malware warning

Question

malware warning

minhhungit opened this issue 2 months ago · comments

Marco Realacci · Answer 1 · Thu May 23 2024 09:37:02 GMT+0800 (China Standard Time)

One of the devices in your network attempted to resolve the FQDN ssd3.iltuohosting.it, malwarebytes identified it as malware.
The issue is not related to Technitium DNS Server in any way

Jin · Answer 2 · Thu May 23 2024 10:23:01 GMT+0800 (China Standard Time)

No @notherealmarco The antivirus just show that message when only I install technitium. It has never show that before installing dns server, and after uninstall the dns server. So I think the dns server might has problem

Shreyas Zare · Answer 3 · Thu May 23 2024 14:33:58 GMT+0800 (China Standard Time)

Thanks for the post. However, its what @notherealmarco already said. Some client on your network queried for that domain and the AV running on your DNS server picked it up.

Now that this shows up only after installing the DNS server is because now your client's DNS requests are coming to this server running Malwarebytes. Prior to that, those DNS request probably were going to your router directly.

This all assumes that you have downloaded the DNS server from the official website and not from any 3rd party website. I you have doubts about the downloaded file, you can verify the SHA256 hash of the file with the one published on the website.

Jin · Answer 4 · Thu May 23 2024 16:29:02 GMT+0800 (China Standard Time)

Thanks for the quick reply, guys @ShreyasZare @notherealmarco

Just to provide more information:

I installed DNS Server on my PC, and an antivirus program is also installed on the same PC.
I downloaded DNS Server directly from https://technitium.com/dns/, version 12.1.
However, I couldn't find where the SHA256 is listed.

Shreyas Zare · Answer 5 · Thu May 23 2024 17:11:45 GMT+0800 (China Standard Time)

You can find the SHA256 hash a bit below the download link:

Jin · Answer 6 · Fri May 24 2024 03:09:59 GMT+0800 (China Standard Time)

Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?

Shreyas Zare · Answer 7 · Fri May 24 2024 17:11:25 GMT+0800 (China Standard Time)

Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?

Yes, there are DNS query logs that you can see from the admin panel. But, you have to enable query logging from settings first and only then the queries will be logged. You can also install the Query Logs (sqlite) app and check for logs in Logs > Query Logs section on the panel.

Jin · Answer 8 · Tue May 28 2024 03:33:12 GMT+0800 (China Standard Time)

I found it; this is the problem: https://www.mesta-automation.com/feed
I have an RSS crawler on my PC, and it tried to fetch that channel. So, it's not related to Technitium.