On Thu, Aug 5, 2010 at 12:03 PM, Surya Sharma buzz@suryas.info wrote:
One of my user using fedora 10, 2.6.27.24-170.2.68, with Firefox
3.5.3.
While browsing some sites it gets redirected to PORN sites.
( Single porn site opens if users misspelled production site name/urls ) ( porn site - kingofporn )
Is it a malware, virus, spyware ...infected..? If yes .... what to do ....is their any spyware, malware remover
available.
Sounds more like DNS poisoning. You'll have to check the hosts file on linux, and also any routers that come in the way for this.
Surya
Hi,
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
C:\Documents and Settings\Administrator>ping 194.109.142.194
Pinging 194.109.142.194 with 32 bytes of data:
Reply from 194.109.142.194: bytes=32 time=277ms TTL=46 Reply from 194.109.142.194: bytes=32 time=278ms TTL=46 Reply from 194.109.142.194: bytes=32 time=277ms TTL=46 Reply from 194.109.142.194: bytes=32 time=280ms TTL=46
Ping statistics for 194.109.142.194: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 277ms, Maximum = 280ms, Average = 278ms
C:\Documents and Settings\Administrator>tracert 194.109.142.194
Tracing route to ds049.xs4all.nl [194.109.142.194] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.1 2 1 ms 68 ms 86 ms abs-static-149.202.102.118.aircel.co.in[118.102 .202.149] 3 1 ms 2 ms 2 ms abs-cn-85.208.79.114.aircel.co.in[114.79.208.85 ] 4 15 ms * 15 ms abs-cn-106.198.148.202.aircel.co.in[202.148.198 .106] 5 * 29 ms 28 ms abs-cn-5.198.148.202.aircel.co.in[202.148.198.5 ] 6 28 ms 28 ms 27 ms abs-cn-185.192.148.202.aircel.co.in[202.148.192 .185] 7 27 ms 29 ms 29 ms abs-cn-70.192.148.202.aircel.co.in[202.148.192. 70] 8 66 ms 65 ms 63 ms ^C C:\Documents and Settings\Administrator>nslookup clamav.net Server: dns2.dwl.co.in Address: 202.148.202.4
Non-authoritative answer: Name: clamav.net.smartdomain.com Address: 208.76.179.25
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : domainserver Primary Dns Suffix . . . . . . . : smartdomain.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : smartdomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : smartdomain.com Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethern et NIC Physical Address. . . . . . . . . : 00-1C-C0-01-77-47 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.4 DNS Servers . . . . . . . . . . . : 202.148.202.4 Lease Obtained. . . . . . . . . . : Thursday, August 05, 2010 4:30:48 AM Lease Expires . . . . . . . . . . : Friday, August 06, 2010 4:30:48 AM