Why should you change your DNS server

2 January, 2012

Questions

How to increase internet speed
How to prevent phishing attacks
How to block proxy websites for schools
How to change DNS server

Wiki DNS Server

DNS Server translates URL names to IP addresses.
It has also been used by ISPs to redirect to advertisements.
http://en.wikipedia.org/wiki/Domain_Name_System

Why do you need a DNS server?

To access any website, say Google, you need to know only its URL, that is http://www.google.com, you need not know the IP address where the website is running from, which is actually an alternate way, http://74.125.236.81/.

DNS server resolves the easy-to-remember URL to its corresponding not-so-easy-to-remember IP address.

Flushing existing DNS

Once resolved, the URL-IP is saved for a few hours/days locally.
Open CMD prompt and give the following commands
ipconfig /flushdns

Benefits of using DNS servers

Faster DNS resolution
Phishing protection
Web content filtering
Detailed statistics
Typo correction
No software to install
Real time protection

Free DNS Providers

Check out each DNS servers to find out what features they provide

Google Free DNS

8.8.8.8
8.8.4.4
http://code.google.com/speed/public-dns/

OpenDNS

208.67.222.222
208.67.220.220
https://store.opendns.com/get/home-free

OpenDNS (Family shield)

208.67.222.123
208.67.220.123

Norton DNS Security

198.153.192.60
198.153.194.60
https://dns.norton.com/dnsweb/dnsForHome.do

How to change DNS

There are two methods to change DNS.

1. Changing DNS for individual computer

Control Panel > Network Connections > {your internet connection} > Properties > Internet Protocol (TCP/IP) > Properties > General tab > Use the following DNS server addresses
Enter the Primary and Secondary DNS Server name.
Note : Changing DNS will not affect your IP address.

Changing DNS settings

Changing DNS settings

2. Changing DNS for the Router for all connected computers

Open the router setting website. Generally http://192.168.0.1/ or http://192.168.1.1/
Enter login ID and password. Generally admin and admin.
Navigate to Interface Setup > LAN
Change DNS Relay option to Use User Discovered DNS Server Only
Enter the Primary and Secondary DNS Server name.
Note : The above mentioned settings may vary from router to router.

DNS Setting for Router

DNS Setting for Router

Hijacked hosts file is an internal security breach

27 December, 2011

Questions

Anti-virus websites are blocked.
Search engines are blocked.
When you try to open a website, some unexpected website loads.
Hosts file is hijacked.

Wiki for HOSTS file

The “hosts” file is a system file used to map hostnames to IP addresses.
By default, there is only one entry in the file.
127.0.0.1 localhost
With this setting, the actual website at http://127.0.0.1/ can be accessed when you enter http://localhost/ in browser.

How would you feel, if you type google.com is any browser and you land somewhere else.

Viruses may modify hosts file for silent phishing attack, blocking anti-virus websites, blocking search engines.

Example

The following modified hosts file will have two implications
Access to the website kaspersky.com will be blocked.
Access to the website google.com will redirect you to yahoo.com(98.137.149.56).
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

# Following redirections may be added by virus
127.0.0.1 kaspersky.com # This will block the kaspersky website
98.137.149.56 google.com # This will redirect to some other website(98.137.149.56), when you try accessing google

Example implementing modified hosts file

The Real Threat

Because of its role in local name resolution, the hosts file represents an attack vector for malicious software.
Viruses modify the hosts file to redirect you to malicious/fraud/unwanted websites when you try to open legitimate website.
On the web-browser’s address bar you will see the correct address that you have entered, but the actual contents will be from the malicious website.

Type 1 : DOS Attack

The file may be hijacked and modified to redirect traffic from the intended destination to sites hosting content that may be offensive or intrusive.
The virus W32.MyDoom@mm used this to create a distributed denial-of-service(DOS) attack in 2004.
http://en.wikipedia.org/wiki/Mydoom.B

Type 2 : Blocking Websites

Some viruses can block your access to the Anti-Virus websites using HOSTS file.
The installed anti-virus will be unable to update its virus-definition.
The search engines may be blocked to prevent you searching for the solution.
http://www.f-secure.com/v-descs/qhost.shtml

Type 3 : Phishing Attack

The banking/social networking websites may be redirected to phishing websites to steal credentials.
http://en.wikipedia.org/wiki/Phishing

Solution

Most of the anti-virus do not fix the hosts file due to complications and it has to be done manually.
Open the following directory
%windir%/system32/drivers/etc/
Create a backup file before you modify the hosts file.
Remove read-only property for hosts file.
Open the file in Notepad.
Delete all lines with suspected URL’s and IP’s contents.
Do not delete the following default line
127.0.0.1 localhost

Heal Pendrive v2.0 uploaded

2 February, 2011

Heal Pendrive v2.0

Download
Finally i finished the v2 for HealPendrive. It has a user friendly GUI and many useful features.

Features:
*This tool can be used to remove virus/suspected files from pendrive.
*Instructions are provided at the botom of each step.
*Build on VB.net, this application is much superior to the previous v1.0
*Improved “hunt-and-delete” has been integrated in this version.
+Automatic selection for connected pendrive.
+Details for the selected drive.
+Displays contents of autorun.inf
+Individual options to fix registries.
+Calls CHKDSK utility to detect and fix bad sectors.
+Most appreciating “hunt-and-delete” feature with multiple options.

Whats not:
-Files marked for deletion are deleted permanently.(not sent to Recycle Bin)
-Registry change is not reversible.
-This tool only to be used on removable drives.

Whats coming:
*Safely remove drive feature in the next builds.

Downloads available

13 September, 2010

The downloads are available now at my new website
http://piyushlabs.com/

Soon i will be starting a forum to answer/discuss virus related problems.
Stay tuned in…
🙂

Unavailability of Downloads

29 July, 2010

hi people,
the downloads are currently unavailable.
I m planning to buy some webspace to host my files, and probably another website.
Previously i was hosting on a free hosting service, and they have deactivated my account and asking me to become premium member. 😦
Looking for some reliable n less costly domain/webspace provider. suggestions are invited.
if you need any of these softwares urgently, then mail me at piyushlabs@gmail.com

How to disable Autorun for drives

17 May, 2009

Follow this procedure . . .
Goto Start > Run > “gpedit.msc”
Goto UserConfiguration > AdministrativeTemplates > Syatem
Select TurnOffAutoplay > Properties > Enabled > AllDrives

Windows File Protection “SFC /SCANNOW”

3 May, 2009

If your Windows files are corrupted/infected by any virus, the best way to restore them is by using Windows File Protection.
Open Start>Run>”cmd”>”sfc /scannow”
The windows file protection will start running.
It scans all protected system files and replaces incorrect versions with correct Microsoft versions.
It will ask you to insert your WindowsXP cd to replace the files.

* You can customize the drive for cd. Open Regedit and goto “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup”. Change “SourcePath” and “ServicePackSourcePath” to your drive letter.

Best way to kill SOUNDMIX.EXE

26 April, 2009

Its very difficult to kill the virus process Soundmix.exe
i found out that this process looks for the presence of a file named “C:\stop.txt”
Generally when you try to kill the virus process, it comes again and again.
Now, create a simple notepad in c:\ and rename it to “stop.txt”
And now, try killing the sounmix.exe
Hola! the process stops…
probably the virus developer used this in testing, but forgot to remove this.. 😉

Online Troubleshooting

25 April, 2009

Hello people,
i am going to start a new service :
Online Troubleshooting via Remote Access
Get your viruses removed, speed up your system, get all problem fixed.

This service will be available free of cost till April 28, 2009 (as an introductory service).

Currently Supporting:
Windows XP

Visit https://piyushlabs.wordpress.com/online-troubleshooting/
for more details.

Auto-status for BorgChat : BorgStatus

7 April, 2009

Borg Chat [link]  is one of the best chatting software on LAN network.

Icon

I have made a small tool for auto-status for Borg Chat.
It simply works with the help of commands “/?” that can be used from the main tab.
Programmed in AutoIt.
BorgStatus
+ Changes status to “away” or “available”
You just need to set your screensaver setting. Activate screensaver, say 5 mins, when the screen saver starts (which means you are not available), this tool will automatically set your BorgChat status to “away”.
When you resume working, screensaver stops, it will set the status to “available”.

+ Dota , CounterStrike
When you play warcraft or cs, this tool will automatically set your status to “busy”.

+ Working
No window. Just works from the tray icon.
No customizations provided.
If you need a customized (paid version) BorgStatus software or want me to make some software for your need, then mail me piyushlabs[at]gmail[dot]com

+ Cost
This trial version , free of cost 🙂

Download
http://piyushlabs.googlepages.com/BorgStatus.exe


%d bloggers like this: