strange DNS cache entries

[cammy]

Hi

While looking for a solution to another DNS issue, I discovered a load of worrying looking entries in my windows dns cache. There were hundreds of these nonsense entries:

Windows IP Configuration

    mzzdtglfljscaqwsljzkvtcdqmzuc.org
    ----------------------------------------
    Name does not exist.


    mnkfknckjvfegmobscexkpswkr.ru
    ----------------------------------------
    Name does not exist.


    gaufulrxmfdmorujzxkbjpf.ru
    ----------------------------------------
    Name does not exist.


    ijshmxofijvcpduuofyscmrifp.ru
    ----------------------------------------
    Name does not exist.


    rjbnfuwkjfahmxqcusgzdkfey.ru
    ----------------------------------------
    Name does not exist.


    gedzluczdwchfuuweucduxgjfhu.info
    ----------------------------------------
    Name does not exist.


    mxlruknfbqpjypxwtyxxszlfa.org
    ----------------------------------------
    Name does not exist.


    bezpbeypvocynbhizzddiyjfpzp.org
    ----------------------------------------
    Name does not exist.


    lbqkhqteqrsgyhixvtirhwsnz.org
    ----------------------------------------
    Name does not exist.


    cezhjzskhmztxsemjfxgkjea.ru
    ----------------------------------------
    Name does not exist.


    ypkftgdyhqohgaldvcijmfeqau.com
    ----------------------------------------
    Name does not exist.


    yymrdeymnmjcqrcyzpyauhuc.net
    ----------------------------------------
    Name does not exist.

Do I have something nasty on my machine or is my antivirus adding these records? I've not seen any other side-effects of possible infection. After clearing my cache, the entries slowly re-appear.

Would appreciate any ideas.

Thanks

Cammy

 

[cammy]

Possibly caused by a hidden iexplore.exe process running in the background after I was "testing" a malicious link in a spoofed email yesterday.

After killing the ie process and restarting ie, I've not been able to recreate.

Cammy

 

[cammy]

Cancel my previous post

Located in C:\Users\cammy\AppData\Roaming\Geje\yfnyu.exe

Behaviour seems to involve the program looking up a huge list of internet sites resulting in pollution in the DNS cache - as shown previously.

There is also another suspicious looking exe in my appdata folder:

C:\Users\cammy\AppData\Roaming\Bezyi\uqtuy.exe

Not sure what this does and reluctant to execute it for obvious reasons.

Possible source could be a spoofed email from salesforce which linked to malcious content. A moment of utter brain-fade on my part as I should have investigated the risk in a sandbox...

FYI - my antivirus is Vipre - Defs 12568 and neither of these threats were detected.

Cheers

Cammy

 

[Noway2]

Possible source could be a spoofed email from salesforce which linked to malcious content

My initial thought when I saw the domains was that they look like the spoofed junk domains that are typical in spam. I think a lot of it is caused by the Conficker worm and it's variants.