Solved Possible Security Issue - Event Viewer

torre

New Member
Power User
Messages
375
Recently I have received 2 DNS Client Events in the Event Viewer which may indicate malware attempt.

Event Viewer

Name resolution for the name a.rfihub.com timed out after none of the configured DNS servers responded.

Recently, a new browser hijacker virus has attacked thousands of computers, called Rfihub.com.

http://www.yac.mx/en/guides/browser...Rfihub.com-from-Chrome-by-yac-pc-cleaner.html

Name resolution for the name adrtb.liverail.use.1.sunday.sky.com timed out after none of the configured DNS servers responded.

https://www.virustotal.com/en-gb/domain/vop.sundaysky.com/information/


I suppose the fact the server did not respond is good ? I use Windows Defender and Malwarebytes (free) to scan. Neither reports any problem.


Is this a concern ? Anyone experienced similar entries in the Event Viewer ?
 

My Computer

System One

  • OS
    Win 8.1 64bit
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Intel i3, 2348
    Memory
    4GB
    Graphics Card(s)
    Intel HD3000
I've seen similar events several times in event logs in BSOD section posted by other people.

According to: rfihub.com third party host search results | Cookiepedia


This domain is owned by Rocketfuel. The main business activity is: Advertising


The main purpose of cookies set by this host is: Targeting/Advertising

Having restrictive firewall and good browser add on to block tracking and adds is the way to go, to defend against this scum Firm.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Thanks for the reply.

What is meant exactly by "timed out after none of the configured DNS servers responded." Blocked by firewall ?
 

My Computer

System One

  • OS
    Win 8.1 64bit
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Intel i3, 2348
    Memory
    4GB
    Graphics Card(s)
    Intel HD3000
Configured DNS servers are configured in your network adapter.

To figure out why they do not respond try to manually query and see output:
Capture.PNG

The above request timed out because there is no such domain.
it does not mean that 8.8.8.8 server ( which is google server ) does not respond.
DNS client resolution timeouts

You can input:
nslookup
set debug
adrtb.liverail.use.1.sunday.sky.com


to see verbose output by using your configured DNS server(s).

Real question is why does your machine query these domains?
It's most likely that adds contain domains which your browser need to resolve in order to display scum content :)
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Back
Top