12:58 pm

Re: Strange DNS Errors In Windows Logs...Malware?

Postby Egg » Sun Dec 08, 2013 5:28 am

Okay......totally bizarre. I'm seeing the DNS errors for the clubfiat.net site on my laptop now, over the past hour. I'm just using this laptop for a trial of Windows 8.1 and have done virtually nothing with it so far. WTF?

Flyby Spud
User avatar
Posts: 266
Joined: Tue Aug 28, 2012 12:58 pm

Re: Strange DNS Errors In Windows Logs...Malware?

Postby Egg » Sat Dec 14, 2013 3:51 am

Turned out to be something specifically related to visiting the Tech Report site. Occurs on every machine I've tested so far, and only when visiting that particular site. So far I've been unable to find any trace of malware whatsoever. It's weird, but seems benign.

Flyby Spud
User avatar
Posts: 223
Joined: Thu Aug 30, 2012 1:36 am
Location: Definitely Not Seattle, Washington

Re: Strange DNS Errors In Windows Logs...Malware?

Postby One Fan To Another » Mon Dec 16, 2013 8:36 pm

Egg wrote:Turned out to be something specifically related to visiting the Tech Report site. Occurs on every machine I've tested so far, and only when visiting that particular site. So far I've been unable to find any trace of malware whatsoever. It's weird, but seems benign.


Weird. Nothing happens when I go there (not that I expected it to). If it doesn't do anything malicious than I guess things could be worse.

Tater Tot
Posts: 1
Joined: Thu Dec 11, 2014 11:24 am

Strange DNS Errors In Windows Logs Malware

Postby ParabikMimer » Fri Dec 12, 2014 2:42 pm

I would like to request for a license of Emsisoft Anti-Malware. Thank you very much.

Spud Raider
Site Admin
User avatar
Posts: 760
Joined: Sat Apr 14, 2012 5:21 pm
Location: Dallas, TX USA

Re: Strange DNS Errors In Windows Logs...Malware?

Postby ZeroGuardian » Fri Dec 12, 2014 3:12 pm

ParabikMimer, I'm not sure why you even posted what you did, but there is no one here that can assist you with that.
Image
If you make it idiot proof, they will just make a better idiot.

Spud Raider
User avatar
Posts: 584
Joined: Sat Sep 01, 2012 11:34 am
Location: Erie, PA, USA

Re: Strange DNS Errors In Windows Logs Malware

Postby Ronin » Fri Dec 19, 2014 10:05 am

ParabikMimer wrote:I would like to request for a license of Emsisoft Anti-Malware. Thank you very much.


And I'd like a pony while you're at it.
After seeing and hearing about the amazing rigs that many people have on these forums; it seems rather silly for me to the specs of my very modest gaming PC. It works and that's good enough for me.

Return to Software / Applications

Who is online

Users browsing this forum: No registered users and 1 guest