WPAD alert
-
Has anyone ever come across this before?
I have a single machine running the Avast for Business (free verison) that suddenly start spamming alerts
Installed Webroot and Malwarebytes trial and nothing related was found.
Only Avast is alerting on this.
Really do not want to mark it false positive or anything, but I really want to find an answer.
New alerts come every 10 minutes exactly.
-
@JaredBusch said in WPAD alert:
Has anyone ever come across this before?
I have a single machine running the Avast for Business (free verison) that suddenly start spamming alerts
Installed Webroot and Malwarebytes trial and nothing related was found.
Only Avast is alerting on this.
Really do not want to mark it false positive or anything, but I really want to find an answer.
New alerts come every 10 minutes exactly.
Check for Internet Options -> Connections -> Lan settings and see if "Automatically
detect settings" is checked.Also do an nslookup on wpad.net and see what IP comes back. For reference both my office machine and home systems all report 127.0.0.1 for wpad.net
-
@dafyre said in WPAD alert:
@JaredBusch said in WPAD alert:
Has anyone ever come across this before?
I have a single machine running the Avast for Business (free verison) that suddenly start spamming alerts
Installed Webroot and Malwarebytes trial and nothing related was found.
Only Avast is alerting on this.
Really do not want to mark it false positive or anything, but I really want to find an answer.
New alerts come every 10 minutes exactly.
Check for Internet Options -> Connections -> Lan settings and see if "Automatically
detect settings" is checked.Also do an nslookup on wpad.net and see what IP comes back. For reference both my office machine and home systems all report 127.0.0.1 for wpad.net
Disabled in IE but enabled in Edge. I disabled it in Edge and it still sends alerts.
C:\Users\User>ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\User>nslookup Default Server: UnKnown Address: 10.254.101.1 > wpad.net Server: UnKnown Address: 10.254.101.1 Non-authoritative answer: Name: wpad.net.chestnut.net Address: 209.15.13.134 > -
@JaredBusch said in WPAD alert:
@dafyre said in WPAD alert:
@JaredBusch said in WPAD alert:
Has anyone ever come across this before?
I have a single machine running the Avast for Business (free verison) that suddenly start spamming alerts
Installed Webroot and Malwarebytes trial and nothing related was found.
Only Avast is alerting on this.
Really do not want to mark it false positive or anything, but I really want to find an answer.
New alerts come every 10 minutes exactly.
Check for Internet Options -> Connections -> Lan settings and see if "Automatically
detect settings" is checked.Also do an nslookup on wpad.net and see what IP comes back. For reference both my office machine and home systems all report 127.0.0.1 for wpad.net
Disabled in IE but enabled in Edge. I disabled it in Edge and it still sends alerts.
C:\Users\User>ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\User>nslookup Default Server: UnKnown Address: 10.254.101.1 > wpad.net Server: UnKnown Address: 10.254.101.1 Non-authoritative answer: Name: wpad.net.chestnut.net Address: 209.15.13.134 >Ewww... Sounds like something is hijacking your DNS, potentially. Check from another computer and see what nslookup reports.
-
@dafyre said in WPAD alert:
Ewww... Sounds like something is hijacking your DNS, potentially. Check from another computer and see what nslookup reports.
There are no other computers on that network normally. I will get a laptop online to test at some point tomorrow.
For now, I added a static host mapping in the router for wpad.net and wpad.net.chestnut.net pointing to 127.0.0.1
-
Avast is the only thing on the system that catches this. I installed MBAM (trial) and Webroot after these alerts started and neither find anything.
Anyone have another suggestion?
I cannot believe there is nothing on the machine.
-
@JaredBusch could try hitmanpro and adwcleaner to double check..
